The following error message appears in the Okta dashboard while trying to provision a user from Okta to Active Directory:
 

An error occurred while provisioning exampleuser@gmail.com. Automatic provisioning of user Example User to app Active Directory failed: Error provisioning active_directory user: An invalid dn syntax has been specified. Please fix this on the Tasks Page

 

• Active Directory (AD)
• Profile Editor
• Universal Directory
• Provisioning
• Lifecycle Management

This error mainly occurs when there are blank spaces after or before the first name, last name, email, or username on the Okta profile of a user. 

It is difficult to spot unwanted blank spaces just by viewing the affected Okta user profile directly. For a more efficient approach, follow these steps:

1. Access Directory > Profile Editor.
2. Then click on Directories on the left-hand panel.
3. After that, click on Mapping for Active Directory and do a preview of the user to spot the blank space.
4. After the blank space is located, go to the Okta profile of the affected user and edit it (remove the unwanted blank spaces).
5. Check for blank spaces on other attribute values as well.
6. Once they are removed, retry the provisioning task under the page Dashboard > Tasks for that user.