ADAM Sync Configuration Problems
Fernando
installation. I have done all the schema updates and prerequisites.
My problem is that when I run the adamsync /sync command, the following
error is recorded in the log file and the process fails:
Establishing connection to target server manager:50000.
Saving Configuration File on OU=Users,OU=Accounts,O=NMDA,C=US
Saved configuration file.
ADAMSync is querying for a writeable replica of manager.web.nmda.org
Error: DCLocator call failed with error 1355. Attempting to bind directly to
string.
Establishing connection to source server manager:389.
Using file .?dam19.tmp as a store for deferred dn-references.
Populating the schema cache
Populating the well known objects cache
Ldap error occured. ldap_get_next_page_s: Operations Error.
Extended Info: 000020D6: SvcErr: DSID-031006C5, problem 5012 (DIR_ERROR),
data 0
.
Saving Configuration File on OU=Users,OU=Accounts,O=NMDA,C=US
Saved configuration file.
I have a domain controller (manager.web.nmda.org) with Active Directory
(port 389) and ADAM (port 50000) installed. My AD is organized so I have
ou=users,ou=accounts,dn=web,dn=nmda,dn=org
and I want to sync that with the ADAM instance at
ou=users,ou=accounts,o=nmda,c=us
Thank you in advance for your help.
Fernando Regueiro
Lee Flight
inline below...
"Fernando" <Fern...@discussions.microsoft.com> wrote in message
news:521598B0-0B27-41D0...@microsoft.com...
> Ldap error occured. ldap_get_next_page_s: Operations Error.
> Extended Info: 000020D6: SvcErr: DSID-031006C5, problem 5012 (DIR_ERROR),
> data 0
That's a namespace problem, the DSA is punting to a namespace
it does not cover
> My AD is organized so I have
> ou=users,ou=accounts,dn=web,dn=nmda,dn=org
assuming that should be dc= rather than dn=
> and I want to sync that with the ADAM instance at
> ou=users,ou=accounts,o=nmda,c=us
That is most likely your problem; you cannot transform the naming
contexts in that way, so in your config.xml if your source-ad-partition is
dc=web,dc=nmda,dc=org
then you will need to create an ADAM naming context
dc=web,dc=nmda,dc=org, <target-rdn>
where target-rdn can be some naming component or nothing. If you
then specify the base-dn as
ou=users,ou=accounts,dc=web,dc=nmda,dc=org
That should sync the data for you.
HTH
Lee Flight
Fernando
I really appreciate your help. You are obviously amazingly knowledgeable
about this thing.
Here is the part of my config.xml that I would ask you to review. As you
pointed out, I wrote out dn instead of dc in my posting but that was ok in
the xml. My ADAM naming context is o=NMDA, c=US and I can see it fine when I
do the partition management with dsmgmt.
<configuration>
<config-name>ADAMApplication</config-name>
<description>For ADAM Application</description>
<security-mode>object</security-mode>
<source-ad-name>manager.web.nmda.org</source-ad-name>
<source-ad-partition>dc=web,dc=nmda,dc=org</source-ad-partition>
<source-ad-account>adam</source-ad-account>
<account-domain>web</account-domain>
<target-rdn>o=NMDA,c=US</target-rdn>
<query>
<base-dn>ou=users,ou=accounts,dc=web,dc=nmda,dc=org</base-dn>
Now when I type:
adamsync /i manager:50000 config.xml
The error is Unable to read attribute objectClass on
dc=web,dc=nmda,dc=org,o=NMMA,c=US
Once again, thank you for all your help.
Fernando
Lee Flight
you problem is likely that you are still trying to transform DNs.
You have:
<source-ad-partition>dc=web,dc=nmda,dc=org</source-ad-partition>
and so you ADAM naming context has to start
dc=web,dc=nmda,dc=org [someother naming attribute]
e.g.
dc=web,dc=nmda,dc=org,dc=something
[someother naming attribute] has to be dc=something in your case
as domainDNS (dc=) can only other domainDNS as superiors by
default. Note that you can have [someother naming attribute] empty if
you wish.
Try creating an ADAM naming context
dc=web,dc=nmda,dc=org
and leaving the target-rdn empty and see if you can get the data to sync
using
adamsync /i <ADAMserver>:<ADAMport> config.xml
Lee Flight
"Fernando" <Fern...@discussions.microsoft.com> wrote in message
news:3AB283DF-43F8-494A...@microsoft.com...
bundarjv
In lab environment have AD 2000 schema need to pull information so can
host in an ADAM instance running AD2003. Have setup separate forest
from production and I am experiencing a similar problem trying to setup
an Adam instance. Have created the instance, used gui to sync schemas,
ran the ldifde to extend for Win 2k03 and meta data. Now trying to run
the "adamsync /install using the MS-adamsyncconf.xml file and receive
the following error.
