When attempting to create or modify a user account in Active Directory, the operation may fail with the following error message:
Error code 80072035: The server is unwilling to process the request
This error prevents the user account from being created or updated successfully.
The error typically occurs due to the following reasons:
Password policy violation: The password may not meet complexity requirements or is left blank.
Schema restrictions: Active Directory schema rules may be blocking the change.
Insufficient permissions: The service account may not be part of the account operator or may lack the delegated rights, such as being able to reset passwords, unlock accounts, or enable or disable users to perform user modifications.
Primary group conflict: You're attempting to remove a user from their primary group.
Prerequisites
Ensure the account used in ADManager Plus has sufficient administrative permissions, either as a domain admin or with delegated rights.
Verify the password complies with the domain policy (complexity, length, and history).
Ensure the domain controller is reachable and in a writable state, and that time is synchronized between ADManager Plus and the domain controller.
If LDAPS is enabled, confirm the domain controller has a valid SSL certificate.
Open Group Policy Management (gpmc.msc).
Navigate to Computer Configuration > Windows Settings > Security Settings > Account Policies > Password Policy.
Check if the password meets the following policy requirements:
Minimum password length
Password complexity requirements
Password history enforcement
If necessary, update the policy to align with business requirements.
Retry setting the password.
Log in to ADManager Plus.
Navigate to Reports > Group Reports > Member-based Reports > Group Members.
Select the domain and relevant group from which the user is being removed and click Generate.
Review the list of members and confirm whether the user is present in the group.
Open Active Directory Users and Computers (dsa.msc).
Locate the user and go to the Member Of tab.
Change the primary group of the user before removing them from their primary group.
Log in to ADManager Plus.
Navigate to Reports > User Reports > General Reports > Users with Duplicate Attributes .
Choose the domain and set the attribute to sAMAccountName.
If duplicates exist, rename one of the accounts to ensure uniqueness.
Modify only one account at a time to prevent conflicts.
Always use strong passwords that comply with policy settings.
Regularly check Group Policy settings to ensure they align with business needs.
If the issue persists, contact our support team here.