ADAM installed

Discussion in 'Active Directory' started by Javier2893, Oct 16, 2006.

  1. Javier2893

    Lee Flight Guest

    Hi

    yes just as you would for the MS-AdamSchemaW2k3.ldf but with
    your ldf.

    Lee Flight
     
    Lee Flight, Nov 9, 2006
    #21
    1. Advertisements

  2. Javier2893

    Javier2893 Guest

    Hi Lee,
    So I created my ldf also did the Mark all non-present elements as included
    and named it r1-schema.ldf
    Looking at the instructions on page 29 where it reads:
    To extend your ADAM schema to match your windows do this:
    ldifde -i -s localhost -c CN=Configuration,DC=X #ConfigurationNamingContext
    -f MS-AdamSchemaW2k3.ldf
    Should I replaced the MS-AdamSchemaW2k3.ldf with rc1-schema.ldf and then run
    the To extend the ADAM schema to include schema objects that are required by
    Active Directory to ADAM Synchronizer type the following command:
    ldifde -i -s localhost:389 -c CN=Configuration,DC=X
    #ConfigurationNamingContext -f MS-AdamSyncMetadata.ldf
    Then just modify the XML file, install it and run the ADAMSync command?
    I will like to thank you in advanced for your patience and cooperation,
    Javier2893
     
    Javier2893, Nov 10, 2006
    #22
    1. Advertisements

  3. Javier2893

    Javier2893 Guest

    Hi Lee,
    So here is the story for my ADAM Instance:
    I follow the instructions on the guide and try to make sense from your notes.
    Extended the ADAM Schema to match the Windows 2003 schema
    ldifde -i -s localhost -c CN=Configuration,DC=X #ConfigurationNamingContext
    -f MS-AdamSchemaW2k3.ldf
    Extended the ADAM schema to include schema objects that are required by
    Active Directory to ADAM Synchronizer
    ldifde -i -s localhost:389 -c CN=Configuration,DC=X
    #ConfigurationNamingContext -f MS-AdamSyncMetadata.ldf
    Modify my XML config file to reflect my DC and domain and install my config
    file:
    ADAMSync /install localhost:389 %windir%\ADAM\MS-AdamSyncConf.xml
    Try to sync data from my AD to my ADAM instance of course the command ran
    with no errors but nothing was sync during the process, as per page 30
    If the Active Directory schema of the domain has been extended to support
    features in Windows Server 2003 R2, you must also extend the ADAM schema.
    so I created my r2-schema.ldf file and run the command:
    Ldifde -I -f r2-schema.ldf -s localhost:389 -j . -c "cn=Configuration,dc=X"
    #configurationNamingContext
    At least I got an error this time altough the command ran faster that my
    previous executions here is an excerpt of my log:
    Processing Entry: Page 1, Frame 1, Entry 50, Count 1, USN 0
    Processing source entry <guid=c906574a4b051d46b071baa2f3337ba6>
    Processing in-scope entry c906574a4b051d46b071baa2f3337ba6.
    (sourceobjectguid=\c9\06\57\4a\4b\05\1d\46\b0\71\ba\a2\f3\33\7b\a6) exists
    in ta
    rget. Converting object creation to object modification.
    Skipping rename to <GUID=a919ea025f2cee44afa141e2ebfc8166>.
    Modifying attributes: description, showInAdvancedViewOnly, lastagedchange,
    Previous entry took 0 seconds (31, 0) to process

    Processing Entry: Page 1, Frame 1, Entry 51, Count 1, USN 0
    Processing source entry <guid=6b97ebbf0362d248bfc78ab003af85c4>
    Processing in-scope entry 6b97ebbf0362d248bfc78ab003af85c4.
    (sourceobjectguid=\6b\97\eb\bf\03\62\d2\48\bf\c7\8a\b0\03\af\85\c4) exists
    in ta
    rget. Converting object creation to object modification.
    Renaming target object CN=Domain Guests,CN=Users,O=Microsoft,C=US to
    CN=Domain G
    uests,<GUID=a919ea025f2cee44afa141e2ebfc8166>.
    Modifying attributes: description, sAMAccountName, groupType, lastagedchange,
    Previous entry took 0 seconds (47, 0) to process

    Processing Entry: Page 1, Frame 1, Entry 52, Count 1, USN 0
    Processing source entry <guid=2dd06dff99928b4abfb7eaa3a15b9e43>
    Processing in-scope entry 2dd06dff99928b4abfb7eaa3a15b9e43.
    Adding target object CN=Builtin,o=Microsoft,c=US.
    Adding attributes: sourceobjectguid, objectClass, instanceType,
    showInAdvancedVi
    ewOnly, creationTime, forceLogoff, lockoutDuration,
    lockOutObservationWindow, lo
    ckoutThreshold, maxPwdAge, minPwdAge, minPwdLength, modifiedCountAtLastProm,
    nex
    tRid, pwdProperties, pwdHistoryLength, uASCompat, domainReplica,
    lastagedchange,

