When using Active Roles to pass a creation request to Active Directory which does not meet Active Directory requirements (such as, for example, password policy requirements), Active Roles will receive an error message and the account is not created.
Active Directory audit logs will show that a user object was created and then deleted.
Active Roles logging will not show any deletion request, only the creation request.
In order to fulfil a User object creation request, Active Directory first creates a temporary User account and then attempts to apply the information from the creation request into it. If the creation request is invalid, an error message is returned and the temporary user account is automatically deleted.
For more information and documentation on expected Active Directory client behaviour, please contact Microsoft.
© 2023 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center