Active Roles

onPostRename Started when unlocking AD Account

Hi, I've installed the new ARS 7.0.3.2320 version, old version is 6.7.0. I am using the exact same scripts for the new version.

When I am now unlock a locked account over ARS web, the event viewer on the ARS server shows:

operation: modification on object, Attributes :edsaAccountLockedOut False.
next task --> Policy: onPreModify started --> should be OK I assume
next task --> Policy: onPreModify ended --> should be also OK I assume, operation should be finished now.
next task --> Policy: onPostRename started --> WHY??????
next task --> Operation, which should only run when renaming the account
next task --> Policy: onPreModify started --> ARS web is freezing and looping through above steps until Error: The 'Script Execution' policy encountered an error when running the script 'User-Management'. User-Management(986, 9) : Error 0x80131600

So, I really don't understand why ARS is starting the onPostRename when unlocking an account. 

I would really appreciate it if someone could point me in the right direction to solve this issue.

Regards,
Micha

  • does it cause any issue?
    You may open support case to ask devs on the event trace, you question.
  • I tested in my lab, and I'm not getting an onPostRename event when unlocking an account.

    This suggests that there may be a custom Workflow or policy script which is performing a rename operation and triggering the event.

    If there is a test Organizational Unit where you can reproduce this issue, I suggest disabling the Policies linked to that Organizational Unit one at a time. Trigger the event, and check the logs to see if the onPostRename occurs. If it does not, re-enable the Policy and move on to the next one. If none of the Policies are causing the issue, do the same with your Workflows. Once you determine which Policy or Workflow is causing the event, you'll be in a much better spot.
  • Hi Terrance

    I really struggled with this topic for the past few days, I've now disabled all user management scripts and policies and just writing in the eventlog for each ARS "on...." event.

    But it is still the same, when enabling or unlocking an account, it begins with event "onPreModify", and then jumping directly to the event "onPostRename", then to "onPostModify". After those steps the "Operation" is following.

    I also don't really understand what could trigger the "onPostRename" event.

    Thanks for your help.
    Micha
  • Micha,

    This has recently come to light as a reproducible product defect.

    Title: OnPostRename event trigger unexpectedly being fired by modification operation
    Solution Number: 251854
    URL: support.oneidentity.com/.../251854

    This link should be live within one hour.

    We are currently tracking this issue as Defect ID 742039. It will not be fixed in Active Roles 7.0.3, as that version is End of Life and soon to be Discontinued.

    For your reference:
    support.oneidentity.com/.../noti-00000111

    I suggest upgrading to Active Roles 7.2.1. When there is a patch for this issue, it will be available in that version.