"Schema update failed: Duplicate RDN"

Can anyone point me at ANYTHING that can help me resolve this error? All
I can find online is endless copies of error code to error string tables.
The complete text from ldifde -i is:

-------------------------
dn: CN=dalPerson,CN=Schema,CN=Configuration,DC=Dal,DC= Ca
Attribute 0) objectClass:classSchema
Attribute 1) cn:dalPerson
Attribute 2) lDAPDisplayName:dalPerson
Attribute 3) adminDisplayName:dalPerson
Attribute 4) adminDescription:Consists of a set of data elements or attributes about individuals at Dalhousie
Attribute 5) governsID:1.3.6.1.4.1.13095.2.2.1
Attribute 6) objectClassCategory:3
Attribute 7) rdnAttId:dalUUID
Attribute 8) mayContain:dalBannerID dalChangePasswordCode dalLastSeen dalPasswordExpiresOn dalExpiresOn dalPublish dalBarCode dalOldUserPassword dalPersonExpiredAffiliation dalPersonInternationalNumber dalPersonEmergencySMSNumber dalPersonEmployeeTypeClass
Attribute 9) mustContain:dalUUID
Attribute 10) defaultObjectCategory:CN=dalPerson,cn=Schema,cn=Co nfiguration,dc=DAL,dc=CA
Attribute 11) systemOnly:FALSE

Add error on entry starting on line 1: Unwilling To Perform
The server side error is: 0x20ba Schema update failed: duplicate RDN.
The extended server error is:
000020BA: SvcErr: DSID-03260339, problem 5003 (WILL_NOT_PERFORM), data 8378

An error has occurred in the program
-------------------------

I've made sure there isn't any other "cn=dalperson" objects in cn=schema.
What could it possibly be colliding with?

I'm very close to destroying the entire tree and rebuilding from scratch.
Which, obviously, is not going to fly in a production environment.

--
Brandon Hume - hume -> BOFH.Ca, http://WWW.BOFH.Ca/

Hello ,

Which Windows version are you trying to prepare for the new schema and what
additional software is installed?

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Can anyone point me at ANYTHING that can help me resolve this error?
> All I can find online is endless copies of error code to error string
> tables. The complete text from ldifde -i is:
>
> -------------------------
>
> dn: CN=dalPerson,CN=Schema,CN=Configuration,DC=Dal,DC= Ca
>
> Attribute 0) objectClass:classSchema
>
> Attribute 1) cn:dalPerson
>
> Attribute 2) lDAPDisplayName:dalPerson
>
> Attribute 3) adminDisplayName:dalPerson
>
> Attribute 4) adminDescription:Consists of a set of data elements or
> attributes about individuals at Dalhousie
>
> Attribute 5) governsID:1.3.6.1.4.1.13095.2.2.1
>
> Attribute 6) objectClassCategory:3
>
> Attribute 7) rdnAttId:dalUUID
>
> Attribute 8) mayContain:dalBannerID dalChangePasswordCode dalLastSeen
> dalPasswordExpiresOn dalExpiresOn dalPublish dalBarCode
> dalOldUserPassword dalPersonExpiredAffiliation
> dalPersonInternationalNumber dalPersonEmergencySMSNumber
> dalPersonEmployeeTypeClass
>
> Attribute 9) mustContain:dalUUID
>
> Attribute 10)
> defaultObjectCategory:CN=dalPerson,cn=Schema,cn=Co nfiguration,dc=DAL,d
> c=CA
>
> Attribute 11) systemOnly:FALSE
>
> Add error on entry starting on line 1: Unwilling To Perform
> The server side error is: 0x20ba Schema update failed: duplicate RDN.
> The extended server error is:
> 000020BA: SvcErr: DSID-03260339, problem 5003 (WILL_NOT_PERFORM), data
> 8378
> An error has occurred in the program
> -------------------------
> I've made sure there isn't any other "cn=dalperson" objects in
> cn=schema. What could it possibly be colliding with?
>
> I'm very close to destroying the entire tree and rebuilding from
> scratch. Which, obviously, is not going to fly in a production
> environment.
>

Meinolf Weber [MVP-DS] <meiweb@(nospam)gmx.de> wrote:
> Which Windows version are you trying to prepare for the new schema and what
> additional software is installed?

This is Active Directory running in 2003 mode on a Windows 2008R2 server
(running inside a virtual machine). The only additional software installed
on the entire machine is the Virtual Box guest additions.

--
Brandon Hume - hume -> BOFH.Ca, http://WWW.BOFH.Ca/

Hello ,

To understand you correct, one 2003 domain controller in it's own domain
and nothing else installed in the domain on other servers?

