Windows Vista Tips

Windows Vista Tips > Newsgroups > Windows Server > Active Directory > ADAM - AD_Schema load fails with error

Reply
Thread Tools Display Modes

ADAM - AD_Schema load fails with error

 
 
Andrew Stanford
Guest
Posts: n/a

 
      07-08-2005
I have installed an new ADAM instance and I am attempting to run the
following command;
ldifde -i -f ad_schema.ldf -s itfswd7:389 -k -j . -c
"CN=Schema,CN=Configuration,DC=X" #SchemaNamingContext

The schema instance is installed on Windows XP pro, the AD server is Server
2003. Also, I tried the above command with the -b switch specifying my user
account. My account is a Domain Admin.

I get the following error;
Add error on line 12289: Referral
The server side error is: 0x202b A referral was return from the server.
The extended server error is:
0000202B: RefErr: DSIS-03100738, data 0, 1 access points
ref 1: 'x'

754 entries modified successfully.
An error has occurred in the program.

-----------------------------------------------------------------
Inspecting the ldif.log file shows that the last entry successfully modified
was 754. The log entry for 755 says;
755: cn=DNS-Host-Name-Attributes,cn=Extended-Rights, cn=Configuration,dc=X
Entry DN: cn=DNS-Host-Name-Attributes,cn=Extended-Rights,
cn=Configuration,dc=X

....the rest of the entry is the same as the error information displayed at
the command prompt.

Any help on this matter would be great.

Thanks in advance,
Andrew

 
Reply With Quote
 
 
 
 
Lee Flight
Guest
Posts: n/a

 
      07-08-2005
Hi

that looks like the ad_schema.ldf that comes with ADAMSync,
that being the case it's

-c "cn=Configuration,dc=X" #configurationNamingContext

that you need in your ldifde command line.

Lee Flight

"Andrew Stanford" <> wrote in
message news:4E65725B-EBD4-4B3C-8125-...
>I have installed an new ADAM instance and I am attempting to run the
> following command;
> ldifde -i -f ad_schema.ldf -s itfswd7:389 -k -j . -c
> "CN=Schema,CN=Configuration,DC=X" #SchemaNamingContext
>
> The schema instance is installed on Windows XP pro, the AD server is
> Server
> 2003. Also, I tried the above command with the -b switch specifying my
> user
> account. My account is a Domain Admin.
>
> I get the following error;
> Add error on line 12289: Referral
> The server side error is: 0x202b A referral was return from the server.
> The extended server error is:
> 0000202B: RefErr: DSIS-03100738, data 0, 1 access points
> ref 1: 'x'
>
> 754 entries modified successfully.
> An error has occurred in the program.
>
> -----------------------------------------------------------------
> Inspecting the ldif.log file shows that the last entry successfully
> modified
> was 754. The log entry for 755 says;
> 755: cn=DNS-Host-Name-Attributes,cn=Extended-Rights, cn=Configuration,dc=X
> Entry DN: cn=DNS-Host-Name-Attributes,cn=Extended-Rights,
> cn=Configuration,dc=X
>
> ...the rest of the entry is the same as the error information displayed at
> the command prompt.
>
> Any help on this matter would be great.
>
> Thanks in advance,
> Andrew
>



 
Reply With Quote
 
 
 
 
Andrew Stanford
Guest
Posts: n/a

 
      07-08-2005
Thanks Lee... yes I am using the ad_schema.ldf that comes with adamsync and
the file seemed to load just fine, as did the required schema_metadata.ldf

Moving on to the next step: I tried to run the following command;
adamsync /install itfswd7:389 bttest.xml /log -

Gives me the message;
Establishing connection to target server itfswd7:389.
Updating configuration file on bttest.xml.
Reading Configuration File from bttest.xml
Please enter password:
Saving Configuration File on DC=btweb,DC=bakertilly,DC=net,dc=btweb,dc=ADAM
Unable to read attribute objectclass on
DC=btweb,DC=bakertilly,DC=net,dc=btweb,d
c=ADAM.

Here is the contents of BTTest.xml;
<?xml version="1.0" ?>
<doc>
<configuration>
<config-name>ADAMApplication</config-name>
<security-mode>object</security-mode>
<source-ad-name>btdcprimary.btweb.bakertilly.net</source-ad-name>

<source-ad-partition>DC=btweb,DC=bakertilly,DC=net</source-ad-partition>
<source-ad-account>axs2</source-ad-account>
<target-rdn>dc=btweb,dc=ADAM</target-rdn>
<account-domain>btweb</account-domain>
<query>
<base-dn>DC=btweb,DC=bakertilly,DC=net</base-dn>
<object-filter>(objectClass=*)</object-filter>
</query>
</configuration>
</doc>

So the DC server is called btdcprimary on the domain btweb.bakertilly.net
The adam instance is called adam1 and the partition is dc=btweb,dc=ADAM


