ADAM installed

Discussion in 'Active Directory' started by Javier2893, Oct 16, 2006.

  1. Javier2893

    Javier2893 Guest

    Hi,
    I am new on ADAM and I was reading the step-by step guide, the install went
    fine.
    All I need is to make a read only copy of my ad into an ADAM instance. I was
    able to connect to my instance, and I am at the point where I need to use the
    Active Directory to ADAM sync tool.
    I was able to execute the following two command successfully:
    ldifde -i -s localhost -c CN=Configuration,DC=X #ConfigurationNamingContext
    -f MS-AdamSchemaW2k3.ldf
    ldifde -i -s localhost:389 -c CN=Configuration,DC=X
    #ConfigurationNamingContext -f MS-AdamSyncMetadata.ldf
    However when I tried to do the ADAMSync /install localhost:389
    %windir%\ADAM\MS-AdamSyncConf.xml command it came back with following error:
    LDAP error occurred. ladap_get_next_page_s: Operations error.
    Extended Info: 000020D6: SvcErr: DSID-0310072B, Problem 5012 (DIR_ERROR),
    data 0
    Have you guys seen this error before, the only thing that comes to mind is
    that my settings on the XML file are wrong. Kind of confuse about the target
    source.
    I used the defautl settings o=Microsoft, c=US for my partition.
    <source-ad-name>SeattleDC1</source-ad-name>.
    <source-ad-partition>dc=fabrikam,dc=com</source-ad-partition>.
    <source-ad-account>administrator</source-ad-account>.
    <account-domain>fabrikam.com</account-domain>.
    <target-dn>o=microsoft,c=US</target-dn>.
    <base-dn>dc=fabrikam,dc=com</base-dn>.
    Any help would be appreciated.
    Thanks
     
    Javier2893, Oct 16, 2006
    #1
    1. Advertisements

  2. Javier2893

    Lee Flight Guest

    Hi

    in the example on page 29 of the guide it's assumed that
    you have a source AD domain dc=fabrikam,dc=com that you are
    sync'ing from into a target naming context o=microsoft,c=us in
    an ADAM instance.

    So you need to substitute the name of your AD domain in the
    <source-ad-partition> and the name of a domain controller
    for that domain in <source-ad-name>. You also need to create
    the target naming context in ADAM, you can do that when
    prompted at the Application Directory Partition page of the
    ADAM setup wizard (easiest) or by modifying the example
    on p.51 of the guide.

    Some good notes on ADAMsync are available here:

    http://blogs.technet.com/efleis/archive/tags/Windows/default.aspx


    Lee Flight
     
    Lee Flight, Oct 16, 2006
    #2
    1. Advertisements

  3. Javier2893

    Javier2893 Guest

    Hi Lee,
    let me give you an example of my settings on the XML file so you can get the
    picture. The install is as per the guide instructions: Changed the
    source-ad-partition and source-ad-name according to your reply and ran the
    sync command again but it failed.
    <configuration>
    <description>sample Adamsync configuration file</description>
    <security-mode>object</security-mode>
    <source-ad-name>fabrikam.com</source-ad-name>
    changed to mydomaincontrollername
    <source-ad-partition>dc=fabrikam,dc=com</source-ad-partition>
    changed to dc=mydomain,dc=com
    <source-ad-account></source-ad-account>
    <account-domain></account-domain>
    <target-dn>dc=fabrikam,dc=com</target-dn>
    <query>
    <base-dn>dc=fabrikam,dc=com</base-dn>
    Do I need to change anything on the target-dn and base-dn options?
    Also about the Application Directory Partition option, isn't that option
    (default) o=microsoft,c=US when you do the installed?
    Hope you can help,
    Javier
     
    Javier2893, Oct 19, 2006
    #3
  4. Javier2893

    Lee Flight Guest

    Hi

    I'm assuming that you have an AD domain dc=mydomain,dc=com
    hosted on a DC mydomaincontrollername and that you are
    running the /sync with an account that has access to the DC.

