System Center Orchestrator 2012 - Create User failed


  • Dear TechNet Users,

    i have a problem with my "Create New User" Runbook. I´ve installed the Active Directory integration Pack. And configured the AD. But i´m not sure how to configure the "Configuration Default Parent Container" ...

    i use the following parameters: CN=Users,DC=mydomain,DC=local

    are these parameters incorrect?

    Logifle Error: unknown exception cought

    any ideas?

    Tuesday, October 08, 2013 1:40 PM


  • ok i have found the error. unkown caught exception arises when the domain password policies are not adhered to.

    thx 4 all your help!

    Friday, October 11, 2013 9:07 AM

All replies

  • Hi,

    the format for the DN seems to be correct. Has the account configured in the Connection access to create Users in the Container Users in this Domain? The Container Name is "Users" or something like "Benutzer" ?

    Which is the Common Error message of the Activity in tab "LogHistory", "unknown exception caught" ?


    Stefan , Blog

    Tuesday, October 08, 2013 2:18 PM
  • Yes, i checked the container "users" and the attributes are correct. At first initialized data succeed and then the error message of Create User in the loghistory is "uknown exception caught".

    my domain admin user has full access in the security settings

    could it be because of a false integration pack for the active directory?
    Tuesday, October 08, 2013 2:23 PM
  • Hello,

    do you use the SP1 Version from System_Center_2012_SP1_Integration_Packs.EXE avaliable here


    Stefan , Blog

    Tuesday, October 08, 2013 5:02 PM
  • yes i use the SP1 Version

    and in this case (OU=Users)  i´ll get the following error:

    The parent path 'OU=Users,DC=adessolab,DC=
    local' was not found.

    Exception: AdParentPathNotFoundException
    Target site: LdapUser.CreateNew

    Stack trace:
       at Microsoft.Accelerators.ActiveDirectoryCore.LdapUser.CreateNew(ISafeDirectoryFactory factory, DistinguishedName distinguishedName, String samAccountName)
       at Microsoft.Accelerators.ActiveDirectoryCore.LdapDirectory.CreateNewUser(DistinguishedName distinguishedName, String samAccountName)
       at Microsoft.Accelerators.ActiveDirectoryCore.LdapDirectory.CreateNewUser(DistinguishedName distinguishedName)
       at Microsoft.SystemCenter.IntegrationPack.ActiveDirectory.Execution.CreateUserExecutor.CreateExecutionObject(ILdapDirectory ldapDirectory)
       at Microsoft.SystemCenter.IntegrationPack.ActiveDirectory.Execution.AExecutor.Execute()
       at Microsoft.SystemCenter.IntegrationPack.ActiveDirectory.Execution.ActiveDirectoryProgram.ExecuteProxy(ExecutionProxy proxy)
       at Microsoft.SystemCenter.IntegrationPack.ActiveDirectory.AActiveDirectoryActivity.Execute(IActivityRequest request, IActivityResponse response)

    Wednesday, October 09, 2013 8:25 AM
  • Because, "Users" is a Container (CN) :-). "CN=Users,DC=adessolab,DC=local" is quite correct for Domain adessolab.local.

    Do other Activties like "Get User" work? , Blog

    Wednesday, October 09, 2013 9:48 AM
  • Get User works ... i configured a get user filter with Last Name, Relation "starts with", Value "Muster" .... the result is my testuser "max.mustermann".

    and at the create user Runbook i get still the same error : unknown exception caught

    Wednesday, October 09, 2013 10:31 AM
  • Hi, May be you have missing some parameter for Create user activity:

    they only required properties the Common Name, and rest of properties are optional but must entered in correct format

    Regards, Ibrahim Hamdy

    Wednesday, October 09, 2013 11:10 AM
  • this is my Runbook:

    Initialize Data: i create 5 string parameters

    activity ID (4 service manager)





    Create User: i create 4 properties

    Common name --> subscribe published data --> UserAlias

    First name --> subscribe published data --> UserFN

    Last name --> subscribe published data --> UserLN

    Password --> subscribe published data --> UserPassword

    Enable User: i create 1 properties

    Distinguished Name subscribe published data --> Create User

    Update Object (service manager)

    Wednesday, October 09, 2013 11:19 AM
  • Hi,

    Can you check "Create User" with constant values?

    If you run "Get User" which is the Value for Distinguished Name if you append that Published Data to a text file for example?

    I can't reproduce the error "unknown exception caught"  with missing or misconfigured parameters. Perhaps a redeployment of the AD IP helps.


    Stefan , Blog

    Wednesday, October 09, 2013 12:10 PM
  • what do you mean with redeployment of the AD IP?
    Wednesday, October 09, 2013 12:53 PM
  • Re-Install of the Integration Pack with Deployment Manager , Blog

    Wednesday, October 09, 2013 1:14 PM
  • after redeployment i´ll get another error:

    The configuration "adessolab.local" could not be found.

    the FQDN from my DC is: AMSCDC01.adessolab.local .... can I test the connection to the domain in another way?

    Wednesday, October 09, 2013 1:42 PM
  • Check that the connection in the Activity exists in the config for the IP (menu Options/Active Directory).

    Perhaps specify a new connection an choose this in the Activity. , Blog

    Wednesday, October 09, 2013 2:16 PM
  • i removed the connection in the activity options, added a new one. but still the same error

    "The configuration "adessolab.local" could not be found"

    but the server is logged on in the domain

    Thursday, October 10, 2013 9:01 AM
  • i´ve done this configuration completely new. I oriented myself in this video and I get back the error "unknown exception caught"

    when i test the runbook, the user is created but disabled...
    Friday, October 11, 2013 8:28 AM
  • ok i have found the error. unkown caught exception arises when the domain password policies are not adhered to.

    thx 4 all your help!

    Friday, October 11, 2013 9:07 AM
  • Hello everybody!

    I had the same error in Orchestrator Reset User Password activity, "Unknown exception caught".

    I was resetting the password from an Orchestrator that was located in another domain, with no trust relationships. Funny thing was, that several other activities (Add User to Group, Unlock User etc) were working just fine, but very slowly.

    The problem was that port 464 was closed. That is needed for password resets. When our firewall guy checked the traffic, everything else was working because ldap was allowed. 

    Now the ports are opened from the Orch servers to the other domain's DC Controllers according to and as a bonus, everything speeded up radically. Why, you ask? Well, the connection does work with ldap most of the time, but when native Kerberos and RPC ports were opened, no fallback protocols were needed anymore ;-)

    Wednesday, June 25, 2014 9:01 AM
  • Ran into the same issue, thanks for the help :)
    Monday, March 02, 2015 9:29 PM