ADAM: Errors Importing Schema and Objects from an Entire Forest

Tech-Archive recommends: Fix windows errors by optimizing your registry

I am new to ADAM and LDIF but here is what I am trying to accomplish
and the steps I am taking to do so. I am trying to Import .ldf's into
ADAM which were created from Exports of my production environment
schema and from the entire forest. I am recieving a couple of errors
and would appreciate any help you can provide. The details are as
follows:

Step One
Installed ADAM with the following settings:

1. ADAM and ADAM admin tools
2. Unique Instance
3. Instance Name: Instance1
4. LDAP Port:389
SSL Port: 636
5. No, do not create an application directory partition.
6. Do not import LDF files for this instance of ADAM.
----------------------------------------------------------------------------
Step Two
Export of my production AD Schema (schema_export.ldf) using the
ADSchemaAnalyzer tool and then import into ADAM using the following
syntax:

c:\windows\adam>ldifde -i -u -f schema_export.ldf -s localhost:389 -j .
-c "cn=Configuration,dc=X" #configurationNamingContext

Which results with the following message:
Add error on line 26608: Unwilling To Perform
The server side error is: 0x2122 The schema update operation tried to
add a backward link attribute that has no corresponding forward link.
The extended server error is:
00002122: SvcErr: DSID-032602B6, problem 5003 (WILL_NOT_PERFORM), data
8482

1642 entries modified successfully.
An error has occurred in the program

I am not sure what the above error message means or if it matters for
what i am trying to accomplish.
----------------------------------------------------------------------------
Step Three:
I want to then perform a bulk export of all objects from my production
AD forest so I can import them into ADAM in order to duplicate user
groups and memberships, etc. So I perform a bulk export of my entire
production AD Forest objects from a Win2K Domain controller which is
also a GC, using the following syntax:

c:\windows\adam>ldifde -f ForestExport.ldf -s Server1 -t 3268 -d
"dc=FSI,dc=com" -m

which results with the following:
55974 entries exported
The command has completed successfully
----------------------------------------------------------------------------
Step Four:
I then would like to import into ADAM the bulk export of my production
domain. I am using the following syntax:

c:\windows\adam>ldifde -i -f ForestExport.ldf -s localhost:389

the above attempt results with the following error which is where i
need assistance:
Connecting to "localhost:389"
Logging in as current user using SSPI
Importing directory from file "forestexport.ldf"
Loading entries.
Add error on line 2: Unwilling To Perform
The server side error is: 0x2079 The specified instance type is not
valid.
The extended server error is:
00002079: SvcErr: DSID-03330A54, problem 5003 (WILL_NOT_PERFORM), data
0

0 entries modified successfully.
An error has occurred in the program
----------------------------------------------------------------------------
Here are the first few lines of the forestexport.ldf

dn: DC=fsi,DC=com
changetype: add
dc: fsi
distinguishedName: DC=fsi,DC=com
----------------------------------------------------------------------------

I am not sure if I am doing any of this correctly, I have been reading
many websites, forums, documentation on ADAM and LDIF. I would greatly
appreciate any assistance, comments and criticism. In the end, what I
am trying to accomplish is to have a test environment I can work in
when on the road or at home. My goal is writing enterprise scripts
which will run in ADAM and in turn run in my production environment
without the need to be modified at all.

Please let me know if you would like me to provide any further
information.

Thank you,
Moe

.

Relevant Pages

  • Re: ADAM Proxy Authentication and Movetree
    ... as to why this is happening in production. ... additional SID in sidHistory for old NT4 account access, ... are scheduled to be removed 90 days after the migration. ... As far as the GC is concerned...I checked that querying a GC from the ADAM ...
    (microsoft.public.windows.server.active_directory)
  • Re: ADAM woes
    ... but you guys don't seem to be very close to being Microsoft specialists to be coming up with Microsoft solutions regardless of how big you are. ... Unless you are messing with Exchange and using CDOEXM most apps should be able to utilize AD from a workgroup machine if you actually have a strong understanding of how authentication works. ... Now certainly even if you knew how to work against your production AD, that isn't something that you want to do with dev work is it? ... I know for a fact I could grab most of the info from our corporate directory and put it on my laptop on an ADAM instance but I also know that I could rightfully be fired for doing so because my laptop is not a safe location for that information. ...
    (microsoft.public.windows.server.active_directory)
  • Re: AD & ADAM together in harmony
    ... the other (for external access) would permit anonymous access. ... If you ever need to synch data between ADAM and AD you ... Whilst Anthony is correct in stating that you can use your production AD ... automatically identify and authenticate them on IE access, ...
    (microsoft.public.inetserver.iis.security)
  • Re: Must ADAM be installed on every machine?
    ... I'm actually not much of an AzMan expert either as I've never built anything ... It does seem to me like something is very wrong if you need an ADAM instance ... >I do not have any AzMan stuff in production so I cannot offer ... >> Authorization Manager idea. ...
    (microsoft.public.windows.server.active_directory)
  • Re: How to keep Active Direcory and ADAM in sync
    ... MIIS is a product we sell which just does ... Finally, there is something new on the way, but currently only in beta I'm ... > How do I go about keeping Active Directory and an ADAM instance in sync? ... I have my production tree and would like all objects in it ...
    (microsoft.public.windows.server.active_directory)