Rules for Modifying Objectclass attributes in Objects in ADAM

Discussion in 'Active Directory' started by Jeffrey Harris, Dec 27, 2005.

  1. What are the rules for modifying object classes in user and group objects?

    Sometimes I need to add or remove object classes from user and group
    objects, but ADAM frequently gives me an "illegal modify operation" (when
    removing object classes) or "The specified class is not a subclass" (when
    adding object classes).

    We have custom object classes (say, oc1, which is subordinate to
    inetOrgPerson, and oc2, which is subordinate to oc1), and sometimes need to
    add them or remove them from users. However, we receive errors when trying
    to update the objectclass attribute in the object.

    Is the only way to add or remove object classes to export objects, delete
    them from the directory, update the data in the LDIF file, and reimport them?

    I have searched for documentation on this subject, and can find nothing.

    Thanks.
     
    Jeffrey Harris, Dec 27, 2005
    #1
    1. Advertisements

  2. The only times you can modify objectclass are

    o Converting from inetorgperson to user and vice versa (this is in AD, not sure
    about ADAM, haven't tried it).

    o Adding and removing dynamic aux classes to/from objects.

    You can not, for instance, make a user into a contact without creating a new
    contact object. Nor do that with anything you have made subordinate.

    joe
     
    Joe Richards [MVP], Dec 27, 2005
    #2
    1. Advertisements

  3. Thanks for your response.

    I tested and you can add and remove the inetorgperson and user object class
    values from a user object in ADAM, but no other object class values, even if
    there are subordinate object classes under user or inetorgperson. That I
    could add and remove inetorgperson and user (but no others) is what I found
    puzzling about modifying user object classes for users.

    Thank you again.
     
    Jeffrey Harris, Dec 28, 2005
    #3
  4. No problem.

    Microsoft specifically coded the inetorgperson/user piece in because so many
    people wanted/needed to use inetorgperson and it wasn't initially available.
    They gave an easy uprade path.
     
    Joe Richards [MVP], Dec 29, 2005
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.