Estou tentando sincronizar minha instância do AD LDS (localhost: 50006) com entradas do AD DS (basicamente tentando obter contas de usuário e de computador do AD DS para que eu possa usar as entidades de segurança do Windows na minha instância do LDS). Tenho seguido o link e o _http: //blogs.msdn.com/b/jeff/ archive / 2007/04/01 / synchronize-active-directory-to-adam-with-adamsync-step-by-step.aspx para fazer a sincronização e obteve o erro Ldap ocorrido. ldap_add_sW: Violação de Nomenclatura. Informações estendidas: 00002099: NameErr: DSID-030510C6, problema 2005 (NAMING_VIOLATION) , dados 0, melhor combinação de: 'CN = teste, DC = COM'
Quaisquer pensamentos sobre como analisar ou depurar são realmente úteis :) (veja abaixo todos os detalhes)
parece que eu preciso atualizar o esquema com posssuperiors ( link ). Eu atualizarei você se funcionar.
Detalhes do erro do log
Processing Entry: Page 1, Frame 1, Entry 48, Count 1, USN 0
Processing source entry <guid=2b4f58a3ba5a3246b1fd59594d2d4c4f>
Processing in-scope entry 2b4f58a3ba5a3246b1fd59594d2d4c4f.
Adding target object CN=Builtin,CN=Test,DC=COM.
Adding attributes: sourceobjectguid, objectClass, instanceType, showInAdvancedViewOnly, creationTime, forceLogoff, lockoutDuration, lockOutObservationWindow, lockoutThreshold, maxPwdAge, minPwdAge, minPwdLength, modifiedCountAtLastProm, nextRid, pwdProperties, pwdHistoryLength, uASCompat, lastagedchange,
Ldap error occured. ldap_add_sW: Naming Violation.
Extended Info: 00002099: NameErr: DSID-030510C6, problem 2005 (NAMING_VIOLATION), data 0, best match of:
'CN=Test,DC=COM'
.
Ldap error occured. ldap_add_sW: Naming Violation.
Extended Info: 00002099: NameErr: DSID-030510C6, problem 2005 (NAMING_VIOLATION), data 0, best match of:
'CN=Test,DC=COM'
.
Saving Configuration File on CN=Test,DC=COM
Saved configuration file.
Comandos executados
C:\Windows\ADAM>LDIFDE.EXE -i -u -s localhost:50008 -c "cn=Configuration,dc=X" #
configurationNamingContext -j . -f MS-adamschemaw2k8.LDF
................................................................................
................................................................................
................................................................................
................................................................................
................................................................................
................................................................................
................................................................................
................................................................................
................................................................................
................................................................................
................................................................................
................................................................................
................................................................................
................................................................................
................................................................................
.........
C:\Windows\ADAM>LDIFDE.EXE -i -c "cn=Configuration,dc=X" #configurationNamingCon
text -f MS-AdamSyncMetadata.LDF
..........
C:\Windows\ADAM>notepad test.xml
C:\Windows\ADAM>adamsync.exe /install localhost:50008 test.xml
Done.
C:\Windows\ADAM>adamsync.exe /sync localhost:50008 CN=Test,DC=COM
**Ldap error occured. ldap_add_sW: Naming Violation.
Extended Info: 00002099: NameErr: DSID-030510C6, problem 2005 (NAMING_VIOLATION)**
, data 0, best match of:
'CN=Test,DC=COM'
.
Eu substituí as entradas conforme mencionado nos artigos (veja abaixo o conf da configuração da instância xml e AD LDS):
<configuration>
<description>sample Adamsync configuration file</description>
<security-mode>object</security-mode>
<source-ad-name>mydomain.com</source-ad-name>
<source-ad-partition>DC=mydomain,DC=com</source-ad-partition>
<source-ad-account>domainadminaccount</source-ad-account>
<account-domain>mydomain.com</account-domain>
<target-dn>CN=Test,DC=COM</target-dn>
<query>
<base-dn>DC=mydomain,DC=com</base-dn>
<object-filter>(objectClass=*)</object-filter>
Install a unique instance of AD LDS.
Instance name: instance5
Computers will connect to this instance of AD LDS using the following ports:
LDAP port: 50008
SSL port: 50009
AD LDS replication will use Negotiate authentication.
Store AD LDS data files in the following location:
C:\Program Files\Microsoft ADAM\instance5\data
Store AD LDS log files in the following location:
C:\Program Files\Microsoft ADAM\instance5\data
Run AD LDS using the following account:
NT AUTHORITY\NetworkService
Set up the following account to administer AD LDS:
mydomain\domainadminuseraccount
Create the following application directory partition:
CN=Test,DC=COM
Import these LDIF files:
MS-AdamSyncMetadata.LDF
MS-ADLDS-DisplaySpecifiers.LDF
MS-InetOrgPerson.LDF
MS-User.LDF
MS-UserProxy.LDF
MS-UserProxyFull.LDF
Atenciosamente!
Tags windows ldap active-directory .net