getting insufficient rights error and LDAP error more frequently while using QMM to sync attributes and password across tenants.
Hello Alex,
thanks for replying back. just checked and found that the server where DSA agent is installed is able to ping DC's. i restarted the Quest Directory Synchronization Agent Configurator Service. now i feel the LDAP 0X51 error isnt there anymore.
but getting the below error more frequent now.
Error 0xe1000040. Per attribute apply failed for object <GUID=84739EA5045348428E61918FA5EB8387> Error 0xe1000041. Apply of attribute extensionAttribute13 with value(s) = ID:4953E744F1A6C74C9A32DAEB13D93DB8/CF:/A: failed. LDAP error 0x32. Insufficient Rights (00002098: SecErr: DSID-031514A0, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0 ). Error 0xe1000041. Apply of attribute extensionAttribute14 with value(s) = 06DAC9C5E95A8647A54226CC788D369C failed. LDAP error 0x32. Insufficient Rights (00002098: SecErr: DSID-031514A0, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0 ). Error 0xe1000041. Apply of attribute userAccountControl with value(s) = 512 failed. LDAP error 0x32. Insufficient Rights (00002098: SecErr: DSID-031514A0, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0 ).
Glad to help. That being said, Everything that says "insufficient rights" means one of two things: either the account is wrong, permissions are insufficient so you need to correct that, or something else in the environment (antivirus, security, etc.) is stopping the tool from doing its job.
One possibility from the KB is https://support.quest.com/migration-manager-for-ad/kb/4297299 - it's on a Read Only DC. If it isn't "really" a RODC, then something in the DC is not allowing the changes to be made. We'd need to deal with that.
Another possibility is that it's an old unpatched DC as in https://support.quest.com/kb/4351651. or something as simple as that you forgot to add the permissions as in https://support.quest.com/migration-manager-for-ad/kb/4292311 for example.
The best thing to do is to look for the error message, within quotes, and site:support.quest.com on Google and search the KB that way. At least you can try all the different solutions (and document them) - and if it doesn't work, you can open a ticket with the documented steps and get it sorted a lot faster.
Apologies Alex for the trouble.
it says my support subscription expired to view the premium content. will you be okay to send screenshot or the steps mentioned in the above 3 KBs which you sent. our quest subsciption is only for using QMM. we are not performing any on demand migrations.
If you have a Quest subscription for QMM you should be able to see the KB. Open a support ticket to update your contact info if necessary.
