The user is not a member of the specified AD domain - for one tenant

I have just upgraded our on-prem Orchestrator from 2019.10.x to 2121.4.2.

We have two tenants, development and production. We use Windows domain accounts to log in to Orchestrator. I can log in to the Production tenant fine and can see everything and our robots seem fine and jobs are running, however I cannot log into the development tenant in the same Orchestrator. When I try to log in to the development tenant I get this error displayed in a red box on screen:

The user is not a member of the specified AD domain. (#1018)

I was able to log in to the production tenant without the app pool account having load profile = true in the app pool but I set it to true anyway and that did not fix the issue.

An update to this:

The windows event log on the Orchestrator server contains the following:

Cannot create external login for S-1-5-21-2467367700-4178202898-133568193-63824UiPath.Orchestrator.Core.Exceptions.BusinessConflictException: Error code - 1028, Message - ‘Email ‘my.name@thecompanyiworkfor.com’ is already taken.’
at async Task UiPath.Orchestrator.Application.Users.UserService.CreateAsync(UserDto input, UserCreateContext context)
at async Task Abp.Domain.Uow.UnitOfWorkInterceptor.InternalInterceptAsynchronous(IInvocation invocation)
at async Task Abp.Domain.Uow.UnitOfWorkInterceptor.InternalInterceptAsynchronous(IInvocation invocation)
at async Task Abp.Runtime.Validation.Interception.ValidationInterceptor.InternalInterceptAsynchronous(IInvocation invocation)
at async Task UiPath.Orchestrator.Application.Provisioning.DirectoryProvisioner.ProvisionUserAsync(DirectoryUserDto directoryUser)
at async Task UiPath.Orchestrator.Application.Provisioning.DirectoryProvisioner.LoginUserAsync(DirectoryIdentifier directoryIdentifier)
at async Task UiPath.Orchestrator.Security.Auth.Common.UserMapping.DirectoryUserMapper.MapLoginAsync(DirectoryIdentifier directoryIdentifier, string tenancyName)
at async Task UiPath.Orchestrator.Security.Auth.Common.UserMapping.IdentityUserMapper.MapLoginAsync(ExternalLoginInfo info, string tenancyName)
at async Task UiPath.Orchestrator.Controllers.AccountController.GetExternalProviderLoginResult(ExternalLoginInfo externalLoginInfo, string tenancyName)

So it appears that Orchestrator is unable to successfully migrate my account to the new way of working in the background when I log in as it has already been created for the production tenant.

Where/how do I report this bug and is there a workaround?

@loginerror can you help me with this?

Hi @Craig1

The best way to resolve the on-premise installation issues would be to contact our technical support directly via this form:

Thanks. I have support on this now and the issue has been recreated by the support engineer.

1 Like

@Craig1 - if this issue was resolved, would you be able to share the solution here on this post please. Thanks in advance.

The way we were authenticating wasn’t supported any more.
We had to switch to using windows auth for one tenant and local accounts using the login form for the other tenant.

1 Like

Running into the same issue. Where or how was this resolved in the back-end on the Orchestrator server?