| Author | Messages | |
lef
Posts:21
 | | 10/08/2008 10:16 AM |
|
Hi
in your attached file you have
=objectA=
Userproxy ADAM:
cn=N1SCAH
sourceObjectGUID = 18 85 12 52 E9 F5 10 42 8B 6D 93 95 17 CC 4E 51
ObjectGUID= D8 5F 69 44 DD 0C 68 45 83 12 42 1F 2B 15 5D F5
objectSID=01 05 00 00 00 00 00 05 15 00 00 00 8A 3C FB 7D B1 1E 9C 59 32
69 F2 5F FA 48 01 00
==
and
=objectB=
User AD:
cn=N1SCAH
ObjectGUID= 0C A0 24 49 68 6E F4 40 AD 0A 7E 31 FE 51 65 37
objectSID= 01 05 00 00 00 00 00 05 15 00 00 00 8A 3C FB 7D B1 1E 9C 59 32
69 F2 5F B6 5E 01 00
==
there are two things that do not fit with a user move in AD:
Ώ] sourceObjectGUID of objectA does not match ObjectGUID of objectB
this implies objectA was not sync'ed from objectB but from some other
object in your source AD
ΐ] the objectSID of objectA does not match the objectSID of objectB
this also implies objectA was not sync'ed from objectB
Objects in your source AD should never change their objectGUID and
the objectSID should be constant for the object within a given domain.
So what happened to the original AD object that was sync'ed into ADAM? -
that is the object in AD with:
objectGUID = 18 85 12 52 E9 F5 10 42 8B 6D 93 95 17 CC 4E 51
objectSID=01 05 00 00 00 00 00 05 15 00 00 00 8A 3C FB 7D B1 1E 9C 59 32
69 F2 5F FA 48 01 00
which seems to have had the userPrincipalName that the new AD object
objectB now has?
You need to check with your AD admin to find the answer and get the detail
behind "the user are moved from one organizationalunit to another in AD".
Thanks
Lee Flight
On Wed, 8 Oct 2008, jflarsen@nrdc.dk wrote:
> Hi
>
> Thx for the swift reply.
>
> No i have a user that is synchronized from AD to ADAM. Then at some point
> the user are moved from one organizationalunit to another in AD. After
> this i get errors when i run the synchronization because it says i already
> have a user with that userprincipalname.
>
> xml config and ad/adam info attached.
>
> Best regards,
> Jan
>
>> Hi,
>>
>> so you have a user in a groupA an the user is removed from groupA
>> and added to groupB and you hit this error? If so can we see
>> the distinguishedName of {user, groupA and groupB} and a copy
>> of your XML configuration file (anonymized if you wish).
>>
>> Thanks
>> Lee Flight
>>
>>
>> On Fri, 3 Oct 2008, jflarsen@nrdc.dk wrote:
>>
>> Hello Everyone
>>>
>>> Hope u can help me with my problem.
>>>
>>> Im using adamsync to synchronize AD users to ADAM, and in most of the
>>> caces it go as planed.... but in cases where the system admin has moved
>>> user from one AD group to another i get an error saying that there is
>>> allready a user in ADAM with the same userPrincipalName(this is the same
>>> user as the one i want to synchronize but in ADAM he is in the group he
>>> use to be in before the admin moved him)
>>>
>>> I have read blog written by Eric Fleischman
>>>
>>> https://blogs.technet.com/efleis/archive/2006/10/28/change-visibility-in-the-directory-or-lack-there-of-aka-what-s-the-point-of-aging.aspx
>>>
>>> Now im thinking....
>>> 1. Is my problem that the user that runs the
>>> synchronization(adamsync.exe)
>>> doesn't has access to see information about deleted/moved users? If yes
>>> how do i set this permissions?
>>> 2. Or is the problem something else... And what could it be?
>>>
>>>
>>> I have talked to the domain admin and he ensures me that he have set the
>>> correct rights for my sync user(even linked him this knowledge page
>>> http://support.microsoft.com/?id=892806 ).
>>>
>>>
>>> The log states:
>>>
>>> Processing Entry: Page 126, Frame 1, Entry 10, Count 1, USN 0
>>> Processing source entry <guid=0ca02449686ef440ad0a7e31fe516537>
>>> Processing in-scope entry 0ca02449686ef440ad0a7e31fe516537.
>>> Adding target object CN=N1SCAH,OU=Familiegruppen Sydst,OU=Brne- og
>>> Familieomrde Sydst,OU=Brne- og Familieafdelingen,OU=Rdmand og
>>> Direktr
>>> Familie- og Besk'ftigelsesforv,OU=Familie- og
>>> Besk'ftigelsesforvaltningen,OU=Aalborg Kommune,dc=enet,dc=local.
>>> Adding attributes: sourceobjectguid, l, instanceType, displayName,
>>> company, streetAddress, objectSid, userPrincipalName, mail,
>>> lastagedchange, objectclass,
>>> Ldap error occured. ldap_add_sW: Attribute Or Value Exists.
>>> Extended Info: 0000217B: AtrErr: DSID-03050758, #1:
>>> 0: 0000217B: DSID-03050758, problem 1006 (ATT_OR_VALUE_EXISTS), data 0,
>>> Att 90290 (userPrincipalName)
>>> .
>>> Ldap error occured. ldap_add_sW: Attribute Or Value Exists.
>>> Extended Info: 0000217B: AtrErr: DSID-03050758, #1:
>>> 0: 0000217B: DSID-03050758, problem 1006 (ATT_OR_VALUE_EXISTS), data 0,
>>> Att 90290 (userPrincipalName)
>>> .
>>> Saving Configuration File on DC=eNET,DC=local
>>> Saved configuration file.
>>>
>>> Please help me out, this is a very annoying error because i have to go
>>> and
>>> delete all moved users from ADAM for the sync to go through.....
>>>
>>> Yours,
>>> JL
>>>
>>>
>>> List info : http://www.activedir.org/List.aspx
>>> List FAQ : http://www.activedir.org/ListFAQ.aspx
>>> List archive: http://www.activedir.org/ma/default.aspx
>>>
>>>
>>
>
| | | |
|
|