Thanks,
Andrew


"Lee Flight" wrote:

> Hi
>
> that looks like the ad_schema.ldf that comes with ADAMSync,
> that being the case it's
>
> -c "cn=Configuration,dc=X" #configurationNamingContext
>
> that you need in your ldifde command line.
>
> Lee Flight
>
> "Andrew Stanford" <> wrote in
> message news:4E65725B-EBD4-4B3C-8125-...
> >I have installed an new ADAM instance and I am attempting to run the
> > following command;
> > ldifde -i -f ad_schema.ldf -s itfswd7:389 -k -j . -c
> > "CN=Schema,CN=Configuration,DC=X" #SchemaNamingContext
> >
> > The schema instance is installed on Windows XP pro, the AD server is
> > Server
> > 2003. Also, I tried the above command with the -b switch specifying my
> > user
> > account. My account is a Domain Admin.
> >
> > I get the following error;
> > Add error on line 12289: Referral
> > The server side error is: 0x202b A referral was return from the server.
> > The extended server error is:
> > 0000202B: RefErr: DSIS-03100738, data 0, 1 access points
> > ref 1: 'x'
> >
> > 754 entries modified successfully.
> > An error has occurred in the program.
> >
> > -----------------------------------------------------------------
> > Inspecting the ldif.log file shows that the last entry successfully
> > modified
> > was 754. The log entry for 755 says;
> > 755: cn=DNS-Host-Name-Attributes,cn=Extended-Rights, cn=Configuration,dc=X
> > Entry DN: cn=DNS-Host-Name-Attributes,cn=Extended-Rights,
> > cn=Configuration,dc=X
> >
> > ...the rest of the entry is the same as the error information displayed at
> > the command prompt.
> >
> > Any help on this matter would be great.
> >
> > Thanks in advance,
> > Andrew
> >

>
>
>

 
Reply With Quote
 
Lee Flight
Guest
Posts: n/a

 
      07-08-2005
Hi

the ADAM partition name must match the AD partition name
to within a trailing suffix in the current beta of ADAMSync (not
the improved Windows Server R2 version, also in public beta) .

So if your AD partition is

DC=btweb,DC=bakertilly,DC=net

then your ADAM partition must be

DC=btweb,DC=bakertilly,DC=net[,<target-rdn>]

where [] indicates an optional component so if you want the
ADAM partition to be

DC=btweb,DC=bakertilly,DC=net,DC=ADAM

you would need to create the partition

DC=btweb,DC=bakertilly,DC=net,DC=ADAM

and specify

<target-rdn>dc=ADAM</target-rdn>

in your config.xml. You could also just create an ADAM
partition

DC=btweb,DC=bakertilly,DC=net

and not specify and target-rdn

<target-rdn></target-rdn>


Lee Flight


"Andrew Stanford" <> wrote in
message news:F825ABC0-1C88-45F9-8974-...
> Thanks Lee... yes I am using the ad_schema.ldf that comes with adamsync
> and
> the file seemed to load just fine, as did the required schema_metadata.ldf
>
> Moving on to the next step: I tried to run the following command;
> adamsync /install itfswd7:389 bttest.xml /log -
>
> Gives me the message;
> Establishing connection to target server itfswd7:389.
> Updating configuration file on bttest.xml.
> Reading Configuration File from bttest.xml
> Please enter password:
> Saving Configuration File on
> DC=btweb,DC=bakertilly,DC=net,dc=btweb,dc=ADAM
> Unable to read attribute objectclass on
> DC=btweb,DC=bakertilly,DC=net,dc=btweb,d
> c=ADAM.
>
> Here is the contents of BTTest.xml;
> <?xml version="1.0" ?>
> <doc>
> <configuration>
> <config-name>ADAMApplication</config-name>
> <security-mode>object</security-mode>
> <source-ad-name>btdcprimary.btweb.bakertilly.net</source-ad-name>
>
> <source-ad-partition>DC=btweb,DC=bakertilly,DC=net</source-ad-partition>
> <source-ad-account>axs2</source-ad-account>
> <target-rdn>dc=btweb,dc=ADAM</target-rdn>
> <account-domain>btweb</account-domain>
> <query>
> <base-dn>DC=btweb,DC=bakertilly,DC=net</base-dn>
> <object-filter>(objectClass=*)</object-filter>
> </query>
> </configuration>
> </doc>
>
> So the DC server is called btdcprimary on the domain btweb.bakertilly.net
> The adam instance is called adam1 and the partition is dc=btweb,dc=ADAM
>
>
> Thanks,
> Andrew
>
>
> "Lee Flight" wrote:
>
>> Hi
>>
>> that looks like the ad_schema.ldf that comes with ADAMSync,
>> that being the case it's
>>
>> -c "cn=Configuration,dc=X" #configurationNamingContext
>>
>> that you need in your ldifde command line.
>>
>> Lee Flight
>>
>> "Andrew Stanford" <> wrote in
>> message news:4E65725B-EBD4-4B3C-8125-...
>> >I have installed an new ADAM instance and I am attempting to run the
>> > following command;
>> > ldifde -i -f ad_schema.ldf -s itfswd7:389 -k -j . -c
>> > "CN=Schema,CN=Configuration,DC=X" #SchemaNamingContext
>> >
>> > The schema instance is installed on Windows XP pro, the AD server is
>> > Server
>> > 2003. Also, I tried the above command with the -b switch specifying my
>> > user
>> > account. My account is a Domain Admin.
>> >
>> > I get the following error;
>> > Add error on line 12289: Referral
>> > The server side error is: 0x202b A referral was return from the server.
>> > The extended server error is:
>> > 0000202B: RefErr: DSIS-03100738, data 0, 1 access points
>> > ref 1: 'x'
>> >
>> > 754 entries modified successfully.
>> > An error has occurred in the program.
>> >
>> > -----------------------------------------------------------------
>> > Inspecting the ldif.log file shows that the last entry successfully
>> > modified
>> > was 754. The log entry for 755 says;
>> > 755: cn=DNS-Host-Name-Attributes,cn=Extended-Rights,
>> > cn=Configuration,dc=X
>> > Entry DN: cn=DNS-Host-Name-Attributes,cn=Extended-Rights,
>> > cn=Configuration,dc=X
>> >
>> > ...the rest of the entry is the same as the error information displayed
>> > at
>> > the command prompt.
>> >
>> > Any help on this matter would be great.
>> >
>> > Thanks in advance,
>> > Andrew
>> >

