|
| Published Date : 17 Jun 2016
Last Updated : 23 Jul 2024
Content Ref: TEC5212534
|
|
AD Sync fails to provision one or more users into RM Unify and you find the following error in the AD Sync log:
Error assigning User <username> (GUID) to Establishment Config - System.Runtime.InteropServices.COMException (0x80005000): Unknown error (0x80005000)
at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_AdsObject()
at System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne)
at System.DirectoryServices.DirectorySearcher.FindOne()
at RM.Networks.IdentityManagement.ADHelper.GetStringMultiValueAttribute(DirectoryEntry de, String attributeName)
at RM.Networks.IdentityManagement.ADHelper.IsGroupMember(String server, String groupDN, String memberDN, HashSet`1 searched)
at RM.Networks.IdentityManagement.ADHelper.IsGroupMember(String server, String groupDN, String memberDN, HashSet`1 searched)
at RM.Networks.IdentityManagement.DAL.Data.User.FindCorrectEstablishmentConfig(DBConnection conn, Dictionary`2 estMapping, Dictionary`2 estConfMapping, List`1 activeECs, Dictionary`2 servers). |
| This can occur when the affected user(s) have membership of a group with a slash (/ or \) in its name, e.g. Maintenance/Support Staff or if the group is within an OU containing a slash in its name, e.g. Users/Accounts. |
To workaround this issue, remove the affected user(s) from the group, or rename the group or OU. Use the following Windows® PowerShell commands to find those AD groups and OUs with '\' or '/' in the name:
- Get-ADgroup -filter {GroupCategory -eq "Security" -and Name -like "*\*" -or Name -like "*/*"}
- Get-ADOrganizationalUnit -filter {GroupCategory -eq "Security" -and Name -like "*\*" -or Name -like "*/*"}
|
| After addressing the users and their AD groups or OUs, the accounts should automatically provision in to RM Unify. If they do not, then it may be that a resync is required. Please refer to TEC5694616 in the Other Useful Articles section below. |
| If the provisioning issue is not resolved by a resync, it may be that AD Sync has already written the LDAP path into the local database, containing the '/' or '\' characters. If this is the case, AD Sync will be unable to process (move, update, delete) the database rows and a reinstall of AD Sync to a clean database will be required. Please see TEC5015612 in the Other Useful Articles section below for more information. |
| This issue only affects RM Unify AD Sync v3. |
|
|
If this article has not helped provide a solution then it is also possible to
log a call... |
| |
Document Keywords: ad, sync, ad, rmpassword, unify, ad, Adsync, backslash, forward, solidus, TEC5212534 |
|
|
|
Symptoms
