Error code 80072035: The server is unwilling to process the request

Error code 80072035: The server is unwilling to process the request

Issue description     

When attempting to create or modify a user account in Active Directory, the operation may fail with the following error message:

Error code 80072035: The server is unwilling to process the request

This error prevents the user account from being created or updated successfully.

Possible causes  

The error typically occurs due to the following reasons:

  1. Password policy violation: The password may not meet complexity requirements or is left blank.

  2. Schema restrictions: Active Directory schema rules may be blocking the change.

  3. Insufficient permissions: The service account may not be part of the account operator or may lack the delegated rights, such as being able to reset passwords, unlock accounts, or enable or disable users to perform user modifications.

  4. Primary group conflict: You're attempting to remove a user from their primary group.

 Prerequisites     

  • Ensure the account used in ADManager Plus has sufficient administrative permissions, either as a domain admin or with delegated rights.

  • Verify the password complies with the domain policy (complexity, length, and history).

  • Ensure the domain controller is reachable and in a writable state, and that time is synchronized between ADManager Plus and the domain controller.

  • If LDAPS is enabled, confirm the domain controller has a valid SSL certificate.

 Resolution     

 Step 1: Verify password policy compliance (in case of password reset issues)     

  1. Open Group Policy Management (gpmc.msc).

  2. Navigate to Computer Configuration > Windows Settings > Security Settings > Account Policies > Password Policy.

  3. Check if the password meets the following policy requirements:

    • Minimum password length

    • Password complexity requirements

    • Password history enforcement

  1. If necessary, update the policy to align with business requirements.

  2. Retry setting the password.

Step 2: Ensure the user exists before removing them from a group (in case of group modification)  

  1. Log in to ADManager Plus.

  2. Navigate to Reports > Group Reports > Member-based Reports > Group Members.

  3. Select the domain and relevant group from which the user is being removed and click Generate.

  4. Review the list of members and confirm whether the user is present in the group.

Step 3: Modify the primary group before removing (in case of group modification)  

  1. Open Active Directory Users and Computers (dsa.msc).

  2. Locate the user and go to the Member Of tab.

  3. Change the primary group of the user before removing them from their primary group.

Step 4: Check for a duplicate sAMAccountName (in case of account creation or modification)  

  1. Log in to ADManager Plus.

  2. Navigate to Reports > User Reports > General Reports > Users with Duplicate Attributes  .

  3. Choose the domain and set the attribute to sAMAccountName.

  4. If duplicates exist, rename one of the accounts to ensure uniqueness.

  5. Modify only one account at a time to prevent conflicts.

 Tips  

  • Always use strong passwords that comply with policy settings.

  • Regularly check Group Policy settings to ensure they align with business needs.

How to reach support  

If the issue persists, contact our support team here

                  New to ADSelfService Plus?

                    • Related Articles

                    • Error code: 80072035 - Error in setting the password, The server is unwilling to process the request.

                      Error : Error in setting the password, The server is unwilling to process the request. Possible Cause : This error occurs directly from AD and it could be due to any of the following conditions, An attempt to set a value for an attribute that does ...
                    • Error Code 78

                      Error Code 78: This function is not supported on this system Possible causes: The service account or domain admin account used in ADManager Plus doesn't have enough permission on the remote server path. The v6 profile is currently in use by a running ...
                    • Error Code : 8007001f

                      Error Code: When I create/modify a user, I get the following error " A device attached to the system is not functioning - Error Code : 8007001f " Possible Root Cause: The root cause could be the non-operational DC's present in the domain or network ...
                    • Error code: 8007200a

                      Error code: 8007200a Error: The specified directory service attribute or value does not exist. Possible Cause: 1. The error message occurs when there is an improper header specified in the CSV File. Request you to make sure exact LDAP headers are ...
                    • Error Code: 80072014

                      Error: Error in setting attributes Error Code: 80072014 Possible Root Cause: The requested operation did not satisfy one or more constraints associated with the class of the object. Resolution: This error may occur when attempting to import a CSV ...