    Ldap error occured. ldap_add_sW: Naming Violation.
    Extended Info: 00002099: NameErr: DSID-03050F78, problem 2005
    (NAMING_VIOLATION)
    , data 0, best match of:
    'o=Microsoft,c=US'
    ..
    Saving Configuration File on O=Microsoft,C=US

    Thanks in advance,
    Javier2893
     
    Javier2893, Nov 10, 2006
    #23
  4. Javier2893

    Lee Flight Guest

    Hi

    inline below...

    If you use ADSchemaAnalyzer to export your schema and just import
    that and the MS-AdamSyncMetadata file that should be all you need
    for the schema. However the above should also work.
    That error is covered here:

    http://blogs.technet.com/efleis/archive/2005/09/14/syncing-to-our-ou-synctargetou-nc-instead.aspx

    Reading all the ADAMSync entries on Eric's blog would be a real
    help to you:

    http://blogs.technet.com/efleis/archive/tags/ADAMSync/default.aspx

    HTH
    Lee Flight
     
    Lee Flight, Nov 10, 2006
    #24
  5. Javier2893

    Javier2893 Guest

    Hi Lee,
    Thanks for the info, I put some time into reading about Eric's website and
    found some good information. Read about getting the schema and ADAM Sync.
    Recreated the instance and ran the Sync this time I got a different error,
    any ideas?

    Processing Entry: Page 1, Frame 1, Entry 67, Count 1, USN 0
    Processing source entry <guid=67054b3940f6cf4a8655e99583106d53>
    Processing in-scope entry 67054b3940f6cf4a8655e99583106d53.
    Will not synchronize objects CN=BCKUPKEY_P Secret,CN=System,DC=hodes,DC=com
    with
    object class secret. Skipping object.
    Unwilling to replicate the current object due to its object class.
    Previous entry took 0 seconds (203, 0) to process

    Processing Entry: Page 1, Frame 1, Entry 68, Count 1, USN 0
    Processing source entry <guid=2bdbd1a235c09d4c87d52bef035f1b12>
    Processing in-scope entry 2bdbd1a235c09d4c87d52bef035f1b12.
    Will not synchronize objects
    CN=BCKUPKEY_70685575-0ef6-47ff-97f1-31575ac68f06 Se
    cret,CN=System,DC=hodes,DC=com with object class secret. Skipping object.
    Unwilling to replicate the current object due to its object class.
    Previous entry took 0 seconds (188, 0) to process

    Processing Entry: Page 1, Frame 1, Entry 69, Count 1, USN 0
    Processing source entry <guid=be7fdc038f82da4e98d1388ec6fbe219>
    Processing in-scope entry be7fdc038f82da4e98d1388ec6fbe219.
    Will not synchronize objects CN=BCKUPKEY_PREFERRED
    Secret,CN=System,DC=hodes,DC=
    com with object class secret. Skipping object.
    Unwilling to replicate the current object due to its object class.
    Previous entry took 0 seconds (204, 0) to process

    Processing Entry: Page 1, Frame 1, Entry 70, Count 1, USN 0
    Processing source entry <guid=4753dfffb609f745ad4ecc97b64a89f9>
    Processing in-scope entry 4753dfffb609f745ad4ecc97b64a89f9.
    (sourceobjectguid=\47\53\df\ff\b6\09\f7\45\ad\4e\cc\97\b6\4a\89\f9) exists
    in ta
    rget. Converting object creation to object modification.
    Renaming target object CN=Server,CN=System,DC=SyncTargetDC,DC=com to
    CN=Server,<
    GUID=a4569725a5d3614f86f3541588aa555a>.
    Modifying attributes: showInAdvancedViewOnly, revision, lastagedchange,
    Previous entry took 0 seconds (266, 0) to process

    Processing Entry: Page 1, Frame 1, Entry 71, Count 1, USN 0
    Processing source entry <guid=2a36754cf7f1bb4480cc540a5f3c2510>
    Processing in-scope entry 2a36754cf7f1bb4480cc540a5f3c2510.
    (sourceobjectguid=\2a\36\75\4c\f7\f1\bb\44\80\cc\54\0a\5f\3c\25\10) exists
    in ta
    rget. Converting object creation to object modification.
    Renaming target object CN=Guests,CN=Builtin,DC=SyncTargetDC,DC=com to
    CN=Guests,
    <GUID=1b9f76186d7bc5469f7129cfee6ba1c4>.
    Deferring synchronization of attribute member to end of run. Deleting
    attribute.

