Re: Creating a Computer Object in ADAM
- From: "Lee Flight" <lef@xxxxxxxxxxxxxxx>
- Date: Thu, 26 Oct 2006 23:19:49 +0100
Hi
I think you need to check the ADAM instance event logs
on the members of your config set to look for clues as
to why you are having replication issues.
A couple of other points:
you should *not* attempt a schema extension until you
have your replication in working order
dsdiag may not work too well with IP addresses, I suspect
it will want resolvable names.
Lee Flight
"LM" <merrittf@xxxxxxxx> wrote in message
news:1161896039.990046.173210@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Lee,
Getting kinda fun now, but not there yet.
Using the ADAM Schema MMC Snap-In, I determined that the Schema Master
happens to be the instance of ADAM running on the server we call "Dev".
Just for fun, i attempted to transfer the Schema Master Role to my
local instance. I was logged into the Dev instance with admin
priviledges.
When I tell it to do the change, I get the message 'The requested FSMO
operation failed. The current FSMO holder could not be contacted. The
transfer of the current Operations Master could not be performed.'
Event Log entry reads:
'An attempt to transfer the operations master role represented by the
following object failed.
Object:
CN=Schema,CN=Configuration,CN={954BF3F5-7205-47D1-935D-A1536D1E00C4}
Current operations master role:
CN=NTDS
Settings,CN=DEV$CAMEO,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,CN={954BF3F5-7205-47D1-935D-A1536D1E00C4}
Proposed operations master role:
CN=NTDS
Settings,CN=MERRITTF$CAMEO,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,CN={954BF3F5-7205-47D1-935D-A1536D1E00C4}
Additional Data
Error value:
8456'
Per MSDN, error code 8456 is:
'ERROR_DS_DRA_SOURCE_DISABLED
8456 The source server is currently rejecting replication requests.'
Running dsdiag returned the following:
C:\WINDOWS\ADAM>dsdiag /s:192.1.0.78:389 /u:Dev\ADAM_Manager /p:*
Password:
Directory Server Diagnosis
Performing initial setup:
An error cocured during DNS host lookup
* Identified ADAM Configuration Set.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\DEV$CAMEO
Starting test: Connectivity
[DEV$CAMEO] DsBindWithSpnEx() failed with error 1772,
The list of RPC servers available for the binding of auto
handles has b
een exhausted..
......................... DEV$CAMEO failed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\DEV$CAMEO
Skipping all tests, because server DEV$CAMEO is
not responding to directory service requests
Running partition tests on : CAMEO
Starting test: CrossRefValidation
......................... CAMEO passed test CrossRefValidation
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test
CrossRefValidation
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test
CrossRefValidation
If I'm reading it right, it looks like it's never really getting
connected. I tried domain in the /u parameter a number of ways (IP,
IP:389, and so forth) with the same results. Also tried /s as both IP
and IP:389.
Suggestions?
Many thanks again,
Lincoln
Lee Flight wrote:
Hi
schema spans the config set and schema update must be made
against schema FSMO. The recommended way to do this
is to run the update on the schema FSMO or transfer the
schema FSMO role to a server and run the update. See:
ADAM Help
ADAM How To
Manage Schemas and Directory Partitions
Lee Flight
"LM" <merrittf@xxxxxxxx> wrote in message
news:1161717744.283588.221950@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Lee et.al.,
Getting much warmer, for sure. I did the following steps:
1. Started up ADSchemaAnalyzer and loaded a Target Schema from an
Active Directory instance on my network.
2. Loaded a Base Schema from localhost:389, which is my ADAM instance.
3. Selected the computer object class in the Classes tree, (noting
that it Auto Included some other classes).
4. Selected Create LDIF File from the file menu and so forth.
I opened up the LDIF file to get the import command:
# ==================================================================
#
# This file should be imported with the following command:
# ldifde -i -u -f compobj.ldf -s server:port -b username domain
password -j . -c "cn=Configuration,dc=X" #configurationNamingContext
# LDIFDE.EXE from AD/AM V1.0 or above must be used.
# This LDIF file should be imported into AD or AD/AM. It may not work
for other directories.
