Newly created users do not synchronize from eDirectory to Active Directory
(Last modified: 19Oct2005)
This document (10099372) is provided subject to the disclaimer at the end of this document.
symptom
Newly created users do not synchronize from eDirectory to Active Directory
fact
Nsure Identity Manager 2.0
Novell Active Directory Driver
Microsoft Windows 2000
symptom
LDAP_UNWILLING_TO_PERFORM
change
New users are created without passwords in eDirectory. The Active Directory policy requires password complexity. userAccountControl is set to 0 via a policy.
cause
When the domain password policies are not met the account will be created as an disabled account, trying to force the account to be enabled during the create, breaks the the security policy of Active directory. The account is therefore not created.
note
Message = <ldap-err ldap-rc="53" ldap-rc-name="LDAP_UNWILLING_TO_PERFORM">
<client-err ldap-rc="53" ldap-rc-name="LDAP_UNWILLING_TO_PERFORM">Unwilling To Perform</client-err>
<server-err>0000052D: SvcErr: DSID-031A0B56, problem 5003 (WILL_NOT_PERFORM), data 0</server-err>
<server-err-ex win32-rc="1325"/>
</ldap-err>
fix
The account controle should not be altered during the creation of the account.
To resolve this issue either create the account with a valid password. To meet the default password filter complexity the password must meet the the following criteria:
The default password filter (passfilt.dll) included with Windows 2000 requires that a password:
- Does not contain all or part of the user's account name
- Is at least six characters in length
- Contains characters from three of the following four categories:
- English upper case characters (A..Z)
- English lower case characters (a..z)
- Base 10 digits (0..9)
- Nonalphanumeric (For example, !,$#,%)
- English upper case characters (A..Z)
Complexity requirements are enforced upon password change or creation.
A second option is to disable the feature in Active Directory. The policy is set at : Computer Configuration\Windows Settings\Security Settings\Account Policies\Password Policy
document
| Document Title: | Newly created users do not synchronize from eDirectory to Active Directory |
| Document ID: | 10099372 |
| Solution ID: | NOVL103919 |
| Creation Date: | 18Oct2005 |
| Modified Date: | 19Oct2005 |
| Novell Product Class: | Novell Directory Services |
disclaimer
The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.
Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.