Re: Newbie Advice on Schema Change
From: b (x_at_y.com)
Date: 03/27/04
- Next message: dan: "RE: Disater recovery restoration of active directory"
- Previous message: Jon Paskett: "Re: Delegating permission to add computers to the domain"
- In reply to: BryanV: "Re: Newbie Advice on Schema Change"
- Next in thread: Dmitri Gavrilov [MSFT]: "Re: Newbie Advice on Schema Change"
- Reply: Dmitri Gavrilov [MSFT]: "Re: Newbie Advice on Schema Change"
- Messages sorted by: [ date ] [ thread ]
Date: Sat, 27 Mar 2004 09:49:48 -0800
Solved it.
On Win2K, you cannot use the #schemaNamingContext replacement as you can
with ADAM. Once I modified the .LDF file to include the actual DC values,
it worked fine.
"BryanV" <nobody@nowhere.invalid> wrote in message
news:ukgGHO5EEHA.2460@TK2MSFTNGP10.phx.gbl...
> Bad news. It worked well on ADAM, but when I run the script on my Win2K
> domain controller, I get the following error. I made sure that the reg
> value to allow updates was set, and I ran the script from the domain
> controller while logged in as administrator. I don't know what useful
> information I can extrace from this error message. Ideas?
>
>
> ----------------------------------------------------------------------
>
> Connecting to "homebase.twistpair.local"
> Logging in as current user using SSPI
> Importing directory from file "tpsWaveProfile.ldf"
> Loading entries
> 1: cn=tpsWaveProfile,cn=schema,cn=configuration,dc=x
> Entry DN: cn=tpsWaveProfile,cn=schema,cn=configuration,dc=x
> change: add
> Attribute 0) objectclass:attributeSchema
> Attribute 1) lDAPDisplayName:tpsWaveProfile
> Attribute 2)
>
attributeId:1.2.840.113556.1.5.7000.111.3645191.1610327.5478013.8821365.9924
> 066.1
> Attribute 3) oMSyntax:20
> Attribute 4) attributeSyntax:2.5.5.4
> Attribute 5) description:Twisted Pair Solutions WAVE profile name
>
> Add error on line 1: Referral
> The server side error is "A referral was returned from the server."
> 0 entries modified successfully.
> An error has occurred in the program
>
>
> ----------------------------------------------------------------------
>
> Here is the LDIF script:
>
> dn: cn=tpsWaveProfile,cn=schema,cn=configuration,dc=x
> changetype: add
> objectclass: attributeSchema
> lDAPDisplayName: tpsWaveProfile
> attributeId:
> 1.2.840.113556.1.5.7000.111.3645191.1610327.5478013.8821365.9924066.1
> oMSyntax: 20
> attributeSyntax: 2.5.5.4
> description: Twisted Pair Solutions WAVE profile name
>
> dn:
> changetype: modify
> add: schemaUpdateNow
> schemaUpdateNow: 1
> -
>
> dn: cn=user,cn=schema,cn=configuration,dc=x
> changetype: modify
> add: mayContain
> mayContain: tpsWaveProfile
> -
>
> dn:
> changetype: Modify
> add: schemaUpdateNow
> schemaUpdateNow: 1
> -
>
> -------------------------------------------------------------
>
> And here is the command line to run it:
>
> ldifde -i -f tpsWaveProfile.ldf -k -j . -c
"CN=Schema,CN=Configuration,DC=X"
> #schemaNamingContext
>
> (also tried the above with "-s localhost" when running on the Domain
> controller)
>
> Thanks,
> Bryan
>
>
>
> "Dmitri Gavrilov [MSFT]" <dmitrig@online.microsoft.com> wrote in message
> news:eEJ1FD5EEHA.1240@TK2MSFTNGP10.phx.gbl...
> > Yes, if your target directory is AD, then you can count on user class
> being
> > present.