>>
>>
>>



 
Reply With Quote
 
Andrew Stanford
Guest
Posts: n/a

 
      07-11-2005
Hi,

Thanks for your help so far. There seems to be a fair amount of important
information missing from the documentation.

I uninstalled the ADAM instance I had and installed a new one with the
parition;
dc=btweb,dc=bakertilly,dc=net,dc=adam

I edited the config file as described and managed to load it using adamsync
/install.

I have tried to run the following command and get the error shown below. It
also pops up the dialog saying that "adamsync.exe has encountered a problem,
do you want to send a error report to Microsoft etc...". ;
adamsync /sync itfswd7:389 AdamApplication /log -
Establishing connection to target server itfswd7:389.
Saving Configuration File on DC=btweb,DC=bakertilly,DC=net,DC=ADAM
Saved configuration file.
Error fetching message from resource fileError occured fetching
internationalize
d message number 13. Error code: 317


Any thoughts on this error. I also tried the above with a partition called
dc=btweb,dc=bakertilly,dc=net dropping the contents of the <target-rdn> tag
as suggested. I got a similar message, the only difference being the message
number. This time it seemed to be trying to read message number 87 (instead
of 13 in the previous test).

I wonder if I should be using the newer version that comes with R2. I
wasn't aware of it but have downloaded it now. Will the procedures for
install and sync be similar to what I have just been through? Is there a
document that describes the improvements to this new release?

Thanks,
Andrew Stanford

"Lee Flight" wrote:

