Endpoint Account already exists during Provisioning Role assignment, resulting in Provisioning Server reports LDAP error 70 (0x0046 - Results too large)

Document ID : KB000046274
Last Modified Date : 14/02/2018
Show Technical Document Details


We are trying to assign Provisioning Role to Global Users for account creation purpose on some hierarchical Endpoints (i.e. Active Directory,  JNDI DYN),   but Provisioning Server reports LDAP error 70 (0x0046 - Results too large).

In etatrans log, the 'External Modify' operation got 'Results too large' error.

FAILURE: External Modify (eTGlobalUserName=xxx)
rc:  0x0046 (Results too large)
msg: ETA_E_0070<MGU>, Global User 'xxx' provisioning role memberships added successfully. Associated accounts creation or update failed: (accounts created: 0, updated: 0, re-created: 0, failures: 1)

The 'Child Add' operation got account 'Already Exists' error.

FAILURE: Child Add (eTDYNAccountName=xxx)
rc:  0x0044 (Already exists)
msg: ETA_E_0004<AAC>, User Account 'xxx' on 'xxx endpoint' creation failed: Object already exists; provisioning directory updated


  • IM r12.6


  • Endpoint Account already exists in the target account container
  • Endpoint Account with same account id already exists in another account container



Enable the following Synchronization settings on IM Provisioning Manager > System > Domain Configuration > Synchronization

  • Automatic Correlation = Yes (or 'Use Correlation Attr' if Correlation Attribute list has been customized)
  • Use Existing Accounts = Yes
  • Force single account across multiple containers = Target Endpoint Type;


Additional Information:

  1. TEC451504