> > BTW, another advice -- register yourself an OID prefix -- there's a page
> on
> > MSDN that allows you to do this. That way, you can be sure that nobody
is
> > going to step on your attribute OID.
> >
> > --
> > Dmitri Gavrilov
> > SDE, Active Directory Core
> >
> > This posting is provided "AS IS" with no warranties, and confers no
> rights.
> > Use of included script samples are subject to the terms specified at
> > http://www.microsoft.com/info/cpyright.htm
> >
> > "BryanV" <nobody@nowhere.invalid> wrote in message
> > news:e25uGh4EEHA.3424@tk2msftngp13.phx.gbl...
> > > Thank you very much, Dmitri -- your change did the trick and the
import
> > > works now.
> > >
> > > My question about "a better class" refers to the fact that there are
> many
> > > different classes, e.g. user, person, inetOrgPerson -- I don't know
> > anything
> > > about the forest where this application will be deployed, so I was
> asking
> > > about the most ubiquitous class used to represent users. If "user" is
> > truly
> > > ubiquitous, then I would expect it to be built in. Perhaps it is
built
> in
> > > to the Win2K and Win2003 schemas, but just not ADAM.
> > >
> > > So, when deploying into production AD environments, can I count on the
> > > presence of the "user" class in the schema?
> > >
> > >
> > > "Dmitri Gavrilov [MSFT]" <dmitrig@online.microsoft.com> wrote in
message
> > > news:upqffG3EEHA.696@TK2MSFTNGP12.phx.gbl...
> > > > Here is what you need to do:
> > > >
> > > > dn: cn=acmeProfileName,cn=schema,cn=configuration,dc=x
> > > > changetype: ntdsschemaadd
> > > > objectclass: attributeSchema
> > > > lDAPDisplayName: acmeProfileName
> > > > attributeId: 1.3.6.1.4.1.999.1.1.28.314355
> > > > oMSyntax: 20
> > > > attributeSyntax: 2.5.5.4
> > > >
> > > > dn:
> > > > changetype: modify
> > > > add: schemaUpdateNow
> > > > schemaUpdateNow: 1
> > > > -
> > > >
> > > > dn: cn=user,cn=schema,cn=configuration,dc=x
> > > > changetype: modify
> > > > add: mayContain
> > > > mayContain: acmeProfileName
> > > > -
> > > >
> > > > dn:
> > > > changetype: Modify
> > > > add: schemaUpdateNow
> > > > schemaUpdateNow: 1
> > > > -
> > > >
> > > > Note however, that this will fail if you don't have user class
> imported.
> > > It
> > > > is possible to have an ADAM without user class. I don't understand
> your
> > > > question re "is there a better class to attach it to". Will your
> > > application
> > > > function if there are no users?
> > > >
> > > >
> > > > --
> > > > Dmitri Gavrilov
> > > > SDE, Active Directory Core
> > > >
> > > > This posting is provided "AS IS" with no warranties, and confers no
> > > rights.
> > > > Use of included script samples are subject to the terms specified at
> > > > http://www.microsoft.com/info/cpyright.htm
> > > >
> > > > "BryanV" <nobody@nowhere.invalid> wrote in message
> > > > news:upRdwr1EEHA.3804@TK2MSFTNGP09.phx.gbl...
> > > > >
> > > > > I have a requirement that my app read a piece of user
configuration
> > data
> > > > > from ActiveDirectory. I am using ADAM to try and prototype this
new
> > > > > functionality.
> > > > >
> > > > > I would like to add an attribute to the schema, e.g.
> acmeProfileName,
> > > and
> > > > > make this attribute an optional attribute of some schema class
that
> is
> > > > > guaranteed to exist.
> > > > >
> > > > > Question 1:
> > > > >
> > > > > Is "user" the appropriate schemaClass to attach this new attribute
> to?
> > > > Will
> > > > > this class always exist, or is there a better one? I've seen
> > references
> > > > to
> > > > > Auxiliary classes, but don't know if that is the way to go. I'm
> > talking
> > > > > about only a single attribute here.
