The <event> element contains information about changes to
a password.
None.
The tree shows the ordering and number of child elements. Child
elements in a Sequence must appear in the order given and
child elements in a Choice are mutually exclusive.
Sequences and Choices can be nested. Element names
are followed by the minimum and maximum occurrences.
| Value |
Description |
| access-denied |
The account that is calling this method is not a member of the
MIISPasswordChange group. Only members of this group can change the
password. |
| bad-password |
The specified OldPassword parameter does not match the password
for the account. Verify that you are using the correct password for
this parameter. |
| ma-access-denied |
The account with the management agent does not have the right
to set the password. Verify that the account to run the management
agent is a member of the MIISPasswordChange group. |
| ma-credentials-failure |
The management agent was unable to log on to the connected
directory using the stored credentials. Verify that the management
agent credentials are correct. For more information about
configuring Active Directory management agent credentials, see
"Connect to an Active Directory Forest" in the Microsoft Identity
Integration Server 2003 Help. For more information about
configuring the credentials for the management agent for Sun ONE
Directory Server 5.1 (formerly iPlanet Directory Server) and
Netscape Directory Server 6.1, see "Specify logon information" in
the Microsoft Identity Integration Server 2003 Help. |
| ma-encryption-not-enabled |
The management agent did not set the password because 128-bit
encryption has not been configured on the connection used by the
management agent to communicate with the connected directory.
Enable this encryption on your network. |
| ma-feature-not-supported |
The management agent does not support password changes. |
| ma-object-type-not-supported |
The management agent does not support password changes on this
object type. |
| new-password-violate-policy |
The specified new password does not comply with the password
policy set by the administrator. Verify that the new password
complies with the password policy set by the administrator. |
| new-password-ill-formed |
The specified new password cannot be used as a password because
the parameter contains characters that cannot be entered from a
keyboard. Verify that the new password parameter contains only
characters that can be entered from a keyboard. |
| object-newly-provisioned |
The object has been provisioned as a new object but the object
has not been created in the connected directory. You cannot perform
password operations until the object has been exported to the
connected directory. |
| object-not-found |
The object has been deleted from the server. |
| password-sync-disabled |
The password synchronization setting for the specified
management agent is not enabled. Enable password synchronization
for the specified management agent. |
| partition-not-configured |
The specified object is in a partition that has not yet been
configured. Configure the partition with Identity Manager. For more
information about configuring an Active Directory partition, see
"Configure directory partitions" in the Microsoft Identity
Integration Server 2003 Help. |
| server-down |
The Microsoft Identity Integration Server 2003 server
could not connect to the server containing the partition for the
object. Verify that the server containing the partition is running
and connected to the network. |
| time-difference-at-dc |
The new password cannot be set because the time indicated on
the Microsoft Identity Integration server is greater than five
minutes from the time indicated on the Active Directory server. By
default, the time difference between servers must be less than or
equal to five minutes. Synchronize the times between the
servers. |