An invalid API token or insufficient administrator permissions cause the Okta Active Directory (AD) Agent to stop working and display an authorization error. Uninstalling and reinstalling the Okta AD Agent resolves this issue by re-authorizing the connection. When this occurs, the Okta AD Agent stops servicing

AD events and the agent logs display the following error message:

E0000006 You do not have permission to perform the requested action.

• Okta Identity Engine (OIE)
• Okta Classic Engine
• Okta Active Directory (AD) Agent version 3.17 and lower
• Directories

Invalid permissions on the Okta administrator account used for the installation, or a revoked API token, cause this issue. API tokens automatically expire after 30 days of inactivity. Shutting down the agent for extended periods causes the token to expire, resulting in the authorization error.

How is the Okta Active Directory Agent authorization error E0000006 resolved?

Verify the administrator account permissions and reinstall the Okta AD Agent to re-authorize the connection and restore Active Directory event servicing.

1. Navigate to the Security tab in the Okta Admin Console to verify the permissions of the administrator account used for the installation.
2. Uninstall the Okta AD Agent from the host server.
3. Reinstall the Okta AD Agent using the verified Okta administrator account to generate a new API token.