    I'm guessing your problem is the target-dn that should specify the
    naming context in ADAM that you have created so if your ADAM
    instance has a naming context o=microsoft,c=us specify that as you
    target-dn. Did you create that naming context when running the
    ADAM Setup wizard?

    From the ADAM Tools Command Prompt

    ldifde -f con -s localhost:389 -d "" -p base -l namingContexts

    where for 389 substitute your ADAM port number should
    show us your naming contexts. Also please post the output
    of the /sync with the /log option specified so we can see the full error.

    Thanks
    Lee Flight
     
    Lee Flight, Oct 19, 2006
    #4
  5. Javier2893

    Javier2893 Guest

    Hi Lee,
    I was able to run the Sync command and here is my output:
    Command Prompt>ADAMSync /sync localhost:389 "o=microsoft,c=US" /log -
    Adamsync.exe v1.0 (5.2.3790.2075)
    Establishing connection to target server localhost:389.
    Saving Configuration File on O=Microsoft,C=US
    Saved configuration file.
    ADAMSync is querying for a writable replica of MYDOMAIN.
    Error: DCLocator call failed with an errror 1355. Attempting to bind
    directly to string.
    Establishing connection to source server MYDC:389.
    Using file .\dam43.tmp as a store for deferred dn-references.
    Populating the schema cache
    Populating the well known objects cache
    Starting synchronization frun from dc=mydomain,dc=com.
    Starting DirSync Search with object mode security.

    Processing Entry: Page 1, Frame 1, Entry 0, Count 0, USN 0
    Processing source entry <guid=61c4662cab78f5478c61e92b3b060355>
    Previous Entry tool 0 seconds (0, 0) to process

    Processing Entry: Page 1, Frame 1, Entry 1, Count 1, USN 0
    Processing source entry <guid=86d4d5010361cc48aa6767669e300080>
    Previous entry took 0 seconds<15, 0) to process

    Updating the configuration file DirSync cookie with a new value.

    Beginning processing of deferred dn references.
    Finished processing of deferred dn references.

    Finished (successful) synchronization run.
    Number of entries processed via dirSync: 0
    Number of entries processed via ldap: 0
    Processing took 0 seconds (0, 1076756480).
    Number of object additions: 0
    Number of object modifications: 0
    Number of object deletions: 0
    Number of objects renames: 0
    Number of references processed / dropped: 0, 0
    Maximum number of attributes seen on a single object: 0
    Maximum nymber of values retrieved via range syntax: 0

    Beginning agin run.
    Aging requested every 0 runs. We last aged 4 runs ago.
    Saving configuration file on O=Microsoft,C=US
    Saved configuration file.
    There are no users on my cn=users folder and it looks like nothing really
    sync,
    My server hosting my ADAM instance is part of our domain and the account I
    used to installed ADAM has enough right to connect to my AD and do what it
    has to be done to sync.
    Any suggestions about this error?
    Thanks,
    Javier2893
     
    Javier2893, Oct 20, 2006
    #5
  6. Javier2893

    Lee Flight Guest

    Hi

    well there is no error there, so it looks like you have made progress on the
    naming
    context issues. What does your full XML config look like, maybe your
    object-filter
    is not matching?

    As you have been working this out it might be a good idea to run an
    ADAMsync /reset on the configuration (and then run /sync with /log )
    or just destroy and re-create the ADAM naming context and then
    ADAMSync /install and then try the sync.