"unable to read attribute object class on dc=test,dc=domain,dc=com"
After running the schema analyzer had 1776 attributes from target
domain server and after choosing "all non-present elements" final LDIF
file listed at 1558 attributes.
Can export the user contents from target domain with no problem but
cannot import into adam instance nor run this sync command.
--
bundarjv
------------------------------------------------------------------------
bundarjv's Profile: http://forums.techarena.in/member.php?userid=26155
View this thread: http://forums.techarena.in/showthread.php?t=64934
Lee Flight
if the source AD you are sync'ing from is W2K then you need
to install an ADAM instance, then use ADSchemaAnalyzer
to sync the schemas, import MS-AdamSyncMetaData.ldf
and then follow the notes here:
noting the permissions that have to be added for the account being used
for sync.
Lee Flight
bundarjv
However, now try the /sync and receive error
Ldap error occured, ldap_bind-s: invalid credentials
Extended info: 8009030c: LdapErr: DSID-0c0903e2, comment:
AcceptSecurityContext error, data 0, v893.
Lee Flight
check source-ad-account and account-domain
in your XML config and if necessary use /passprompt
on the adamsync /install command line to specify password
for that account.
Lee Flight
"bundarjv" <bundarj...@DoNotSpam.com> wrote in message
news:bundarj...@DoNotSpam.com...
bundarjv
Trying to run "adamsync /fs" get error message
Ldap error occured. ldap_bind_s: Invalid Credentials.
Extended Info: 8009030C: LdapErr: DSID-0C0903E2, comment:
AcceptSecurityContext
error, data 0, v893.
Any ideas on the invalid credentials, where to look in the Adam
instance to verify what this is looking at? We have a separate forest
that Adam resides in going back to our production forest to pull the
information.
bundarjv
Thanks for the reply, but my later post states we are past the /sync
command and running into problem with /fs command. Tried the
/passprompt but do not get a prompt for a password.
Trying to run "adamsync /fs" get error message
Ldap error occured. ldap_bind_s: Invalid Credentials.
Extended Info: 8009030C: LdapErr: DSID-0C0903E2, comment:
AcceptSecurityContext
error, data 0, v893.
Where is this command looking for its credentials to run the full sync
command? Is there a configuration file we need to look at? The
ADSchemaAnalyzer was setup using an account to the production domain
that works fine, in addition we have put this account in the xml config
file.
Lee Flight
so did the /sync run OK?
Anyway I think you need
the account details (including account-domain and the
FQDN of the remote DC) in your XML config and
then run the /install of that config with /passprompt
that will then cache the credentials for subsequent sync
runs.
Lee Flight
"bundarjv" <bundarj...@DoNotSpam.com> wrote in message
news:bundarj...@DoNotSpam.com...
>
bundarjv
Getting further in our quest for ADAM instance for the AD. Received
this error in the log file while performing the sync operation.
Checking under ADSI edit actually see CN objects of the domain objects
so seems to be working. Anyway to bypass these errors and move on?
How to do this operation with Global Catalog entries?
Ldap error occured. ldap_add_sW: Naming Violation.
Extended Info: 00002099: NameErr: DSID-03050F78, problem 2005
(NAMING_VIOLATION), data 0, best match of:
'CN=Builtin,dc=blamericas,dc=bausch,dc=com'
Lee Flight
specifically see:
http://blogs.technet.com/efleis/archive/2005/09/14/syncing-to-our-ou-synctargetou-nc-instead.aspx
and generally:
http://blogs.technet.com/efleis/archive/tags/ADAMSync/default.aspx
Lee Flight
"bundarjv" <bundarj...@DoNotSpam.com> wrote in message
news:bundarj...@DoNotSpam.com...
>
datta
Hello,
i have install ADAM on window server2003 and tryiing to add user in
active directory in application using activedirectory membership
provider...
I am getting "Sys.WebForms.PageRequestManagerServerErrorException:An
unknown error occured while processing the request on the server.The
status code returned from the server was :500" this error when i am
trying to add user to Active directory using create user wizard control
with use of activedirectory membership provider...
Can anybody pls help me to solve this issue...??
<connectionStrings>
<add name="ADConnectionString"
connectionString=LDAP://ServerName:389/OU=West,O=Magic,C=US/>
</connectionStrings>
<membership defaultProvider="MembershipADProvider">
<providers>
<add name="MembershipADProvider"
connectionStringName="ADConnectionString"
type="System.Web.Security.ActiveDirectoryMembershipProvider,
System.Web,Version=2.0.0.0,
Culture=neutral,PublicKeyToken=b03f5f7f11d50a3a"
connectionUserName="Admin user of ADAM" // Is this right?
connectionPassword="passwd of admin user "
connectionProtection="None" />
</providers>
</membership>
--
datta
------------------------------------------------------------------------
datta's Profile: http://forums.techarena.in/member.php?userid=27906