AD user creation fails in ADManager Plus with the error: Error in creating user, Object Already Exists

AD user creation fails in ADManager Plus with the error: Error in creating user, Object Already Exists

Issue description  

When creating new Active Directory (AD) accounts with ADManager Plus, users might encounter the error: Error in creating user, Object Already Exists, often accompanied by error code 8007202f. This error typically arises when an object with identical attributes, such as user principal name, email address, or SAM account name, already exists in AD.

Possible causes  

  • Duplicate attribute: The user principal name, email address, or SAM account name specified in the creation template already exists in AD.

  • Incorrect template configuration: The user creation template might not be configured to handle duplicate attributes.

Prerequisites  

  • Ensure you have administrative access to ADManager Plus.

  • Verify that the user creation template is correctly configured to handle duplicate usernames.

  • Ensure the service account is a member of the Account Operators group in AD.

Resolution 

Step 1: Verify AD for existing objects  

  1. Log into the ADManager Plus with your admin credentials.

  2. Use the search feature in the top right corner to look for users with the same username or attributes (e.g., email address) as the one you are trying to create.

  3. Check the search results to see if any existing users match the criteria.

  4. If an existing object is found, perform one of the following actions,

    • Delete the object: If the existing user is no longer needed, you can delete it. Be cautious when deleting objects to avoid data loss.

    • Rename the object: If the existing user needs to be retained, rename it to avoid conflicts. This can be done by modifying the username or other unique attributes.

 Step 2: Configure user creation template   

  1. Login to ADManager Plus.

  2. Go to Management > User Management > User Templates > User Creation Templates.

  3. Click Create New Template.

  4. Specify a name for the template, add a suitable description, and select the domain.

  5. Select Enable Drag-and-drop. Place your mouse pointer next to Logon Name and click Edit.

  6. Under Prevent Duplication, select Check for duplicates at Domain or Forest level.

  7. Select the Automatically append numbers from option and specify the starting number in the text box. Select the Advanced Settings to customize it further.

  8. Click Done.

  9. Click Save Template.  

Tips  

  • Regularly audit and remove inactive or duplicate objects from AD to prevent conflicts and enhance security.

Related topics and articles  

How to reach support

If the issue persists, contact our support team here

                  New to ADSelfService Plus?