Re: Deleting AD Schema Fields with LDIFDE - Access Denied

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

True!!!!!!!!!!!!!!!!!!!!
Last supported in W2k SP2!!
Apologies Pascal! Got carried away when you said you'd done it before.

Regards,

Austin

"Joe Kaplan" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:%23%23jO8aVIIHA.484@xxxxxxxxxxxxxxxxxxxxxxx
You can't delete schema objects. You can only defunct them. This is why it is often recommended to test your schema extensions on an ADAM instance you can throw away. You should never test schema extensions on a production AD forest.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
<pascal@xxxxxxxxxxxxxxxxxxxxxx> wrote in message news:1194445841.542807.8380@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hi Austin,
The administrator has all possible rights (also "Delete All Child
Objects").

The error message is the same as mentioned in the first post:
"The requested delete operation could not be performed."

Schema updates is enabled.

Regards,
Pascal

On 7 Nov., 15:12, "Austin Osuide" <aus...@xxxxxxxxxxx> wrote:
Hi Pascal,
Please confirm that deletion of child objects is allowed on:
cn=Schema,cn=Configuration,ForestDN
And also the Schema updates have been enabled.

Regards,

Austin

<pas...@xxxxxxxxxxxxxxxxxxxxxx> wrote in message

news:1194441496.834629.156950@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

> Hi Austin,
> Yes, the administrator is already in those two groups. I even tried to
> add him to all possible groups (yes, stupid idea, but it's just a test
> environment), and still it's not working.

> By the way: I tried it on a complete different domain and server....
> Access Denied...

> Thank you anyway for your response.

> Regards,
> Pascal

> On 7 Nov., 13:13, "Austin Osuide" <aus...@xxxxxxxxxxx> wrote:
>> Hi Pascal,
>> Have you tried this as Enterprise admin and Schema Admin?
>> I believe that's the Group membership requirement?

>> Regards,

>> Austin

>> <pas...@xxxxxxxxxxxxxxxxxxxxxx> wrote in message

>>news:1194429001.336991.96110@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

>> > Hello everyone

>> > I added some fields to my active directory with LDIFDE, everything >> > ist
>> > working just fine. Now I have to delete them. I tested the script >> > some
>> > weeks ago on another domain, and this was also working. I used the
>> > following script:

>> > dn: CN=midMobile,CN=Schema,CN=Configuration,DC=wenga,DC=local
>> > changetype: Delete

>> > DN:
>> > changetype: modify
>> > add: schemaUpdateNow
>> > schemaUpdateNow: 1
>> > -

>> > If I'm using this script on my new domain, it's not working. Here >> > the
>> > error message:

>> > Add error on line 1: Insufficient Rights
>> > The server side error is "Access is denied."

>> > Okay, even if I'm the administrator (which is automatically domain
>> > admin, and schema admin ... just the standard configuration), I am >> > not
>> > able to delete a field. I was checking the rights of this
>> > administrator account, and there you see, the usergroup "Schema
>> > Admins" has not full access (at least some "delete ..." rights were
>> > missing), so I gave all the rights I could find to this
>> > administrator. Now if I execute the script, following error is >> > showing
>> > up:

>> > Add error on line 1: Unwilling To Perform
>> > The server side error is "The requested delete operation could not >> > be
>> > performed."

>> > (the script is still the same as above)

>> > Well, I actually don't have any idea, how I can solve this problem.
>> > The script should work. You can find it on several places in the
>> > internet (including microsoft.com)

>> > What can I do, or, where is the problem?

>> > Thanks for your help.

>> > Best regards,
>> > Pascal

>> > Just for information:
>> > 1. Yes, this schema field does exist.
>> > 2. Yes, the domain exists.
>> > 3. I'm logged in as Administrator.
>> > 4. No remote desktop. The server is running in VMWare.





.

Relevant Pages