> > > > >
> > > > > I have succeeded in making an LDIF file to create my new
> attribute --
> > > that
> > > > > part works, since the new attribute shows up in the list of
> attributes
> > > > using
> > > > > the ADAM schema editor snap in. The attribute just does not show
up
> > on
> > > > > User.
> > > > >
> > > > > Using the schema editor, I can manually attach that attribute to a
> > > class,
> > > > > but I have not succeeded in making this association between
> attribute
> > > and
> > > > > class using an LDIF file. I've been using the ms-user.ldf file as
> an
> > > > > example, and trying to find the minimal set of instructions to
> create
> > my
> > > > new
> > > > > string attribute, acmeProfileName, and attach it to the user
class.
> > > > >
> > > > > Question 2:
> > > > >
> > > > > How to I take my new attribute and make it an optional attribute
on
> > the
> > > > user
> > > > > class?
> > > > >
> > > > > Thanks for any assistance...
> > > > >
> > > > >
> > > > > Here is the LDIF that I use to create the attribute and try to
make
> it
> > > > part
> > > > > of User:
> > > > >
> > > > > dn: cn=acmeProfileName,cn=schema,cn=configuration,dc=x
> > > > > changetype: ntdsschemaadd
> > > > > objectclass: attributeSchema
> > > > > lDAPDisplayName: acmeProfileName
> > > > > attributeId: 1.3.6.1.4.1.999.1.1.28.314355
> > > > > oMSyntax: 20
> > > > > attributeSyntax: 2.5.5.4
> > > > >
> > > > > dn:
> > > > > changetype: modify
> > > > > add: schemaUpdateNow
> > > > > schemaUpdateNow: 1
> > > > > -
> > > > >
> > > > >
> > > > > dn: cn=user,cn=schema,cn=configuration,dc=x
> > > > > changetype: ntdsschemaadd
> > > > > objectClass: classSchema
> > > > > mayContain: acmeProfileName
> > > > >
> > > > > dn:
> > > > > changetype: Modify
> > > > > add: schemaUpdateNow
> > > > > schemaUpdateNow: 1
> > > > > -
> > > > >
> > > > >
> > > > > And here is the error-free output from running this on a clean
ADAM
> > > > > directory to which I have imported ms-user:
> > > > > C:\WINDOWS\ADAM>ldifde -i -f ms-user.ldf -s localhost -k -j . -c
> > > > > "CN=Schema,CN=C
> > > > > onfiguration,DC=X" #schemaNamingContext
> > > > > Connecting to "localhost"
> > > > > Logging in as current user using SSPI
> > > > > Importing directory from file "ms-user.ldf"
> > > > > Loading
> > > > >
> > entries.................................................................
> > > > > .
> > > > > 65 entries modified successfully.
> > > > >
> > > > > The command has completed successfully
> > > > >
> > > > > C:\WINDOWS\ADAM>ldifde -i -f acmeProfileName.ldf -s
localhost -k -j
> > . -c
> > > > > "CN=Sch
> > > > > ema,CN=Configuration,DC=X" #schemaNamingContext
> > > > > Connecting to "localhost"
> > > > > Logging in as current user using SSPI
> > > > > Importing directory from file "acmeProfileName.ldf"
> > > > > Loading entries.....
> > > > > 4 entries modified successfully.
> > > > >
> > > > > The command has completed successfully
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>
- Next message: dan: "RE: Disater recovery restoration of active directory"
- Previous message: Jon Paskett: "Re: Delegating permission to add computers to the domain"
- In reply to: BryanV: "Re: Newbie Advice on Schema Change"
- Next in thread: Dmitri Gavrilov [MSFT]: "Re: Newbie Advice on Schema Change"
- Reply: Dmitri Gavrilov [MSFT]: "Re: Newbie Advice on Schema Change"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
