No announcement yet.

Unable to Save Active Directory Data...

  • Filter
  • Time
  • Show
Clear All
new posts

  • Unable to Save Active Directory Data...

    Hyena version 4.1
    Active Directory Mixed mode.

    We have six users with a mix of Win2K and XP. We all have admin privileges. At least once per day, sometimes more we try to change an attribute or password on a user and get the following error:

    "Unable to Save Active Directory Data. The server is unwilling to process the request. --Extended Error-- LDAP Provider: 0000052D: SvcErr: DSID-031A0B56, problem 5003 (WILL_NOT_PERFORM), data 0"

    We must open up the Windows tool "Active Directory Users and Computers" and change the settings.

    We have discovered some password discrepencies such as password length not being long enough but Hyena would not give us that error. That error only was displayed after bringing up the ADUC. Why wouldn't Hyena display that particular error?

    That is the only error that we have been able to identify. The other give us no indication as to why Hyena could not make those changes.

  • #2
    Re: Unable to Save Active Directory Data...

    Unfortunately, Active Directory does not appear to have any mechanism for reporting why an error happened. The ugly error that you are seeing is the only error formatting that Active Directory provides. In most cases, the reason for this error is the password. Active Directory refuses to accept a change to any attribute if the password already fails to meet complexity requirements. This usually happens when the password policy is changed (and it can change at a lot of levels) and the password for a given account has not been modified since the last change.

    If you get this error for a given account, see if you can try to change the password to a longer/more complex password. To do this, you will need to right click on the account, select Account Functions->Change Password. ONLY change the password. Then, see if the problem goes away. We are unable to work around this problem, as its a limitation of AD. One 'theory' is that if you modify the password AND change another attribute, is that we could try setting the password first, whereas right now we always change the password last. This causes a problem only if the password is already 'invalid' and you try to modify something else.
    Kevin Stanush
    SystemTools Software Inc.