<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
Active Directory User Profile Create or Update from Okta Fails with Error "Server unwilling to process this request"
May 25, 2026
Lifecycle Management
Okta Classic Engine
Directories
Okta Identity Engine
Overview

Active Directory (AD) returns a 5003 WILL_NOT_PERFORM error when an attribute mapped from Okta fails to meet AD requirements; this is resolved by either correcting the mapping expression or removing the attribute from the Profile Editor. This issue occurs during user creation or profile updates when specific attributes, such as accountExpires, countryCode, or primaryGroupId, contain invalid formats or values.

 

The server is unwilling to process the request.

ErrorCode=80072035; ExtendedError=00000529, ExtendedErrorMessage=00000529: SvcErr: DSID-031A1248, problem 5003 (WILL_NOT_PERFORM), data 0

 

Applies To
  • Okta Classic Engine
  • Okta Identity Engine (OIE)
  • Active Directory
  • Directories
  • AD profile creation
  • AD profile updates
Cause

An attribute mapped from Okta to AD fails to meet the specific attribute requirements or schema constraints defined within AD. If multiple mapping errors exist, Okta displays the error only once per profile.

  • accountExpires: AD requires a long integer (epoch time). AD will accept a blank value (mapping: "") for a new user creation as the directory will automatically populate the attribute during the creation process, but a null value will be rejected if sent as an update to an existing user, and the user update will fail.
  • countryCode: AD requires a three-digit integer (for example, 840 for the United States). If the mapping instead sends the more typical ISO-3166 Alpha 2-letter code (for example, "US"), the request fails.
  • primaryGroupId: This attribute can be modified only if the user is already a member of the group. Mapping a static value like "513" to this attribute during initial user creation causes AD to reject the profile.
Solution

How are Active Directory attribute mapping errors resolved?

 

The following steps provide instructions for correcting common attribute-mapping failures in the Profile Editor.

  1. Navigate to Directory > Profile Editor.
  2. Select Directories to filter the list and select Mappings for the specific Active Directory instance.
  3. Select the Okta User to [AD] tab.
  4. Locate the problematic attribute and perform the required action:
    • For accountExpires or countryCode: Clear the mapping value or enter an Okta Expression Language (OEL) string that produces the correct integer format.
    • For primaryGroupId: Clear the value to remove the mapping.
  5. Select Save Mappings.
  6. Select Apply Mappings Now.

 

After correcting the attribute value, follow these additional steps to re-provision the users:

  1. Navigate to the group used to push users to Active Directory.
  2. Remove the impacted users from the group.
  3. Add the users back to the group to trigger a fresh push.

 

NOTE: If the error persists after these changes, another unlisted attribute likely violates AD requirements. Open a Support Case for further assistance.

 

Related References

Recommended content

Still looking for help?
Loading
Active Directory User Profile Create or Update from Okta Fails with Error "Server unwilling to process this request"