Enterprise app provision error

Question

Enterprise app provision error

Alok Singh 1

When creating user from Workday to Active Directory, getting below error in provision audit logs. Please help me on this issue.

Failed to update Worker 'xxx' in On Premises Active Directory; Error: UnwillingToPerform-SvcErr: The server cannot handle directory requests.. The directory service cannot perform the requested operation on the RDN attribute of an object. \nError Details: Problem 5003 - WILL_NOT_PERFORM. This operation was retried 3 times. It will be retried again after this date: 2022-07-30T07:26:46.3710536Z UTC

More details- Newly created user is always sync with old user which is already exist in AD.

1 answer

Your answer

Answer 1

Jess Astorga 111 Microsoft Employee

Hello Alok,

Thank you for the details provided, the messages "UnwillingToPerform-SvcErr: The server cannot handle directory requests" and "Problem 5003 - WILL_NOT_PERFORM messages" indicate that there's an operation being sent to Active Directory that is invalid.

Updating RDN attribute is currently unsupported and will cause the error message you've experienced, the resolution for this issue is to either remove the attribute from the mappings or apply the mapping "Only during object creation".

If you would like to take a deeper look at the behavior and discuss the resolution, I would recommend creating a support case and include the application ID and the same sample provided on this forum.

Thanks!

-Jessie

JamesTran-MSFT 36,911 Reputation points Microsoft Employee Moderator

2022-08-01T16:52:41.677+00:00

@Alok Singh
I just wanted to check in and see if you had any other questions or if you were able to resolve this issue?
Alok Singh 1 Reputation point

2022-08-23T06:15:52.247+00:00

Thanks for reply @JessieAstorga-0740

This issue probably comes when I tried to change exist account in workday. Let's take example of a user Alok Singh- suppose I want to change user last name like Alok Kumar, then it will not get update in AD side and pop up this error in logs. I hope you understand the scenario.

one more scenario which worked for me if I will inserts in last name "kumar1" in WD side then it will get update in AD side.
Alok Singh 1 Reputation point

2022-08-23T06:17:53.427+00:00

@JamesTran-MSFT it can be fixed as alternate as posted in below. but I don't think so this is correct way to fix this kind of issue. So please help me to find the correct solution.
Jess Astorga 111 Reputation points Microsoft Employee

2022-08-23T22:35:08.573+00:00

Hello @Alok Singh ,

Thank you for following up. It's my understanding that for Inbound sync applications, certain attributes in the mappings must be configured to be "Only during object creation" due to Active Directory specifics. However due to the additional scenario you've mentioned I believe it would be best to engage our support team for an engineer to assist you in reviewing the logs for these events you've mentioned separately and confirm what the difference between those scenarios is.

-Jessie
JamesTran-MSFT 36,911 Reputation points Microsoft Employee Moderator

2022-08-26T16:12:01.14+00:00

@Alok Singh
I just wanted to check in and see if you had any other questions or if you had a chance to review Jessie's response?
JamesTran-MSFT 36,911 Reputation points Microsoft Employee Moderator

2022-08-29T16:33:51.333+00:00

@Alok Singh
Since it's been a few days, I just wanted to check in and see if you had any other questions?

Share via

Enterprise app provision error

1 answer

Your answer