Support-Info: (CONNECTORS): Failed to create ADMA (Receiving error 80230910)
2 minutes to read
Microsoft Identity Manager 2016 Service Pack 1
Active Directory Management Agent (ADMA)
The product involved in this solution was MI 2016 SP1; however, it is important to note that this issue can occur with the other Identity Management products that use an Active Directory Management Agent. For example:
Forefront Identity Manager 2010, R2, R2 SP1
Azure AD Connect Sync
PROBLEM SCENARIO DESCRIPTION
Attempting to create an Active Directory Management Agent in the Synchronization Service Engine an LDAP Error is received that provides just the number 80230910.
“Sequence expected but class:UNIVERSAL(0) primitive tag:5 was unexpected”
Troubleshooting Tools Utilized
Network Capture Tool (Network Monitor 3.4 or WireShark)
The cause of this issue, is because the Person class had be instantiated, it becomes structural. According to the RFC 4512 Standard ((https://tools.ietf.org/html/rfc4512#section-2.4), you cannot have an Auxiliary Class be a SubClassOf a Structural Class.
EXAMPLES OF THE PROBLEM
dn: CN=Person,CN=Schema,CN=Configuration,DC=contoso,DC=comsubClassOf: topobjectClassCategory: 0 (NOTE: 0 should not be used)
From RFC 4512: “Auxiliary object classes cannot subclass structural object classes.” RFC 4512 section 2.4.3 talks about this information.As per standards, auxiliary classes in AD have to be created so that its parent class is always TOP and not any other class to be compliant.You can see more information from the link: https://tools.ietf.org/html/rfc4512#section-2.4
Remove the Custom Auxiliary Class from any ObjectTypes it may be associated
Disable the Custom Auxiliary Class by setting the isDefunct Property to True.