> Hi
>
> the ADAM partition name must match the AD partition name
> to within a trailing suffix in the current beta of ADAMSync (not
> the improved Windows Server R2 version, also in public beta) .
>
> So if your AD partition is
>
> DC=btweb,DC=bakertilly,DC=net
>
> then your ADAM partition must be
>
> DC=btweb,DC=bakertilly,DC=net[,<target-rdn>]
>
> where [] indicates an optional component so if you want the
> ADAM partition to be
>
> DC=btweb,DC=bakertilly,DC=net,DC=ADAM
>
> you would need to create the partition
>
> DC=btweb,DC=bakertilly,DC=net,DC=ADAM
>
> and specify
>
> <target-rdn>dc=ADAM</target-rdn>
>
> in your config.xml. You could also just create an ADAM
> partition
>
> DC=btweb,DC=bakertilly,DC=net
>
> and not specify and target-rdn
>
> <target-rdn></target-rdn>
>
>
> Lee Flight
>
>
> "Andrew Stanford" <> wrote in
> message news:F825ABC0-1C88-45F9-8974-...
> > Thanks Lee... yes I am using the ad_schema.ldf that comes with adamsync
> > and
> > the file seemed to load just fine, as did the required schema_metadata.ldf
> >
> > Moving on to the next step: I tried to run the following command;
> > adamsync /install itfswd7:389 bttest.xml /log -
> >
> > Gives me the message;
> > Establishing connection to target server itfswd7:389.
> > Updating configuration file on bttest.xml.
> > Reading Configuration File from bttest.xml
> > Please enter password:
> > Saving Configuration File on
> > DC=btweb,DC=bakertilly,DC=net,dc=btweb,dc=ADAM
> > Unable to read attribute objectclass on
> > DC=btweb,DC=bakertilly,DC=net,dc=btweb,d
> > c=ADAM.
> >
> > Here is the contents of BTTest.xml;
> > <?xml version="1.0" ?>
> > <doc>
> > <configuration>
> > <config-name>ADAMApplication</config-name>
> > <security-mode>object</security-mode>
> > <source-ad-name>btdcprimary.btweb.bakertilly.net</source-ad-name>
> >
> > <source-ad-partition>DC=btweb,DC=bakertilly,DC=net</source-ad-partition>
> > <source-ad-account>axs2</source-ad-account>
> > <target-rdn>dc=btweb,dc=ADAM</target-rdn>
> > <account-domain>btweb</account-domain>
> > <query>
> > <base-dn>DC=btweb,DC=bakertilly,DC=net</base-dn>
> > <object-filter>(objectClass=*)</object-filter>
> > </query>
> > </configuration>
> > </doc>
> >
> > So the DC server is called btdcprimary on the domain btweb.bakertilly.net
> > The adam instance is called adam1 and the partition is dc=btweb,dc=ADAM
> >
> >
> > Thanks,
> > Andrew
> >
> >
> > "Lee Flight" wrote:
> >
> >> Hi
> >>
> >> that looks like the ad_schema.ldf that comes with ADAMSync,
> >> that being the case it's
> >>
> >> -c "cn=Configuration,dc=X" #configurationNamingContext
> >>
> >> that you need in your ldifde command line.
> >>
> >> Lee Flight
> >>
> >> "Andrew Stanford" <> wrote in
> >> message news:4E65725B-EBD4-4B3C-8125-...
> >> >I have installed an new ADAM instance and I am attempting to run the
> >> > following command;
> >> > ldifde -i -f ad_schema.ldf -s itfswd7:389 -k -j . -c
> >> > "CN=Schema,CN=Configuration,DC=X" #SchemaNamingContext
> >> >
> >> > The schema instance is installed on Windows XP pro, the AD server is
> >> > Server
> >> > 2003. Also, I tried the above command with the -b switch specifying my
> >> > user
> >> > account. My account is a Domain Admin.
> >> >
> >> > I get the following error;
> >> > Add error on line 12289: Referral
> >> > The server side error is: 0x202b A referral was return from the server.
> >> > The extended server error is:
> >> > 0000202B: RefErr: DSIS-03100738, data 0, 1 access points
> >> > ref 1: 'x'
> >> >
> >> > 754 entries modified successfully.
> >> > An error has occurred in the program.
> >> >
> >> > -----------------------------------------------------------------
> >> > Inspecting the ldif.log file shows that the last entry successfully
> >> > modified
> >> > was 754. The log entry for 755 says;
> >> > 755: cn=DNS-Host-Name-Attributes,cn=Extended-Rights,
> >> > cn=Configuration,dc=X
> >> > Entry DN: cn=DNS-Host-Name-Attributes,cn=Extended-Rights,
> >> > cn=Configuration,dc=X
> >> >
> >> > ...the rest of the entry is the same as the error information displayed
> >> > at
> >> > the command prompt.
> >> >
> >> > Any help on this matter would be great.
> >> >
> >> > Thanks in advance,
> >> > Andrew
> >> >
> >>
> >>
> >>

>
>
>

 
Reply With Quote
 
Lee Flight
Guest
Posts: n/a

 
      07-11-2005
Hi

inline below...

"Andrew Stanford" <> wrote in
message news:B26D98C5-2D13-47A3-84AE-...
> Hi,
>
> Thanks for your help so far. There seems to be a fair amount of important
> information missing from the documentation.
>
> I uninstalled the ADAM instance I had and installed a new one with the
> parition;
> dc=btweb,dc=bakertilly,dc=net,dc=adam
>
> I edited the config file as described and managed to load it using
> adamsync
> /install.
>
> I have tried to run the following command and get the error shown below.
> It
> also pops up the dialog saying that "adamsync.exe has encountered a
> problem,
> do you want to send a error report to Microsoft etc...". ;
> adamsync /sync itfswd7:389 AdamApplication /log -
> Establishing connection to target server itfswd7:389.
> Saving Configuration File on DC=btweb,DC=bakertilly,DC=net,DC=ADAM
> Saved configuration file.
> Error fetching message from resource fileError occured fetching
> internationalize
> d message number 13. Error code: 317
>
>
> Any thoughts on this error. I also tried the above with a partition called
> dc=btweb,dc=bakertilly,dc=net dropping the contents of the <target-rdn>
> tag
> as suggested. I got a similar message, the only difference being the
> message
> number. This time it seemed to be trying to read message number 87
> (instead
> of 13 in the previous test).


I have not seen either of those errors I think they have come up before
once or twice on the NGs; I have never managed a repro. It may be
that you need to uninstall ADAM and retry.

