Happy Friday everyone! I was wondering if anyone had some ideas here for me. I have what I thought should have been a simple task which has turned into a challenge. Basically, I want to take a production domain we have and clone all user/group objects from that to a staging instance. I was expecting to be able to do this easily with csvde or ldifde but I keep getting the following error even after stripping all the non importable attributes. (The server side error is: 0x209a Access to the attribute is not permitted because the attribute is owned by the Security Accounts Manager (SAM). I have gone through the steps to export/compare/analyze/import the schema and all attributes match between the two forests. My goal is basically to bring over all populated user attributes that are not domain specific, as well as bringing over all group objects and their non domain specific attributes. I’ve walked through many documents online that cover this and can’t get it to work. I export from the source excluding the necessary domain specific attributes, massage the data (update domain DN references etc ) and then attempt and import and I get errors. I’m excluding all the documented non importable attributes as well and it still fails. Any ideas would be greatly appreciated, there is no trust in place so migration tools are not an option and this is just a one time load I am trying to do at this point. Any thoughts/recommendations people would have would be great.
This message has been marked as Public
[CONFIDENTIALITY AND PRIVACY NOTICE] Information transmitted by this email is proprietary to Medtronic and is intended for use only by the individual or entity to which it is addressed, and may contain information that is private, privileged, confidential or exempt from disclosure under applicable law. If you are not the intended recipient or it appears that this mail has been forwarded to you without proper authority, you are notified that any use or dissemination of this information in any manner is strictly prohibited. In such cases, please delete this mail from your records. To view this notice in other languages you can either select the following link or manually copy and paste the link into the address bar of a web browser: http://emaildisclaimer.medtronic.com