Re: AD to ADAM Syncing - How can I not bring over the containing OU to ADAM
- From: "Tito" <tburgos@xxxxxxxxx>
- Date: 12 Oct 2006 13:19:31 -0700
Lee, I decided to allow it to create a sub OU and I brought the users
over successfully ( at least I think it was successful). However, when
I try to do a simple bind using LDP.exe with one of the users I have
imported, I get the following error:
0 = ldap_set_option(ld, LDAP_OPT_ENCRYPT, 0)
res = ldap_simple_bind_s(ld, 'CN=Tito Burgos,OU=ADEmplyeeOU,
OU=AdamEmployeeOU,DC=MyAdamDC', <unavailable>); // v.3
Error <49>: ldap_simple_bind_s() failed: Invalid Credentials
Server error: 8009030C: LdapErr: DSID-0C090441, comment:
AcceptSecurityContext error, data 52e, vece
Error 0x8009030C The logon attempt failed
If I create a user and set the password in ADSIEdit and try to connect
I also get the same error.
Lee Flight wrote:
Hi
it's in the nature of the DirSync mechanism that ADAMSync uses
to replicate the parent of the objects you are sync'ing. So you have
two options:
go with the configuration you have below and be aware that this
gives you a nested OU
or
change your target-dn to
<target-dn>DC=MyADAMDC</target-dn>
and that will create
ou=ADEmployees,dc=MyADAMDC
Lee Flight
<tburgos@xxxxxxxxx> wrote in message
news:1160598925.924219.209110@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
I'm trying to bring user objects from an OU in my AD domain to an OU in
ADAM. However, based on the configuration file below. The OU that the
users are under in AD is also created under the OU in ADAM. I just
want to bring the users over and not the OU container.
Can this be done?
I'm using ADAM R2 and my AD is W2K3.
=== config.xml =====
<?xml version="1.0"?>
<doc>
<configuration>
<description>sample Adamsync configuration file</description>
<security-mode>object</security-mode>
<source-ad-name>my.domain.com</source-ad-name>
<source-ad-partition>dc=my,dc=domain,dc=com</source-ad-partition>
<source-ad-account></source-ad-account>
<account-domain></account-domain>
<target-dn>OU=ADAMEmployees,DC=MyADAMDC</target-dn>
<query>
<base-dn>ou=ADEmployees,dc=my,dc=domain,dc=com</base-dn>
<object-filter>(objectCategory=person)</object-filter>
<attributes>
<include></include>
<exclude>extensionName</exclude>
<exclude>displayNamePrintable</exclude>
<exclude>flags</exclude>
<exclude>isPrivelegeHolder</exclude>
<exclude>msCom-UserLink</exclude>
<exclude>msCom-PartitionSetLink</exclude>
<exclude>reports</exclude>
<exclude>serviceprincipalname</exclude>
<exclude>accountExpires</exclude>
<exclude>adminCount</exclude>
<exclude>primarygroupid</exclude>
<exclude>userAccountControl</exclude>
<exclude>codePage</exclude>
<exclude>countryCode</exclude>
<exclude>logonhours</exclude>
<exclude>lockoutTime</exclude>
</attributes>
</query>
<schedule>
<aging>
<frequency>0</frequency>
<num-objects>0</num-objects>
</aging>
<schtasks-cmd></schtasks-cmd>
</schedule>
</configuration>
<synchronizer-state>
<dirsync-cookie></dirsync-cookie>
<status></status>
<authoritative-adam-instance></authoritative-adam-instance>
<configuration-file-guid></configuration-file-guid>
<last-sync-attempt-time></last-sync-attempt-time>
<last-sync-success-time></last-sync-success-time>
<last-sync-error-time></last-sync-error-time>
<last-sync-error-string></last-sync-error-string>
<consecutive-sync-failures></consecutive-sync-failures>
<user-credentials></user-credentials>
<runs-since-last-object-update></runs-since-last-object-update>
<runs-since-last-full-sync></runs-since-last-full-sync>
</synchronizer-state>
</doc>
=== end config.xml =====
Tito
.
- Follow-Ups:
- References:
- Prev by Date: Re: ADAM Backup - event ID 1913
- Next by Date: authoritative restore not working
- Previous by thread: Re: AD to ADAM Syncing - How can I not bring over the containing OU to ADAM
- Next by thread: Re: AD to ADAM Syncing - How can I not bring over the containing OU to ADAM
- Index(es):
Relevant Pages
|
