Cause: There are two reasons why this error could occur:
- End users trying to access any of the self-service features in ADSelfService Plus such as password reset or directory self-update need to be included in a self-service policy that provides access to those features. If they are not, they will get this error.
- Since ADSelfService Plus supports the creation of multiple self-service policies, a user may belong to two self-service policies, one of which doesn't provide permission to access the self-service features. In this case, the policy which provides the user access to the self-service feature must be given top priority.
Solution: Configure a self-service policy to include the user. Follow the steps below:
- Log in to the ADSelfService Plus admin portal.
- Go to Configuration > Self-Service > Policy Configuration.
- You can either create a new policy or edit an existing policy.
- Select the features you want to enable.
- Click the Select OUs/Groups button and select the OU or group the user is part of.
- Click OK and then Save Policy.
- To prioritize the policy, click the double arrow icon [] next to the Add New Policy button and reorder the policy as per your requirement.
Cause: When you add an Active Directory (AD) domain in ADSelfService Plus, you should provide an account that has Domain Admin privilege to carry out the self-service operations such as password reset and account unlock. If you haven’t configured an account or the account doesn’t have Domain Admin privilege, these errors will occur.
Solution: Configure the AD domain with Domain Admin privileges. Follow the steps below.
- Log in to the ADSelfService Plus admin portal.
- Click on Domain Settings in the top-right corner.
- Select the AD domain for which the users get this error and click the Edit icon under the Actions column.
- Select the Authentication checkbox.
- Enter the Domain Username and Password of an account that has Domain Admin privileges.
- Click Save.
Cause: This error will occur if you have exhausted the ADSelfService Plus license and a user who hasn’t been assigned a license tries to access the product.
Solution: Make sure you have enough free licenses for all the users in your organization. You can upgrade your license with more seats by contacting
sales@manageengine.com. To check for prices, visit our
online store.
You can also use the License Management > Restrict Users option under the Admin tab to manually or automatically restrict users, such as inactive and disabled users, to reclaim the licenses assigned to them and assign it to other users who need them.
Cause: The service account configured under the Domain settings might be locked out or its password might have expired.
Solution: Change the password of the service account, unlock it, or configure a new account with Domain Admin privilege for the AD domain under Domain Settings. To modify the domain settings:
- Log in to the ADSelfService Plus admin portal.
- Click on Domain Settings in the top-right corner.
- Select the AD domain for which the users get this error and click the Edit icon under the Actions column.
No such user account configured. Please try with different username/domain.
Cause: Since multiple Active Directory domains can be configured in a single ADSelfService Plus instance, the user might have selected the wrong domain in the login screen.
Solution: Make sure the user selects the correct domain in the login screen.
Cause: ADSelfService Plus can be configured to allow users to login using any unique AD attribute such as mobile and mail in place of sAMAccountName. This error appears when two or more users have the same value for the chosen login attribute.
Solution: Make sure the attribute you have configured can have only unique value for each user. You can configure unique attributes for login by following the steps below:
- Log in to the ADSelfService Plus admin portal.
- Go to Admin > Customize > Logon Settings.
- Under the General tab, click on the Select attribute list link next to Enable other unique attributes to log in to the product.
- Select attributes that can have only unique values for each user.