Re: ADAM Synchronizer Beta - question

Sorry to get in the middle of a conversation, I think can help Lee a bit
here. The server error indicates you are running w2k AD, and it complains
that you don't have permissions to pull changes with DirSync. Indeed,
object-mode security is not implemented in w2k, so the only way to get
dirsync to work is to grant Replicate-Get-Changes control access right to
the account that adamsync uses to connect to AD.

--
Dmitri Gavrilov
SDE, Active Directory Core

This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

"DavidInCruz" <DavidInCruz@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:1A3C2EF8-550E-43A9-8EC3-4118BA161928@xxxxxxxxxxxxxxxx
> New addtional info from log:
> Establishing connection to target server
> sctas06.test.co.santa-cruz.ca.us:50000.
>
> Saving Configuration File on
> OU=ISD,DC=test,DC=co,DC=santa-cruz,DC=ca,DC=us,DC=adusers
>
> Saved configuration file.
>
> ADAMSync is querying for a writeable replica of
> sctdc00.test.co.santa-cruz.ca.us.
>
> Error: DCLocator call failed with error 1355. Attempting to bind directly
> to
> string.
>
> Establishing connection to source server
> sctdc00.test.co.santa-cruz.ca.us:389.
>
> Using file .?dam1B.tmp as a store for deferred dn-references.
>
> Populating the schema cache
>
> Populating the well known objects cache
>
> Starting synchronization run from
> ou=ISD,dc=test,dc=co,dc=santa-cruz,dc=ca,dc=us.
>
> Starting DirSync Search with object mode security.
>
> Ldap error occured. ldap_search_ext_s: Insufficient Rights.
>
> Extended Info: 000020F8: LdapErr: DSID-0C090670, comment: Error processing
> control, data 0, v893.
>
> Ldap error occured. ldap_search_ext_s: Insufficient Rights.
>
> Extended Info: 000020F8: LdapErr: DSID-0C090670, comment: Error processing
> control, data 0, v893.
>
> Saving Configuration File on
> OU=ISD,DC=test,DC=co,DC=santa-cruz,DC=ca,DC=us,DC=adusers
>
> Saved configuration file.
>
> I hope this helps.
> David
>
>
>
> "Lee Flight" wrote:
>
>> Hi
>>
>> I'm assuming that you re-ran the ADAMSync /install after updating
>> the config.xml(?) Was the command below run with /log - ?
>>
>> I have never seen that error before all I can offer to do is take a look
>> at your config.xml (excluding any passwords etc.) if you are prepared
>> to post it.
>>
>> Thanks
>> Lee Flight
>>
>> "DavidInCruz" <DavidInCruz@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> news:DD2521D1-3DD8-4DF3-AF43-8EB424C57FCA@xxxxxxxxxxxxxxxx
>> > Ok,
>> > I have added an <account-domain> tag and now the message is:
>> > C:\WINDOWS\ADAM>adamsync /sync localhost:50000 adsyncadam /creds test
>> > administrator xxxxx
>> > Error occured fetching internationalized message number -2146893813.
>> > Error
>> > code:
>> > 317
>> >
>> > C:\WINDOWS\ADAM>
>> >
>> >
>> > David
>> > "Lee Flight" wrote:
>> >
>> >> Hi
>> >>
>> >> "DavidInCruz" <DavidInCruz@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> >> news:91E0B81B-D04B-4A07-97B5-5B047CBDC231@xxxxxxxxxxxxxxxx
>> >>
>> >> > C:\WINDOWS\ADAM>adamsync /sync localhost:50000 adsyncadam /creds
>> >> > test
>> >> > administrator xxxxxx
>> >> > Ldap error occured. ldap_bind_s: Invalid Credentials.
>> >> > Extended Info: 8009030C: LdapErr: DSID-0C0903E2, comment:
>> >> > AcceptSecurityContext
>> >> > error, data 0, v893.
>> >>
>> >> I think that has to be saying that the account that you are specifying
>> >> for
>> >> tha AD partition does not have access. Could you check that the
>> >> <source-ad-account> and <account-domain> are correct and that the
>> >> account has access to the partition in AD that you are spec. You could
>> >> check
>> >> by using ldp.exe to bind to the AD with that account, the security
>> >> event
>> >> log
>> >> on
>> >> the DCs for the AD might give you a clue what is happening if you
>> >> audit
>> >> logon
>> >> failures as part of your security policy.
>> >>
>> >> Thanks
>> >> Lee Flight
>> >>
>> >>
>> >>
>>
>>
>>


.

Relevant Pages

  • .Net remoting expiration error
    ... I've got a server using .Net remoting. ... From a web administration, I control ... data contained in the server but after few minutes of inactivity, ... Here's my configuration file: ...
    (microsoft.public.dotnet.framework.remoting)
  • Re: CUPS Server Error
    ... # This is the CUPS configuration file. ... Server Identity ... determines whether the scheduler will allow new printers ... whether or not to use "short" names for remote printers ...
    (Debian-User)
  • Re: How to locate external configuration file
    ... I assume I cannot use getResourceAsStream in those cases but I'm not ... work if the application server is websphere. ... > In Tomcat it's shared/classes. ... >> configuration file. ...
    (comp.lang.java)
  • Re: convert console app to config file?
    ... client project and your server project. ... Start your server application (console app most ... Sam Santiago ... > If I create the configuration file as you very helpfully morphed for me, ...
    (microsoft.public.dotnet.framework.remoting)
  • Re: W2003 Server SP2 Problems with W32TM
    ... I've tested a W2k3 box time synchronization by setting the server using ... the net time interface was written. ... Send SIGHUP to the daemon, the daemon catches the signal, rereads the configuration file and starts making changes! ... config" command on those platforms that do not support the signal events? ...
    (comp.protocols.time.ntp)