    Lee Flight
     
    Lee Flight, Oct 20, 2006
    #6
  7. Javier2893

    Javier2893 Guest

    Hi Lee,
    here is my config file:
    <doc>
    <configuration>
    <description>sample Adamsync configuration file</description>
    <security-mode>object</security-mode>
    <source-ad-name>MYDC-DC1</source-ad-name>
    <source-ad-partition>dc=MYDOMAIN,dc=com</source-ad-partition>
    <source-ad-account></source-ad-account>
    <account-domain></account-domain>
    <target-dn>o=Microsoft,c=US</target-dn>
    <query>
    <base-dn>dc=MYDOMAIN,dc=com</base-dn>
    <object-filter>(objectClass=*)</object-filter>
    <attributes>
    <include></include>
    <exclude>extensionName</exclude>
    <exclude>displayNamePrintable</exclude>
    <exclude>flags</exclude>
    <exclude>isPrivelegeHolder</exclude>
    <exclude>msCom-UserLink</exclude>
    <exclude>msCom-PartitionSetLink</exclude>
    <exclude>reports</exclude>
    <exclude>serviceprincipalname</exclude>
    <exclude>accountExpires</exclude>
    <exclude>adminCount</exclude>
    <exclude>primarygroupid</exclude>
    <exclude>userAccountControl</exclude>
    <exclude>codePage</exclude>
    <exclude>countryCode</exclude>
    <exclude>logonhours</exclude>
    <exclude>lockoutTime</exclude>
    </attributes>
    </query>
    <schedule>
    <aging>
    <frequency>0</frequency>
    <num-objects>0</num-objects>
    </aging>
    <schtasks-cmd></schtasks-cmd>
    </schedule>
    </configuration>
    <synchronizer-state>
    <dirsync-cookie></dirsync-cookie>
    <status></status>
    <authoritative-adam-instance></authoritative-adam-instance>
    <configuration-file-guid></configuration-file-guid>
    <last-sync-attempt-time></last-sync-attempt-time>
    <last-sync-success-time></last-sync-success-time>
    <last-sync-error-time></last-sync-error-time>
    <last-sync-error-string></last-sync-error-string>
    <consecutive-sync-failures></consecutive-sync-failures>
    <user-credentials></user-credentials>
    <runs-since-last-object-update></runs-since-last-object-update>
    <runs-since-last-full-sync></runs-since-last-full-sync>
    </synchronizer-state>
    </doc>
    I guess it would be a good time to ask you if the sync would be a read only
    copy, that is what I am trying to accomplish here.
    Thanks
     
    Javier2893, Oct 20, 2006
    #7
  8. Javier2893

    Javier2893 Guest

    Hi Lee,
    as per your information I ran the ADAMSync reset option and re run the sync
    again, I was able to see the command executing and going to so many options.
    but nothing seems to be sync. Below is the copy of my config file. Could you
    take a look at it and let me know if you see something wrong with it?
    Thanks,
    Javier
     
    Javier2893, Oct 25, 2006
    #8
  9. Javier2893

    Lee Flight Guest

    Hi

    I cannot see anything obviously wrong. The account you are using
    for the sync can see objects in the AD right?

    I think my next step would be to delete and then recreate the
    ADAM naming context and then re-run the adamsync /install.
    For a full clean start reinstall the ADAM instance and re-trace your
    steps is probably quickest. Having done that make sure you run
    the /sync with /log so we can see your progress.

    Thanks
    Lee Flight
     
    Lee Flight, Oct 25, 2006
    #9
  10. Javier2893

    Javier2893 Guest

    Thanks,
    I'll play around with it and see if I can catch anything?
    Does having exchange install on that AD changes anything?
    Also if the install and sync are successfull the copy would be read only or
    people will be able to modify objects in ADAM?
    Really appreciate your help,
    Javier2893
     
    Javier2893, Oct 26, 2006
    #10
  11. Javier2893

    Lee Flight Guest

    Hi

    If you exported your AD schema using ADSchemaAnalyzer then the
    Exchange schema extensions should have been picked up.
    Reviewing this thread it looks like you used MS-AdamSchemaW2k3.ldf
    so before rebuilding make sure you get a copy of your AD schema; google
    this newsgroup for notes on using ADSchemaAnalyzer.

    After a successful sync the copy will be read and write (although any write
    to
    the ADAM copy does not go back to AD as the sync is one-way). You
    can restrict writing by adjusting the security of the ADAM instance, the
    default
    is quite restrictive.

