Hi Kumar,
Please retry as per Tero's suggestion but I would assume it should fail again as they already have account in AD.
If it fails again, then suggestion would be a 'fix' job with 4 passes.
1) Create a temp table (something Z_TEMP) with list of users who has failed assignments. SQL would be a
select mcThisMSKEYVALUE, mcOtherMSKEYVALUE, mcuniqueid from idmv_link_ext with (nolock) where mcothermskeyvalue like 'PRIV%AD_rep%' and mcExecState = 4 or mcExecStateHierarchy = 4
2) Create a "to identity store" pass to remove the existing privs. now you query the temp table.
select mcthismskeyvalue as MSKEYVALUE, mcuniqueid as LINKID, mcOtherMSKEYVALUE from z_temp
in destination tab, you remove the priv using bypass task as below,
MXREF_MX_PRIVILEGE = {D}{LINKID=%LINKID%!!BYPASS_MEMBER_TASK=1}<%mcOtherMSKEYVALUE%>
3) delay the execution for sometime may be 15 or 30 seconds using usleep() function
4) Assign the privs back to those users using to identity store pass. Query the Z_TEMP again.
MXREF_MX_PRIVILEGE = {A}{BYPASS_MEMBER_TASK=1}<%mcOtherMSKEYVALUE%>
P.S: You should set up a recon job set up in your environment which corrects this data.
Kind regards,
Jai