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Meinolf Weber [MVP-DS] <meiweb@(nospam)gmx.de> wrote:
>
>> Which Windows version are you trying to prepare for the new schema
>> and what additional software is installed?
>>
> This is Active Directory running in 2003 mode on a Windows 2008R2
> server (running inside a virtual machine). The only additional
> software installed on the entire machine is the Virtual Box guest
> additions.
>

Meinolf Weber [MVP-DS] <meiweb@(nospam)gmx.de> wrote:
> To understand you correct, one 2003 domain controller in it's own domain
> and nothing else installed in the domain on other servers?

That's correct. It's also the only machine on the virtual network. It has
connectivity to the host machine via IP, where I do LDAP queries and updates
from, but nothing else. No DNS, no DHCP (statically configured IP).

Very, very simple setup.

--
Brandon Hume - hume -> BOFH.Ca, http://WWW.BOFH.Ca/

This is getting frustrating. I'm guessing I'm going to have to nuke the
entire AD and rebuild from scratch?

This really isn't going to fly in production.

--
Brandon Hume - hume -> BOFH.Ca, http://WWW.BOFH.Ca/

Hello ,

Never seen on a fresh installed DC that there are errors like this. Normally
this occurs if some changes from other apps are done on the schema.

Which adprep version do you use, what OS version disk, RTM or RC/BETA?

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> This is getting frustrating. I'm guessing I'm going to have to nuke
> the entire AD and rebuild from scratch?
>
> This really isn't going to fly in production.
>

Meinolf Weber [MVP-DS] <meiweb@(nospam)gmx.de> wrote:
> Which adprep version do you use, what OS version disk, RTM or RC/BETA?

I have no idea. Literally, the entire process was this:

1) Install Windows Server 2008R2 (I'm ASSUMING RTM...)
2) Start -> Cmd -> dcpromo. Select "2003" operating mode.
3) Import schema attributes
4) regsvr schmmgmt.dll
5) Use mmc to create "dalPerson" object.
6) mmc used 'cn' as the rdnAttrId. I didn't like that.
7) Mark 'dalPerson' defunct.
8) Create dalPerson using LDIF file
9) Try to import dalperson.ldif using ldifde.
10) Fail.
11) Try renaming defunct dalPerson schema as "cn=dalPerson old"
12) Try to import dalperson.ldif.
13) Fail.
14) Try to import dalperson.ldif with the NEW object renamed
"cn=dalPerson new".
15) Try to import dalperson.ldif
16) Fail.

I think I might reformat and reinstall. It's an option in this case.
But I'm very concerned about the future, when this kind of setup is in
production. AD seems determined to paint me into corners and provide me
very little in the way of error explanations or repair ability.

Is there ANY way to convince AD on 2008 to let me delete schema objects?
Nothing uses these schemas at all. This is a development machine. I've
seen workarounds for 2000 and 2003, but they don't seem to be working with
2008. ("Schema Update Allowed" -> 1, etc)

--
Brandon Hume - hume -> BOFH.Ca, http://WWW.BOFH.Ca/

I've deleted the domain controller. I'll try rebuilding from scratch, and
see if the problem returns.

--
Brandon Hume - hume -> BOFH.Ca, http://WWW.BOFH.Ca/

Hello ,

Sorry my mistake, i thought you were talking about the schema update with
adrpep command. I was totally wrong, now i realized you mean ldifde.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Meinolf Weber [MVP-DS] <meiweb@(nospam)gmx.de> wrote:
>
>> Which adprep version do you use, what OS version disk, RTM or
>> RC/BETA?
>>
> I have no idea. Literally, the entire process was this:
>
> 1) Install Windows Server 2008R2 (I'm ASSUMING RTM...)
> 2) Start -> Cmd -> dcpromo. Select "2003" operating mode.
> 3) Import schema attributes
> 4) regsvr schmmgmt.dll
> 5) Use mmc to create "dalPerson" object.
> 6) mmc used 'cn' as the rdnAttrId. I didn't like that.
> 7) Mark 'dalPerson' defunct.
> 8) Create dalPerson using LDIF file
> 9) Try to import dalperson.ldif using ldifde.
> 10) Fail.
> 11) Try renaming defunct dalPerson schema as "cn=dalPerson old"
> 12) Try to import dalperson.ldif.
> 13) Fail.
> 14) Try to import dalperson.ldif with the NEW object renamed
> "cn=dalPerson new".
> 15) Try to import dalperson.ldif
> 16) Fail.
> I think I might reformat and reinstall. It's an option in this case.
> But I'm very concerned about the future, when this kind of setup is in
> production. AD seems determined to paint me into corners and provide
> me very little in the way of error explanations or repair ability.
>
> Is there ANY way to convince AD on 2008 to let me delete schema
> objects? Nothing uses these schemas at all. This is a development
> machine. I've seen workarounds for 2000 and 2003, but they don't seem
> to be working with 2008. ("Schema Update Allowed" -> 1, etc)
>