adamsync.exe / sync está falhando com “Naming Violation”

1

Estou tentando sincronizar minha instância do AD LDS (localhost: 50006) com entradas do AD DS (basicamente tentando obter contas de usuário e de computador do AD DS para que eu possa usar as entidades de segurança do Windows na minha instância do LDS). Tenho seguido o link e o _http: //blogs.msdn.com/b/jeff/ archive / 2007/04/01 / synchronize-active-directory-to-adam-with-adamsync-step-by-step.aspx para fazer a sincronização e obteve o erro Ldap ocorrido. ldap_add_sW: Violação de Nomenclatura. Informações estendidas: 00002099: NameErr: DSID-030510C6, problema 2005 (NAMING_VIOLATION) , dados 0, melhor combinação de:         'CN = teste, DC = COM'

Quaisquer pensamentos sobre como analisar ou depurar são realmente úteis :) (veja abaixo todos os detalhes)

Atualizar

parece que eu preciso atualizar o esquema com posssuperiors ( link ). Eu atualizarei você se funcionar.

Detalhes do erro do log

Processing Entry: Page 1, Frame 1, Entry 48, Count 1, USN 0
Processing source entry <guid=2b4f58a3ba5a3246b1fd59594d2d4c4f>
Processing in-scope entry 2b4f58a3ba5a3246b1fd59594d2d4c4f.
Adding target object CN=Builtin,CN=Test,DC=COM.
Adding attributes: sourceobjectguid, objectClass, instanceType, showInAdvancedViewOnly, creationTime, forceLogoff, lockoutDuration, lockOutObservationWindow, lockoutThreshold, maxPwdAge, minPwdAge, minPwdLength, modifiedCountAtLastProm, nextRid, pwdProperties, pwdHistoryLength, uASCompat, lastagedchange, 
Ldap error occured. ldap_add_sW: Naming Violation. 
Extended Info: 00002099: NameErr: DSID-030510C6, problem 2005 (NAMING_VIOLATION), data 0, best match of:
    'CN=Test,DC=COM'
.
Ldap error occured. ldap_add_sW: Naming Violation. 
Extended Info: 00002099: NameErr: DSID-030510C6, problem 2005 (NAMING_VIOLATION), data 0, best match of:
    'CN=Test,DC=COM'
.
Saving Configuration File on CN=Test,DC=COM

Saved configuration file.

Comandos executados

C:\Windows\ADAM>LDIFDE.EXE -i -u -s localhost:50008 -c "cn=Configuration,dc=X" #
configurationNamingContext -j . -f MS-adamschemaw2k8.LDF
................................................................................
................................................................................
................................................................................
................................................................................
................................................................................
................................................................................
................................................................................
................................................................................
................................................................................
................................................................................
................................................................................
................................................................................
................................................................................
................................................................................
................................................................................
.........


C:\Windows\ADAM>LDIFDE.EXE -i -c "cn=Configuration,dc=X" #configurationNamingCon
text -f MS-AdamSyncMetadata.LDF
..........


C:\Windows\ADAM>notepad test.xml

C:\Windows\ADAM>adamsync.exe /install localhost:50008 test.xml
Done.

C:\Windows\ADAM>adamsync.exe /sync localhost:50008 CN=Test,DC=COM
**Ldap error occured. ldap_add_sW: Naming Violation.
Extended Info: 00002099: NameErr: DSID-030510C6, problem 2005 (NAMING_VIOLATION)**
, data 0, best match of:
        'CN=Test,DC=COM'
.

Eu substituí as entradas conforme mencionado nos artigos (veja abaixo o conf da configuração da instância xml e AD LDS):

<configuration>     
  <description>sample Adamsync configuration file</description>     
  <security-mode>object</security-mode>         
  <source-ad-name>mydomain.com</source-ad-name>     
  <source-ad-partition>DC=mydomain,DC=com</source-ad-partition>
  <source-ad-account>domainadminaccount</source-ad-account>                
  <account-domain>mydomain.com</account-domain>
  <target-dn>CN=Test,DC=COM</target-dn>     
  <query>           
   <base-dn>DC=mydomain,DC=com</base-dn>
   <object-filter>(objectClass=*)</object-filter>

Install a unique instance of AD LDS.

Instance name: instance5
Computers will connect to this instance of AD LDS using the following ports:
LDAP port: 50008
SSL port: 50009

AD LDS replication will use Negotiate authentication.

Store AD LDS data files in the following location:
C:\Program Files\Microsoft ADAM\instance5\data

Store AD LDS log files in the following location:
C:\Program Files\Microsoft ADAM\instance5\data

Run AD LDS using the following account:
NT AUTHORITY\NetworkService

Set up the following account to administer AD LDS:
mydomain\domainadminuseraccount

Create the following application directory partition:
CN=Test,DC=COM 

Import these LDIF files:
MS-AdamSyncMetadata.LDF
MS-ADLDS-DisplaySpecifiers.LDF
MS-InetOrgPerson.LDF
MS-User.LDF
MS-UserProxy.LDF
MS-UserProxyFull.LDF

Atenciosamente!

    
por Dreamer 11.01.2014 / 00:25

0 respostas