    Lee Flight
     
    Lee Flight, Oct 26, 2006
    #11
  12. Javier2893

    Javier2893 Guest

    Hi Lee,
    I have not been able to do any other thing on my adam instance but I'll get
    back to it next week. I was wondering how can you verify if you are running
    Windows R2 version. Does the R2 matter in terms of installing syncing your AD
    with you ADAM instance??
    Regards,
    Javier2893
     
    Javier2893, Nov 3, 2006
    #12
  13. Javier2893

    Javier2893 Guest

    Hi Lee,
    sorry to bother you again, I was wondering if you had the chance to see my
    last post?
    Thanks
    Javier2893
     
    Javier2893, Nov 7, 2006
    #13
  14. Javier2893

    Lee Flight Guest

    Hi

    apologies I missed your post.
    ADAM SP1 has version 1.1.3790.2075 on the dsamain.exe and adamdsa.dll
    in %windir%\adam. If you want to use ADAMSync then ADAM SP1 is
    required as that is the first supported release of ADAMSync (also
    1.1.3790.2075).
    Note that version of ADAMSync is good for sync from W2K3 AD be it W2K3 SP1
    or the R2 release of W2K3.

    Lee Flight
     
    Lee Flight, Nov 7, 2006
    #14
  15. Javier2893

    Javier2893 Guest

    Thanks,
    I am going to be give it another try on another computer and see if I get it
    to sync this time. Really appreciate your help.
    Javier2893
     
    Javier2893, Nov 8, 2006
    #15
  16. Javier2893

    Javier2893 Guest

    Hi Lee,
    As I was saying I am restarting the process on a clean computer now, before
    I go any further I would like to ask you about page 27 "how to create and
    LDIF file with ADSchemaAnalizer". If this is true which would it be my taget
    schema, the ADAM instance or the Windows 2003 domain controller.
    Is it a requirement to create the LDIF file and imported to your ADAM
    instance before extending your ADAM schema??
    Thanks,
    Javier
     
    Javier2893, Nov 8, 2006
    #16
  17. Javier2893

    Lee Flight Guest

    Hi

    Yes, the DC is your "target" (what you want to get to) and the ADAM instance
    your "base" (where you are starting from).

    Once you have that LDF file you can use it to extend your schema together
    with the MS-AdamSyncMetadata.ldf; you must apply both ldf files, the order
    is not critical.

    Lee Flight
     
    Lee Flight, Nov 8, 2006
    #17
  18. Javier2893

    Javier2893 Guest

    Hi Lee,
    I just created my ldif file as per the user guide on page 27, I am moving on
    to page 28 To use Active Directory to ADAM Synchronizer for the first time:
    To extend the ADAM schema to match the default Windows Server 2003 schema:

    ldifde -i -s localhost -c CN=Configuration,DC=X #ConfigurationNamingContext
    -f MS-AdamSchemaW2k3.ldf

    ldifde -i -s localhost:389 -c CN=Configuration,DC=X
    #ConfigurationNamingContext -f MS-AdamSyncMetadata.ldf
    Do I have to modify any parameters on the commands stated above or just run
    them?
    I am documenting this process, sorry about the dum questions.
    Thanks,
    Javier
     
    Javier2893, Nov 8, 2006
    #18
  19. Javier2893

    Lee Flight Guest

    Hi

    rather than MS-AdamSchemaW2k3.ldf you want the ldf that you created
    using ADSchemaAnalyzer to get your ADAM schema to match your AD
    schema.

    Lee Flight
     
    Lee Flight, Nov 8, 2006
    #19
  20. Javier2893

    Javier2893 Guest

    Do you mean importing the ldif file using the following command?
    ldifde -i -u -f r3-schema.ldf -s server:port -b username domain password -j
    .. -c "cn=Configuration,dc=X" #configurationNamingContext
    Will this step extend my ADAM schema to match my AD's??
    Thanks,
    Javier
     
    Javier2893, Nov 8, 2006
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.