> I wonder if I should be using the newer version that comes with R2. I
> wasn't aware of it but have downloaded it now. Will the procedures for
> install and sync be similar to what I have just been through? Is there a
> document that describes the improvements to this new release?


If you can try the R2 release then that is the way to go, unfortunately
there is a woeful lack of documentation on this release at present. In
fact the R2 ADAMsync has less documentation than the beta you have
been using however my experience is that the code is improved.

The /install and /sync steps are much the same for the R2 release,
there are some minor changes to the config.xml. The only advertised
feature that has been added is the ability to sync user objects in AD
to bindProxy objects in ADAM. If you have problems with it please
post back (stating that you are using the R2 release) and we will try
and help.

Lee Flight


 
Reply With Quote
 
Andrew Stanford
Guest
Posts: n/a

 
      07-13-2005
Hi,

Thanks again for your help.

I ended up switching to the 2003 R2 version. It was a bit of messing around
as it seemed that it wouldn't install on anything except the trial version of
2003. Bit of a pain... never mind.

I tweaked the config file and after a few attempts managed to get it to
install.

I then had a couple of issues doing the sync. It would run for ages, then
error. I found the answer in your post to Tom C (adamsync /sync error). I
have hit a couple of other attributes that also need to be excluded, but feel
that I am on the right track.

Assuming that the sync goes OK (it takes about 20 minutes to fail), we are
wondering if we can confiure it to only include a subset of users from the
DC? i.e. only the users that are likely to use the application. What would
you recommend?

An idea that has been put forward was to create a new group and put required
users into that. I am guessing that I could maybe filter the sync down to
just users by adjusting the config file so the object-filter tag says
(objectClass=Users), but am not sure how to limit the users that arrive in
ADAM from there.


Regards,
Andrew Stanford

"Lee Flight" wrote:

> Hi
>
> inline below...
>
> "Andrew Stanford" <> wrote in
> message news:B26D98C5-2D13-47A3-84AE-...
> > Hi,
> >
> > Thanks for your help so far. There seems to be a fair amount of important
> > information missing from the documentation.
> >
> > I uninstalled the ADAM instance I had and installed a new one with the
> > parition;
> > dc=btweb,dc=bakertilly,dc=net,dc=adam
> >
> > I edited the config file as described and managed to load it using
> > adamsync
> > /install.
> >
> > I have tried to run the following command and get the error shown below.
> > It
> > also pops up the dialog saying that "adamsync.exe has encountered a
> > problem,
> > do you want to send a error report to Microsoft etc...". ;
> > adamsync /sync itfswd7:389 AdamApplication /log -
> > Establishing connection to target server itfswd7:389.
> > Saving Configuration File on DC=btweb,DC=bakertilly,DC=net,DC=ADAM
> > Saved configuration file.
> > Error fetching message from resource fileError occured fetching
> > internationalize
> > d message number 13. Error code: 317
> >
> >
> > Any thoughts on this error. I also tried the above with a partition called
> > dc=btweb,dc=bakertilly,dc=net dropping the contents of the <target-rdn>
> > tag
> > as suggested. I got a similar message, the only difference being the
> > message
> > number. This time it seemed to be trying to read message number 87
> > (instead
> > of 13 in the previous test).

>
> I have not seen either of those errors I think they have come up before
> once or twice on the NGs; I have never managed a repro. It may be
> that you need to uninstall ADAM and retry.
>
> > I wonder if I should be using the newer version that comes with R2. I
> > wasn't aware of it but have downloaded it now. Will the procedures for
> > install and sync be similar to what I have just been through? Is there a
> > document that describes the improvements to this new release?

>
> If you can try the R2 release then that is the way to go, unfortunately
> there is a woeful lack of documentation on this release at present. In
> fact the R2 ADAMsync has less documentation than the beta you have
> been using however my experience is that the code is improved.
>
> The /install and /sync steps are much the same for the R2 release,
> there are some minor changes to the config.xml. The only advertised
> feature that has been added is the ability to sync user objects in AD
> to bindProxy objects in ADAM. If you have problems with it please
> post back (stating that you are using the R2 release) and we will try
> and help.
>
> Lee Flight
>
>
>

 
Reply With Quote
 
Lee Flight
Guest
Posts: n/a

 
      07-13-2005
Hi

sounds like you are making good progress, more below...

"Andrew Stanford" <> wrote in
message news:0E33E1C7-9B67-4051-9285-...

> Assuming that the sync goes OK (it takes about 20 minutes to fail), we are
> wondering if we can confiure it to only include a subset of users from the
> DC? i.e. only the users that are likely to use the application. What would
> you recommend?
>
> An idea that has been put forward was to create a new group and put
> required
> users into that. I am guessing that I could maybe filter the sync down to
> just users by adjusting the config file so the object-filter tag says
> (objectClass=Users), but am not sure how to limit the users that arrive in
> ADAM from there.