    Modifying attributes: description, sAMAccountName, groupType, lastagedchange,
    Previous entry took 0 seconds (313, 0) to process

    Processing Entry: Page 1, Frame 1, Entry 72, Count 1, USN 0
    Processing source entry <guid=4ba363814b4f1c4e8f2b189912f538ac>
    Processing in-scope entry 4ba363814b4f1c4e8f2b189912f538ac.
    (sourceobjectguid=\4b\a3\63\81\4b\4f\1c\4e\8f\2b\18\99\12\f5\38\ac) exists
    in ta
    rget. Converting object creation to object modification.
    Renaming target object CN=Distributed COM
    Users,CN=Builtin,DC=SyncTargetDC,DC=co
    m to CN=Distributed COM Users,<GUID=1b9f76186d7bc5469f7129cfee6ba1c4>.
    Modifying attributes: description, sAMAccountName, groupType, lastagedchange,
    Previous entry took 0 seconds (267, 15) to process

    Processing Entry: Page 1, Frame 1, Entry 73, Count 1, USN 0
    Processing source entry <guid=279754b7f6ed474da682a33a96863627>
    Processing in-scope entry 279754b7f6ed474da682a33a96863627.
    (sourceobjectguid=\27\97\54\b7\f6\ed\47\4d\a6\82\a3\3a\96\86\36\27) exists
    in ta
    rget. Converting object creation to object modification.
    Skipping rename to <GUID=b09b761920766d478a736db98c7b2c12>.
    Modifying attributes: lastagedchange,
    Previous entry took 0 seconds (235, 0) to process

    Processing Entry: Page 1, Frame 1, Entry 74, Count 1, USN 0
    Processing source entry <guid=03efbe400df0894585bf26fc090caf13>
    Processing in-scope entry 03efbe400df0894585bf26fc090caf13.
    Adding target object CN=Guest,OU=DisabledAccts,dc=SyncTargetDC,dc=com.
    Adding attributes: sourceobjectguid, objectClass, description, instanceType,
    scr
    iptPath, sAMAccountName, lastagedchange,
    Ldap error occured. ldap_add_sW: Object Class Violation.
    Extended Info: 0000207D: UpdErr: DSID-0315119D, problem 6002
    (OBJ_CLASS_VIOLATIO
    N), data -2126733633
    ..
    Saving Configuration File on DC=SyncTargetDC,DC=com
    Saved configuration file.

    Thank you,
    Javier2893
     
    Javier2893, Nov 14, 2006
    #25
  6. Javier2893

    Javier2893 Guest

    Hi Lee,
    Thanks for your info about Eric's website, read about it and follow his
    naming schema see if I can get my instance to sync properly.
    I received the error down below this time, any suggestion on how to fix it??

    Processing Entry: Page 1, Frame 1, Entry 67, Count 1, USN 0
    Processing source entry <guid=67054b3940f6cf4a8655e99583106d53>
    Processing in-scope entry 67054b3940f6cf4a8655e99583106d53.
    Will not synchronize objects CN=BCKUPKEY_P Secret,CN=System,DC=hodes,DC=com
    with
    object class secret. Skipping object.
    Unwilling to replicate the current object due to its object class.
    Previous entry took 0 seconds (203, 0) to process

    Processing Entry: Page 1, Frame 1, Entry 68, Count 1, USN 0
    Processing source entry <guid=2bdbd1a235c09d4c87d52bef035f1b12>
    Processing in-scope entry 2bdbd1a235c09d4c87d52bef035f1b12.
    Will not synchronize objects
    CN=BCKUPKEY_70685575-0ef6-47ff-97f1-31575ac68f06 Se
    cret,CN=System,DC=hodes,DC=com with object class secret. Skipping object.
    Unwilling to replicate the current object due to its object class.
    Previous entry took 0 seconds (188, 0) to process

    Processing Entry: Page 1, Frame 1, Entry 69, Count 1, USN 0
    Processing source entry <guid=be7fdc038f82da4e98d1388ec6fbe219>
    Processing in-scope entry be7fdc038f82da4e98d1388ec6fbe219.
    Will not synchronize objects CN=BCKUPKEY_PREFERRED
    Secret,CN=System,DC=hodes,DC=
    com with object class secret. Skipping object.
    Unwilling to replicate the current object due to its object class.
    Previous entry took 0 seconds (204, 0) to process

