The specified ID is already in use by an unresolvable user within this realm

The specified ID is already in use by un-resolvable user within this realm

Principal with userid already exists in the realm: <username>

Cannot add or manage a user with user ID <UserID>. User IDs must be unique within a deployment. 
This user ID is already in use.

Account is locked out of emergency authentication Error 
This is a read only external LDAP identity Source read-only

1. There are multiple entries for the same user in different identity sources.  To check this, run a search for the specific user ID across all identity sources:
   1. Login to to the Security Console.
   2. Select Identity > Users > Manage Existing.
   3. Under Search Criteria, click on Search for users across all identity sources.
   4. Enter the user ID and run the search.
   5. If you get multiple results for the same user, delete all of them except for the required user entry.
2. An issue with an unresolvable user in the LDAP.  To check this, 
   1. Generate a report of Users and Groups No Longer in Identity Source (Reporting > Reports > Add New > Users and Groups No Longer in Identity Source), selecting the correct external identity source when configuring the report. 
   2. Confirm the users listed in the report. 
   3. Select Setup >  Identity Sources >  Clean Up Unresolvable Users.
   4. Select the identity source to clean.
   5. For the Grace Period, do one of the following:
   • If you want to clean up users who have been unresolvable for more than the specified number of days listed, select the checkbox.
   • If you want to clean up users immediately when they are found to be unresolvable, clear the checkbox.
     The grace period is used to prevent cleanup for any users and use groups that make have been mistakenly removed from the directory or moved to an OU that is out of scope of the identity source.  You can specify how many days the users must be unresolvable before they are cleaned up, and take corrective action beforehand. By default, this field is enabled to clean unresolvable users after seven days.  
3. Click Next.
4. Select Force system to delete all users and groups from the internal database that no longer exist in the external identity source and click Next.
5. If the cleanup does not remove the unresolvable user, modify the LDAP identity source mapping to exclude the user.  If you had a user named Jane Smith in your external identity source whom you could not manage or delete, do the following:
   1. Open the Operations Console and navigate to Deployment Configuration > Identity Sources > Manage Existing.  
   2. From the drop down next to the affected identity source name, choose Edit.  
   3. Click on the Map tab.  
   4. Scroll to the Directory Configuration - Users section.
   5. Change the default search filter from what is shown here:

(&(objectClass=User)(objectcategory=person))

(&(objectClass=User)(objectcategory=person)(!(samAccountName=<user name>)))

(&(objectClass=User)(objectcategory=person)(!(samAccountName=Jane.Smith)))

6. Redo the steps in Item 2, to run the cleanup for unresolveable users and remove or clean up any entries for Jane Smith that you could not remove before.  When done, remove the filter in your LDAP map, changing it back to:

(&(objectClass=User)(objectcategory=person))