Cannot Insert Duplicate Key Row in Object 'dbo.tblOrganization'

Description

You cannot insert duplicate key row in object dbo.tblOrganization with the unique index IX_tblOrganization_fldParent_fldName.

The following error message displays in the PANAM event log.

PNMsoft Sequence Active Directory Synchronization Service.
Cannot insert duplicate key row in object 'dbo.tblOrganization' with unique index 'IX_tblOrganization_fldParent_fldName'. The duplicate key value is (XXX, YYY).
The statement has been terminated.
Group object
Name: XXX
objectGUID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
distinguishedName: OU=OU,DC=DC,DC=com

Affected Versions

All versions.

Cause

The error indicates that ADSS is attempting to insert into Sequence a group that already exists the same parent. There are two possible causes for this error.

Cause 1

You are synchronizing one domain using ADSS. The cause is that the group was previously created (manually) in  Sequence.

Cause 2

You are synchronizing more than one domain using ADSS. The same group/OU name exists in more than one domain, and is being synchronized at the same level in Sequence.

Solution

There is a solution for each of the causes.

Solution Parameter
Description
X1
The objectGuid that displays in the error message. For example, the group/OU objectGuid from AD.
X2
The user's distinguishedName from AD that you see in the error.
X3
The filter id (fldId) from tblADFilters that returns the user from AD.
If you have more than one filter, we recommend that you validate which filter returns the user by directly querying AD.
X40 = OU
1 = Group
XXX
The OU/Group name (as in the error).
YYY
The Sequence parent group fldNumber (as in the error, from tblOrganization).

Solution for Cause 1

Update the user properties in tblEmployees using the following query.

UPDATE
 tblOrganization
SET
objectGUID='X1',
distinguishedName='X2',
fldIsFromAD=1,
fldADFilterId=X3,
fldIsAdGroup=X4,
whenChanged='1970-01-01',
WHERE
fldName='YYY'
AND fldParent='XXX'


If the user does not sync after ADSS completes the following cycle, run the following query and restart ADSS when the system is idle.
UPDATE tblADFilters SET fldLastSyncTime = '1970-01-01'

Solution for Cause 2

If possible, rename the group/OU in one of the domains. If this is not possible, consult the PNMsoft Support Team.

About this Article
  • Created: 06/01/2017 2:58 am EDT
  • Last updated: 06/01/2017 3:43 am EDT
In This Article