Yes, using an AD group is a useful idea. So if you have an AD group
called AppUsers with distinguishedName

CN=AppUsers,OU=Groups,DC=a,DC=b

and add the AD users that you want to sync to ADAM to that group then
you would need an LDAP filter something like (ignore any line wraps):

(&(objectCategory=person)(objectClass=User)(member Of=CN=AppUsers,OU=Groups,DC=a,DC=b))

which as an element in your config.xml would look like (ignore any line
wraps):

(&amp;(objectCategory=person)(objectClass=User)(me mberOf=CN=AppUsers,OU=Groups,DC=a,DC=b))

that should sync just the members of the group (it would not sync their
group membership). If the users in question are already members of a
large number of groups then things will start to slow up.

A potential downside is that if as user is ever in the group when the /sync
runs then they will be sync'ed to ADAM but if they are removed from the AD
group I suspect they will remain in ADAM.

Lee Flight


 
Reply With Quote
 
Andrew Stanford
Guest
Posts: n/a

 
      07-14-2005
Hi,


The sync process is failing. It seems to take about 20 minutes and it
populates ADAM with lots of OU's and some CN's, I seem to be missing the most
important part... the actual Users.

At the end of each sync run I get an error similar to this;
Updating the configuration file DirSync cookie with a new value.
Unable to find object (ldapDisplayName=msExchADCGlobalNames) in the target
schema.
Equivalent object in the source schema is
<GUID=f62ad3546aacb340a3bacef25e2da01d>.
Unable to find object (ldapDisplayName=replicatedObjectVersion) in the
target sc
hema.
Equivalent object in the source schema is
<GUID=96d4a1fcfb82bc40928dbe464e331d02>.
Unable to find object (ldapDisplayName=replicationSignature) in the target
schem
a.
Equivalent object in the source schema is
<GUID=2c605edf31c88a4a9416f99f3cf2c9dc>.
Ldap error occured. ldap_add_sW: No Such Attribute.
Extended Info: .
Saving Configuration File on DC=btweb,DC=bakertilly,DC=net,DC=ADAM
Saved configuration file.

I then add more "exclude" tags to the config file and try again. So far the
excludes I have added are;
<exclude>showinaddressbook</exclude>
<exclude>publicdelegates</exclude>
<exclude>msExchHideFromAddressLists</exclude>
<exclude>homeMTA</exclude>
<exclude>deliveryMechanism</exclude>
<exclude>homeMDB</exclude>
<exclude>mailNickname</exclude>
<exclude>msExchHomeServerName</exclude>
<exclude>msExchALObjectVersion</exclude>
<exclude>msExchHideFromAddressList</exclude>
<exclude>msExchMasterAccountSid</exclude>
<exclude>msExchUserAccountControl</exclude>
<exclude>msExchMailboxSecurityDescriptor</exclude>
<exclude>msExchMailboxGuid</exclude>
<exclude>dLMemDefault</exclude>
<exclude>msExchPoliciesIncluded</exclude>
<exclude>telephoneAssistant</exclude>
<exclude>replicatedObjectVersion</exclude>
<exclude>replicationSignature</exclude>
<exclude>msExchADCGlobalNames</exclude>

I didn't think there would be this many problems with the schema as I have
loaded MS-AdamSchemaW2K3.LDF & MS-AdamSyncMetadata.LDF into ADAM

I then run the ADSchemaAnalyzer loading the ADAM instance as the "target
schema" and the AD server as the "Base schema". I then check the "Mark
non-present elements as included" menu option and then "Create LDIF File...".

I load the resulting LDIF file into my ADAM instance. Shouldn't the ADAM &
AD schemas be the same at this point? Is there an easier way to figure out
the required "exclude" tags?

--
Regards,
Andrew Stanford


"Lee Flight" wrote:

> Hi
>
> sounds like you are making good progress, more below...
>
> "Andrew Stanford" <> wrote in
> message news:0E33E1C7-9B67-4051-9285-...
>
> > Assuming that the sync goes OK (it takes about 20 minutes to fail), we are
> > wondering if we can confiure it to only include a subset of users from the
> > DC? i.e. only the users that are likely to use the application. What would
> > you recommend?
> >
> > An idea that has been put forward was to create a new group and put
> > required
> > users into that. I am guessing that I could maybe filter the sync down to
> > just users by adjusting the config file so the object-filter tag says
> > (objectClass=Users), but am not sure how to limit the users that arrive in
> > ADAM from there.

