15
Views
3
Comments
Solved
[Active Directory Library] MssAD_CreateUser: Exception has been thrown by the target of an invocation.
Question
active-directory-lib
Service icon
Forge component by Renato Pauleta
Application Type
Service

When trying to create a user we've been getting the error ": Exception has been thrown by the target of an invocation.". We've done some debugging and found that this is trown in the following piece of code:

userEntry.Invoke("SetPassword", new object[] { ssPassword }); (Line 1150 of ActiveDirectory_Ext.cs)

The full Exception reads as follows:

System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.Runtime.InteropServices.COMException: The RPC server is unavailable. (Exception from HRESULT: 0x800706BA)

   --- End of inner exception stack trace ---

   at System.DirectoryServices.DirectoryEntry.Invoke(String methodName, Object[] args)

   at OutSystems.NssActiveDirectory_Ext.CssActiveDirectory_Ext.MssAD_CreateUser(RCADUserRecord ssADUser, Boolean ssPasswordNeverExpires, String ssParentGroupDN, String& ssUserDN, String& ssPassword, Boolean& ssSuccess, RCADResultRecord& ssResult)

We've been looking at this with our network and AD engineers but have yet to find a solution. Is there something we're missing in our setup?

Note that the app does create the user, but fails at setting a password and enabling the user (the latter I assume is because this would be called after the Invoke SetPassword).

Any help or insights would be immensely appreciated.

KR,

Nils

Solution

Hi Renato,

It appeared that for the service account used when connecting to AD/LDAP we needed to use the full UPN and not just the username. This might be something worth adding to the component's documentation though.

Hi Nils,

Apologies for the late reply.

This issue could be several things. Microsoft suggests that you look at the event viewer in the AD server to check if there's additional information that could point us in the right direction: https://learn.microsoft.com/en-us/troubleshoot/azure/active-directory/rpc-errors-affecting-aadconnect


Things like the RPC not being entirely setup or the password not meeting the policy requirements can cause this error.

Solution

Hi Renato,

It appeared that for the service account used when connecting to AD/LDAP we needed to use the full UPN and not just the username. This might be something worth adding to the component's documentation though.

Thanks for the update Nils. It makes sense.

Thanks.

Community GuidelinesBe kind and respectful, give credit to the original source of content, and search for duplicates before posting.