-
Title
Active Directory audit logs show a delete following an unsuccessful User object creation attempt -
Description
When using Active Roles to pass a creation request to Active Directory which does not meet Active Directory requirements (such as, for example, password policy requirements), Active Roles will receive an error message and the account is not created.
Active Directory audit logs will show that a user object was created and then deleted.
Active Roles logging will not show any deletion request, only the creation request.
-
Cause
This is expected functionality. -
Resolution
In order to fulfil a User object creation request, Active Directory first creates a temporary User account and then attempts to apply the information from the creation request into it. If the creation request is invalid, an error message is returned and the temporary user account is automatically deleted.
For more information and documentation on expected Active Directory client behaviour, please contact Microsoft.