Getting error when creating user through flow Create User: An error has occurred: Access is denied

Hi can anyone help me on this Getting error when creating user through flow Create User: An error has occurred: Access is denied.

@ovidiuponoran Please have a look … I am just getting all the things but showing this error

@Vijay_RPA: are you refering to AzureActiveDirectory package or ActiveDirectory package?
Anyway, the user that you specify in the scope activity shall have the appropriate permissions in Active Directory to perform ‘create user’ action.

Please talk with your Active Directory admin to give you the needed permissions for the actions you want to implement in the workflow.

Hi @ovidiuponoran …Thanks for the quick response …I am talking about Active directory and I am able to create the user manually … i was worried facing this issue while doing automation

Hi @Vijay_RPA.

  1. Do you explicitly set a value in Active Directory Scope activity for Username, Password and ActiveDirectoryPath parameters? If you don’t, the credentials of the current logged in user are used to connect to the AD it belongs to. Under which user account is your Robot running?
  2. Have you tested other read or create/update/delete activities in the same workflow? Are they working fine?

I have set the active directory credentials from orchestrator . User account running on VM machine (same user). And also bot running on same user account
User exists kind of things working fine @ovidiuponoran

If read-activities like User Exists are working in the same workflow when using the same AD credentials, then access denied can happen only if the user specified in scope activity has no permissions to create new AD objects in the location (i.e. OU) you set in the Location parameter of the Create User activity. Use “Active Directory Explorer” tool to make sure you are providing the correct distinguished name for the OU where you want to create the user.


Thank you @ovidiuponoran will check that :slight_smile:

Hi @ovidiuponoran you are absolutely Right … Checked in Local Adding users to group working fine as it access denied error in VM … But coming to creating user its throwing below error . I think the same error some one posted in IT automation thread but no resolution there

Source: Create User

Message: An error has occurred: Unspecified error
Can you please help me on this

@ovidiuponoran Please find the screeshot and my workflow for reference

Craete new User (1).zip (19.4 KB)

Hi @Vijay_RPA That issue you’ve mentioned was solved in a private message exchanged having the reporter reviewing his workflow for preparing the user properties.

My suggestion is to take it step by step:

  1. Create the user without any properties, i.e. Create User’s Properties field is empty; if this works continue with the next steps;
  2. Add the properties one by one to see which one is causing the workflow to fail.

One observation: I had a quick look at your workflow and I didn’t understood why you set the SAMAccountName for the user to employee(“Reporting Manager”).ToString which is supposed to be his/her manager than the new user itself (and it is expected to already exists in AD). User’s common name seems to be well constructed, based on first and last name on the employee.

I cannot help you more than this. My recommendation is to open an official technical support ticket at , somebody shall help you.

1 Like

Thank you @ovidiuponoran … will check your suggestions and Thanks for the response … Cheers :slight_smile: … Good day

1 Like

How did you resolve this issue?

We have to see the hieararchy when adding the users to AD … Use AD explorer … If you want to add user and it properties …Based on OC DC … You have to assign … add properties one by one so you can avoid issues

Hello @ovidiuponoran, i am running into the same issue with “Set User Status”.
Set User Status: An error has occurred: Access is denied.

Testing this via a local project on my laptop.

I have correct rights on AD object to create/delete users.

@rvarga The error message says that the user account specified in Active Directory Scope activity does not have the permissions to perform that operation. Using the same user account, do the same operation from AD Explorer (AD Explorer - Windows Sysinternals | Microsoft Learn), I expect you will get a similar error.

CC: @andreioros

Hello @ovidiuponoran , Finally had the chance to test with AD-Explorer. I do get results back when I query AD.

This is not a permission issue. I am domain admin for an OU. The account is am trying to set is within our OU and I am able to change the user status via other tools.

Appreciate if you might have some more insight into this.

CC: @andreioros

While user creation getting below error as Create User: An error has occurred: An invalid dn syntax has been specified.

Appreciate if you might have some more insight into this.

CC: @andreioros

just for debug, try using values for the CN and other attributes that don’t have special characters
eg: R Mohan Kumar instead of R. Mohan.Kumar