This article was created in response to a support issue logged with K2. The content may include typographical errors and may be revised at any time without notice This article is not considered official documentation for K2 software and is provided “as is” with no warranties.

Issue

When a workflows process instance reaches an Active Directory event which tries to update a users password, the process instance stops with the following error appearing:

"User cannot be updated. An Active Directory error has occured."

Image

Symptoms

  • The process instance returns the following error at the Active Directory event: "LDAP_UNWILLING_TO_PERFORM Description Server cannot perform operation. ; ServiceName: Account Management Service."
  • The Active Directory event is used to update a users' password.
  • The same error appears when trying to update the users' password using the AD User SmartObject in SmartObjects Service Tester.

    Image

Troubleshooting Steps

  1. Check which account the Active Directory event is running as:

    Image

  2. Make sure that account is a member of the Account Operators group, or has the same permission as Account Operators.

    Image

  3. Check if your Active Directory has any specific password requirements, and make sure the password you are trying to update meets that requirement.

    Image

  4. Make sure that the user account you want to update is allowed to change the password in Active Directory. If the user account is new, and the option "User must change password at next logon" is checked, you should not be allowed to update the password as well until your user has logged into the domain and changed his/her password.

    Image