Error appears when updating Active Directory password in Active Directory event in workflow
kbt137441
PRODUCTK2 blackpearl 4.6.11 to 4.7
BASED ONK2 blackpearl 4.6.11
TAGSActive Directory
This article was created in response to a support issue logged with K2. The content may include typographical errors and may be revised at any time without notice. This article is not considered official documentation for K2 software and is provided "as is" with no warranties.
LEGACY/ARCHIVED CONTENT
This article has been archived, and/or refers to legacy products, components or features. The content in this article is offered "as is" and will no longer be updated. Archived content is provided for reference purposes only. This content does not infer that the product, component or feature is supported, or that the product, component or feature will continue to function as described herein.
Issue
When a workflows process instance reaches an Active Directory event which tries to update a users password, the process instance stops with the following error appearing:
"User cannot be updated. An Active Directory error has occured."
Symptoms
- The process instance returns the following error at the Active Directory event: "LDAP_UNWILLING_TO_PERFORM Description Server cannot perform operation. ; ServiceName: Account Management Service."
- The Active Directory event is used to update a users' password.
- The same error appears when trying to update the users' password using the AD User SmartObject in SmartObjects Service Tester.
Troubleshooting Steps
- Check which account the Active Directory event is running as:
- Make sure that account is a member of the Account Operators group, or has the same permission as Account Operators.
- Check if your Active Directory has any specific password requirements, and make sure the password you are trying to update meets that requirement.
- Make sure that the user account you want to update is allowed to change the password in Active Directory. If the user account is new, and the option "User must change password at next logon" is checked, you should not be allowed to update the password as well until your user has logged into the domain and changed his/her password.