SSPR - Unlock User - No policy grants the Requestor permission to complete all changes.

All Replies

• Friday, January 04, 2013 10:03 AM

   

   
  

  0

  You need to update the MPR for Administration: Administrators can read and update Users and under the Target Resources tab, add the Attribute GateData in the Attributes Box.

  If you are doing this through the Sync Engine, also do the same in the MPR Synchronization: Synchronization account controls users it synchronizes

  That should solve the problem.

  You need to do this for all the attributes you get the error for. FIM does not give all the attributes that it fails with insufficient rights, it fails at the first attribute, so once you have solved this attribute there may be others generating the same error. So watchout for that Attributes: GateData it may change, so any attribute that fails you need to follow the above streps.

  • Reply
  • Quote

   
• Friday, January 04, 2013 10:15 AM

   

   
  

  0

  i have done both, and i am still getting the same error at GateData attribute

  Error processing your request: The operation was rejected because of access control policies.
  Reason: The operation failed as a result of insufficient access rights.
  Attributes: GateData
  Correlation Id: b981f055-b1c6-4b4a-bcff-9bf68862d63a
  Request Id: 
  Details: No policy grants the Requestor permission to complete all changes.
  

  • Edited by ygulsen Friday, January 04, 2013 10:16 AM
  •  
  • Reply
  • Quote

   
• Saturday, January 05, 2013 10:13 PM

   

   
  

  0
  Ok my bad :) I may have pointed out the wrong MPRs :) Sorry for that. Have you enabled the following MPRs “Password reset users can update the lockout attribute of themselves” “Password reset users can read password reset objects” “Users can create registration objects for themselves” Also check out the following link for password reset deployment guide. http://technet.microsoft.com/en-us/library/ee534892(v=ws.10).aspx Hope this helps.
  • Reply
  • Quote