-
Title
LDAP_INSUFFICIENT_RIGHTS error while moving a computer -
Description
In Quest Resource Updating Manager, a workstation is moved from source domain to target successfully, but upon reviewing the logs an error similar to the following is found:
Error The request is not supported. The user has insufficient access rights (LDAP_INSUFFICIENT_RIGHTS). Cannot delete the entry, dn: 'CN=SERVER01,CN=Computers,DC=domain,DC=company,DC=com'. (ldap_delete_ext_s). -
Cause
This error is caused by lack of rights on the source domain for the account used by Resource Updating Manager. When the option to "preserve computer account in the source domain" is unselected, Resource Updating Manager attempts to delete the computer account in the source domain. If the rights are not sufficient, above error is logged.
-
Resolution
In order to resolve this problem either enable the option to "preserve computer account in the source domain" or use the following procedure:
- In Resource Updating Manager, right click-the list of computers and select Add
- add the domain controller used by resource updating manager in the source domain to the list (or all DCs)
- right-click the DC in the list and use "Set credentials" to specify an account with administrative rights in the source domain (including the rights to delete object in OU referenced in the error)
When this is done RUM will be using this account while communication to source domain DCs and the attempt to delete a computer account should be successful.