>
> Yes, using an AD group is a useful idea. So if you have an AD group
> called AppUsers with distinguishedName
>
> CN=AppUsers,OU=Groups,DC=a,DC=b
>
> and add the AD users that you want to sync to ADAM to that group then
> you would need an LDAP filter something like (ignore any line wraps):
>
> (&(objectCategory=person)(objectClass=User)(member Of=CN=AppUsers,OU=Groups,DC=a,DC=b))
>
> which as an element in your config.xml would look like (ignore any line
> wraps):
>
> (&(objectCategory=person)(objectClass=User)(member Of=CN=AppUsers,OU=Groups,DC=a,DC=b))
>
> that should sync just the members of the group (it would not sync their
> group membership). If the users in question are already members of a
> large number of groups then things will start to slow up.
>
> A potential downside is that if as user is ever in the group when the /sync
> runs then they will be sync'ed to ADAM but if they are removed from the AD
> group I suspect they will remain in ADAM.
>
> Lee Flight
>
>
>

 
Reply With Quote
 
Andrew Stanford
Guest
Posts: n/a

 
      07-14-2005
Further to my previous post... My most recent sync has just finished, but I
am not sure what to do now as the error message seems to have changed and
there doesn't seem to be any clear direction as to what attribute or class I
should be excluding now. See the error message below;
Processing Entry: Page 34, Frame 1, Entry 53, Count 1, USN 0
Processing source entry <guid=b6170c0f999c414b8467410dab6a5491>
Processing in-scope entry b6170c0f999c414b8467410dab6a5491.
(sourceobjectguid=?b6?17?0c?0f?99?9c?41?4b?84?67?4 1?0d?ab?6a?54?91) exists
in ta
rget. Converting object creation to object modification.
Renaming target object
CN=G_LL_PARTNER,OU=Liverpool,DC=btweb,DC=bakertill y,DC=ne
t,DC=adam to CN=G_LL_PARTNER,<GUID=60c303d5840d344c83273b981d81 0351>.
Deferring synchronization of attribute member to end of run. Deleting
attribute.

Modifying attributes: description, groupType, lastagedchange,
Previous entry took 0 seconds (362, 10) to process

Processing Entry: Page 34, Frame 1, Entry 54, Count 1, USN 0
Processing source entry <guid=a2ce363ab7cfba4db26be703b7b1363c>
Processing in-scope entry a2ce363ab7cfba4db26be703b7b1363c.
(sourceobjectguid=?a2?ce?36?3a?b7?cf?ba?4d?b2?6b?e 7?03?b7?b1?36?3c) exists
in ta
rget. Converting object creation to object modification.
Renaming target object CN=Page
Amy-1,OU=BT,OU=ITF,DC=btweb,DC=bakertilly,DC=net,
DC=adam to CN=Page Amy-1,<GUID=26db62db0d01a54087b0d85a06960249>.
Modifying attributes: sn, l, st, title, description, postalCode,
physicalDeliver
yOfficeName, telephoneNumber, facsimileTelephoneNumber, givenName, initials,
dis
playName, otherTelephone, info, securityProtocol, deletedItemFlags, co,
departme
nt, company, proxyAddresses, streetAddress, mDBStorageQuota,
mDBOverQuotaLimit,
otherHomePhone, autoReplyMessage, garbageCollPeriod, mDBUseDefaults,
mAPIRecipie
nt, extensionAttribute1, extensionAttribute2, extensionAttribute3,
extensionAttr
ibute4, extensionAttribute5, extensionAttribute6, extensionAttribute7,
extension
Attribute8, extensionAttribute9, extensionAttribute10, msExchAssistantName,
home
Directory, homeDrive, dBCSPwd, scriptPath, userWorkstations, userParameters,
pro
filePath, comment, legacyExchangeDN, userPrincipalName,
textEncodedORAddress, ma
il, homePhone, mobile, pager, unmergedAtts, msExchPreviousAccountSid,
mDBOverHar
dQuotaLimit, msExchPoliciesExcluded, lastagedchange,
Ldap error occured. ldap_modify_sW: No Such Attribute.
Extended Info: 00000057: LdapErr: DSID-0C090A8A, comment: Error in attribute
con
version operation, data 0, vece.
Saving Configuration File on DC=btweb,DC=bakertilly,DC=net,DC=adam
Saved configuration file.


Thanks in advance for your help.
--
Regards,
Andrew Stanford


"Andrew Stanford" wrote:

> Hi,
>
>
> The sync process is failing. It seems to take about 20 minutes and it
> populates ADAM with lots of OU's and some CN's, I seem to be missing the most
> important part... the actual Users.
>
> At the end of each sync run I get an error similar to this;
> Updating the configuration file DirSync cookie with a new value.
> Unable to find object (ldapDisplayName=msExchADCGlobalNames) in the target
> schema.
> Equivalent object in the source schema is
> <GUID=f62ad3546aacb340a3bacef25e2da01d>.
> Unable to find object (ldapDisplayName=replicatedObjectVersion) in the
> target sc
> hema.
> Equivalent object in the source schema is
> <GUID=96d4a1fcfb82bc40928dbe464e331d02>.
> Unable to find object (ldapDisplayName=replicationSignature) in the target
> schem
> a.
> Equivalent object in the source schema is
> <GUID=2c605edf31c88a4a9416f99f3cf2c9dc>.
> Ldap error occured. ldap_add_sW: No Such Attribute.
> Extended Info: .
> Saving Configuration File on DC=btweb,DC=bakertilly,DC=net,DC=ADAM
> Saved configuration file.
>
> I then add more "exclude" tags to the config file and try again. So far the
> excludes I have added are;
> <exclude>showinaddressbook</exclude>
> <exclude>publicdelegates</exclude>
> <exclude>msExchHideFromAddressLists</exclude>
> <exclude>homeMTA</exclude>
> <exclude>deliveryMechanism</exclude>
> <exclude>homeMDB</exclude>
> <exclude>mailNickname</exclude>
> <exclude>msExchHomeServerName</exclude>
> <exclude>msExchALObjectVersion</exclude>
> <exclude>msExchHideFromAddressList</exclude>
> <exclude>msExchMasterAccountSid</exclude>
> <exclude>msExchUserAccountControl</exclude>
> <exclude>msExchMailboxSecurityDescriptor</exclude>
> <exclude>msExchMailboxGuid</exclude>
> <exclude>dLMemDefault</exclude>
> <exclude>msExchPoliciesIncluded</exclude>
> <exclude>telephoneAssistant</exclude>
> <exclude>replicatedObjectVersion</exclude>
> <exclude>replicationSignature</exclude>
> <exclude>msExchADCGlobalNames</exclude>
>
> I didn't think there would be this many problems with the schema as I have
> loaded MS-AdamSchemaW2K3.LDF & MS-AdamSyncMetadata.LDF into ADAM
>
> I then run the ADSchemaAnalyzer loading the ADAM instance as the "target
> schema" and the AD server as the "Base schema". I then check the "Mark
> non-present elements as included" menu option and then "Create LDIF File...".
>
> I load the resulting LDIF file into my ADAM instance. Shouldn't the ADAM &
> AD schemas be the same at this point? Is there an easier way to figure out
> the required "exclude" tags?
>
> --
> Regards,
> Andrew Stanford
>
>
> "Lee Flight" wrote:
>
> > Hi
> >
> > sounds like you are making good progress, more below...
> >
> > "Andrew Stanford" <> wrote in
> > message news:0E33E1C7-9B67-4051-9285-...
> >
> > > Assuming that the sync goes OK (it takes about 20 minutes to fail), we are
> > > wondering if we can confiure it to only include a subset of users from the
> > > DC? i.e. only the users that are likely to use the application. What would
> > > you recommend?
> > >
> > > An idea that has been put forward was to create a new group and put
> > > required
> > > users into that. I am guessing that I could maybe filter the sync down to
> > > just users by adjusting the config file so the object-filter tag says
> > > (objectClass=Users), but am not sure how to limit the users that arrive in
> > > ADAM from there.

> >
> > Yes, using an AD group is a useful idea. So if you have an AD group
> > called AppUsers with distinguishedName
> >
> > CN=AppUsers,OU=Groups,DC=a,DC=b
> >
> > and add the AD users that you want to sync to ADAM to that group then
> > you would need an LDAP filter something like (ignore any line wraps):
> >
> > (&(objectCategory=person)(objectClass=User)(member Of=CN=AppUsers,OU=Groups,DC=a,DC=b))
> >
> > which as an element in your config.xml would look like (ignore any line
> > wraps):
> >
> > (&(objectCategory=person)(objectClass=User)(member Of=CN=AppUsers,OU=Groups,DC=a,DC=b))
> >
> > that should sync just the members of the group (it would not sync their
> > group membership). If the users in question are already members of a
> > large number of groups then things will start to slow up.
> >
> > A potential downside is that if as user is ever in the group when the /sync
> > runs then they will be sync'ed to ADAM but if they are removed from the AD
> > group I suspect they will remain in ADAM.
> >
> > Lee Flight
> >
> >
> >

 
Reply With Quote
 
 
 
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
ADAM Question: What are the options for ADAM load balancing and redundancy? Max2006 Active Directory 2 12-24-2008 01:54 AM
Re: ADAM access fails when authenticating w/ credentials from user within ADAM Joe Kaplan \(MVP - ADSI\) Active Directory 2 05-06-2006 01:37 AM
ADAM: MS AD Schema Documentation Programs fails to connect an MS ADAM instance Michael Herman \(Parallelspace\) Active Directory 2 10-17-2004 09:48 PM
Load Balancing Service or driver fails to load on server reboot Pete H. Windows Small Business Server 7 06-24-2004 04:21 PM
ADAM : Performances differences between AD and ADAM Eoin Mooney Active Directory 3 12-18-2003 02:44 PM