    Processing Entry: Page 1, Frame 1, Entry 70, Count 1, USN 0
    Processing source entry <guid=4753dfffb609f745ad4ecc97b64a89f9>
    Processing in-scope entry 4753dfffb609f745ad4ecc97b64a89f9.
    (sourceobjectguid=\47\53\df\ff\b6\09\f7\45\ad\4e\cc\97\b6\4a\89\f9) exists
    in ta
    rget. Converting object creation to object modification.
    Renaming target object CN=Server,CN=System,DC=SyncTargetDC,DC=com to
    CN=Server,<
    GUID=a4569725a5d3614f86f3541588aa555a>.
    Modifying attributes: showInAdvancedViewOnly, revision, lastagedchange,
    Previous entry took 0 seconds (266, 0) to process

    Processing Entry: Page 1, Frame 1, Entry 71, Count 1, USN 0
    Processing source entry <guid=2a36754cf7f1bb4480cc540a5f3c2510>
    Processing in-scope entry 2a36754cf7f1bb4480cc540a5f3c2510.
    (sourceobjectguid=\2a\36\75\4c\f7\f1\bb\44\80\cc\54\0a\5f\3c\25\10) exists
    in ta
    rget. Converting object creation to object modification.
    Renaming target object CN=Guests,CN=Builtin,DC=SyncTargetDC,DC=com to
    CN=Guests,
    <GUID=1b9f76186d7bc5469f7129cfee6ba1c4>.
    Deferring synchronization of attribute member to end of run. Deleting
    attribute.

    Modifying attributes: description, sAMAccountName, groupType, lastagedchange,
    Previous entry took 0 seconds (313, 0) to process

    Processing Entry: Page 1, Frame 1, Entry 72, Count 1, USN 0
    Processing source entry <guid=4ba363814b4f1c4e8f2b189912f538ac>
    Processing in-scope entry 4ba363814b4f1c4e8f2b189912f538ac.
    (sourceobjectguid=\4b\a3\63\81\4b\4f\1c\4e\8f\2b\18\99\12\f5\38\ac) exists
    in ta
    rget. Converting object creation to object modification.
    Renaming target object CN=Distributed COM
    Users,CN=Builtin,DC=SyncTargetDC,DC=co
    m to CN=Distributed COM Users,<GUID=1b9f76186d7bc5469f7129cfee6ba1c4>.
    Modifying attributes: description, sAMAccountName, groupType, lastagedchange,
    Previous entry took 0 seconds (267, 15) to process

    Processing Entry: Page 1, Frame 1, Entry 73, Count 1, USN 0
    Processing source entry <guid=279754b7f6ed474da682a33a96863627>
    Processing in-scope entry 279754b7f6ed474da682a33a96863627.
    (sourceobjectguid=\27\97\54\b7\f6\ed\47\4d\a6\82\a3\3a\96\86\36\27) exists
    in ta
    rget. Converting object creation to object modification.
    Skipping rename to <GUID=b09b761920766d478a736db98c7b2c12>.
    Modifying attributes: lastagedchange,
    Previous entry took 0 seconds (235, 0) to process

    Processing Entry: Page 1, Frame 1, Entry 74, Count 1, USN 0
    Processing source entry <guid=03efbe400df0894585bf26fc090caf13>
    Processing in-scope entry 03efbe400df0894585bf26fc090caf13.
    Adding target object CN=Guest,OU=DisabledAccts,dc=SyncTargetDC,dc=com.
    Adding attributes: sourceobjectguid, objectClass, description, instanceType,
    scr
    iptPath, sAMAccountName, lastagedchange,
    Ldap error occured. ldap_add_sW: Object Class Violation.
    Extended Info: 0000207D: UpdErr: DSID-0315119D, problem 6002
    (OBJ_CLASS_VIOLATIO
    N), data -2126733633
    ..
    Saving Configuration File on DC=SyncTargetDC,DC=com
    Saved configuration file.
    Thank you,
    Javier
     
    Javier2893, Nov 14, 2006
    #26
  7. Javier2893

    Javier2893 Guest

    Hi Lee,
    I just wanted to let you know that after a really good amount of time I got
    ADAM to sync properly and developed a good documentation to configured it
    properly.
    Really appreciate your information,
    I do have a question about synching passwords, I now by default ADAM does
    not sync them but I was wondering if there is a way to get adam to do that??
    Any info about it would be appreciated,
    Thanks,
    Javier
     
    Javier2893, Nov 21, 2006
    #27
  8. Javier2893

    Lee Flight Guest

    Hi

    Glad to hear you made progress.
    The only way to sync AD passwords into ADAM is to use MIIS/IIFP
    or a third-party utility however any of those options will only sync the
    password when it is reset. If you really need to be able to authenticate
    using the AD password you might use a bindProxy user rather than
    a native ADAM user, it depends on your application, there is some
    discussion of this on Eric's blog.

    Lee Flight
     
    Lee Flight, Nov 22, 2006
    #28
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.