#
# ==================================================================
I executed the command as shown, with the exception that I removed the
-b parameter and allowed it to log in as current user. That seemed to
work alright, but here's the log:
Connecting to "localhost:389"
Logging in as current user using SSPI
Importing directory from file "compobj.ldf"
Loading entries
1:
cn=ACS-Policy-Name,cn=Schema,CN=Configuration,CN={954BF3F5-7205-47D1-935D-A1536D1E00C4}
Entry DN:
cn=ACS-Policy-Name,cn=Schema,CN=Configuration,CN={954BF3F5-7205-47D1-935D-A1536D1E00C4}
Add error on line 15: Referral
The server side error is: 0x202b A referral was returned from the
server.
The extended server error is:
0000202B: RefErr: DSID-030A0A19, data 0, 1 access points
ref 1: 'dev:389:636'
0 entries modified successfully.
An error has occurred in the program
I note 'ref 1: 'dev:389:636'. dev is the name of a server that has an
instance of ADAM tht is part of my replication set (terminology?), so
I'm guessing it's complaining that one of it's replication partners
(term again?) is trying to modify the schema. Makes sense to me but,
assuming I'm right, what's to be done?
Many thanks for your help Lee and and others.
Lincoln
Lee Flight wrote:
Hi
you are in luck, ADAM SP1 comes with ADSchemaAnalyzer
which will let you import from a source schema into your ADAM
schema. That will handle all of the depndencies for you.
There are some notes on using ADSchemaAnalyzer in the
ADAM Step-By-Step Guide
http://www.microsoft.com/downloads/details.aspx?FamilyID=5163b97a-7df3-4b41-954e-0f7c04893e83&DisplayLang=en
and if you google the archives of this newsgroup you will find
some more notes on it.
On ldifde -j is the path to the log file , so . would be the current
directory.
Note that a computer account in ADAM will not behave as
a domain computer account (security principal, domain trust)
so keep that in mind.
Post back if you need more help.
Lee Flight
"LM" <merrittf@xxxxxxxx> wrote in message
news:1161279148.807280.104540@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Folks,
I'm quite new to ADAM and Active Directory.
We want to create a Computer Object in ADAM for use by our
application.
I found postings here that discussed exporting the Computer Object
from an Acive Directory instance using LDIFDE and importing it into
ADAM. I did manage to export the object from Active Directory
successfully (at least it appears so) but when I try to import it
into
ADAM I get the following:
'C:\WINDOWS\ADAM>ldifde -i -f compobj.ldf -s localhost:389
Connecting to "localhost:389"
Logging in as current user using SSPI
Importing directory from file "compobj.ldf"
Loading entries.
Add error on line 1: No Such Attribute
The server side error is: 0x57 The parameter is incorrect.
The extended server error is:
00000057: LdapErr: DSID-0C090B3D, comment: Error in attribute
conversion operation, data 0, va28
0 entries modified successfully.
An error has occurred in the program
No log files were written. In order to generate a log file, please
specify the log file path via the -j option.'
Reading a little more carefully in the thread, I found this response
to
the suggestion about importing the computer object, from Dmitri
Gavrilov :
'Unfortunately, it's not as simple as that. You can not just bring a
single
class in. You have to bring all of its dependents too, attributes it
references, its superclass (user, slightly different from ADAM's
user
definition), etc. This is not easy.'
Bummer...
I would like to get the Computer Object Class into my ADAM instance.
Any advice? As I said, I'm really new to ADAM and AD and not really
sure how to find the dependencies or what have you. For that
matter,
if it depends on a user class being imported that is 'slightly
different from ADAM's user definition', that sounds like it might
overwrite the ADAM user class and so on, and who knows what a ball
of
worms that might turn into? I would appreciate any advice on this I
can get.
By the way, when I try to create a log I get:
C:\WINDOWS\ADAM>ldifde -i -f compobj.ldf -s localhost:389 -j
adamlog.txt
Unable to open log file
I can't think of any reason it shouldn't be able to open a file.
C:\adamlog.txt doesn't work either, btw. Suggestions?
Many Thanks,
Lincoln
.
- References:
- Creating a Computer Object in ADAM
- From: LM
- Re: Creating a Computer Object in ADAM
- From: Lee Flight
- Re: Creating a Computer Object in ADAM
- From: LM
- Re: Creating a Computer Object in ADAM
- From: Lee Flight
- Re: Creating a Computer Object in ADAM
- From: LM
- Creating a Computer Object in ADAM
- Prev by Date: Re: FMSO question
- Next by Date: Re: Exchange replication in Active Directory.
- Previous by thread: Re: Creating a Computer Object in ADAM
- Next by thread: Important question .ADM file for IE7 blocking
- Index(es):
Relevant Pages
|
