I expect the policy hasn't completely applied yet. Can you control the process used by the metadirectory software for object creation? If so, have it create the object in the way specified below. The alternative is to create it with the useraccountcontrol flagged to allow the account to not have a password. Then after the initial object create set a password and change useraccountcontrol to 512. I highly recommend creating it disabled and then setting the password and then setting the useraccountcontrol to 512 though. It is more obvious if something gets dropped and not handled properly.
joe -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mayuresh Kshirsagar Sent: Monday, June 27, 2005 9:56 PM To: [email protected] Subject: Re: [ActiveDir] Error while adding user to AD I set the Domain Security policy to be a password length policy. i set the minimum length to be 8. still i am able to provision using a different server. am i missing something? ----- Original Message ----- From: "Mayuresh Kshirsagar" <[EMAIL PROTECTED]> To: <[email protected]> Sent: Tuesday, June 28, 2005 7:19 AM Subject: Re: [ActiveDir] Error while adding user to AD > Thanks a lots Joe. I'll try this out. > > One more query. After I've changed my password policy, they dont seem to be > reflected immediately. how can i force it? > > ----- Original Message ----- > From: "joe" <[EMAIL PROTECTED]> > To: <[email protected]> > Sent: Tuesday, June 28, 2005 5:38 AM > Subject: RE: [ActiveDir] Error while adding user to AD > > > > That DSID can pop up when an account is improperly created. I.E. Someone > is > > trying to set the account enabled in the actual creation of the account > when > > there is password length policy. > > > > If you have a password length policy you need to create the account > > disabled, then set a password, then enable it. > > > > It sounds like the meta directory product doesn't know how to properly > > create an account in AD. > > > > > > > > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Mayuresh > Kshirsagar > > Sent: Monday, June 27, 2005 7:42 PM > > To: [email protected] > > Subject: Re: [ActiveDir] Error while adding user to AD > > > > Active Directory password policy was set as follows: > > > > Policy Setting > > Enforce password history 0 passwords remembered Maximum password age 999 > > days Minimum password age 0 days Minimum password length 8 characters > > Password must meet complexity requirements Disabled Store passwords using > > reversible encryption Disabled Provisioning new accounts failed even > though > > our passwords are longer than 8 characters. > > > > When modifying the policy to a minimum length of 0 characters provisioning > > works. > > > > Any pointers of how this happened? > > > > Regards, > > Mayuresh > > > > > > ----- Original Message ----- > > From: "Gil Kirkpatrick" <[EMAIL PROTECTED]> > > To: <[email protected]> > > Sent: Tuesday, June 28, 2005 4:57 AM > > Subject: RE: [ActiveDir] Error while adding user to AD > > > > > > This sort of error happens when the user you are provisioning doesn't meet > > all the policy requirements in AD. Make sure all the required attributes > are > > set properly, and make sure that the password assigned to the user object > > meets the current domain complexity requirements. > > > > -gil > > > > ________________________________ > > > > From: [EMAIL PROTECTED] on behalf of Mayuresh Kshirsagar > > Sent: Mon 6/27/2005 4:09 PM > > To: [email protected] > > Subject: [ActiveDir] Error while adding user to AD > > > > > > > > Hi, > > > > I am using a meta directory to provision a new user in AD. But while > adding > > the user, I am getting the following error: > > > > Server_Info='0000052D: SvcErr: DSID-031A0B56, problem 5003 > > (WILL_NOT_PERFORM), data 0 > > > > Can you guide me as to how can I detect and eliminate the cause of it > > please. > > > > Thanks, > > Mayuresh > > > > List info : http://www.activedir.org/List.aspx > > List FAQ : http://www.activedir.org/ListFAQ.aspx > > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > List info : http://www.activedir.org/List.aspx > > List FAQ : http://www.activedir.org/ListFAQ.aspx > > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > List info : http://www.activedir.org/List.aspx > > List FAQ : http://www.activedir.org/ListFAQ.aspx > > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
