cannot move computer object with 2008R2 AD?

75 views

Skip to first unread message

Sam Powers

unread,

Sep 11, 2011, 9:41:46 PM9/11/11

to python-ad

I'm having a hard time with client.rename and computer objects. It
seems like it can't move the object to a new OU, and I get a nasty
implementation specific error from the server.

This client.rename with newsuperior thing has worked well, I have
moved hundreds of USER accounts in the last few days with python-ad
and I am eternally grateful, but now I'm confused as it is not working
with computer accounts.

I set the client.rename function up like this:

dn: CN=TSS-DUH,OU=Unsorted Computers,DC=district6,DC=org
newrdn: CN=TSS-DUH
newsuperior: OU=Workstations,OU=TSS,OU=Locations,DC=district6,DC=org

When I call client.rename, I get this back from the server:

Traceback (most recent call last):
File "./ad_computer_sorter.py", line 33, in <module>
client.rename(dn, newrdn, dest)
File "/usr/lib/python2.5/site-packages/ad/core/client.py", line 510,
in rename
conn.rename_s(dn, newrdn, newsuperior, delold)
File "/usr/lib/python2.5/site-packages/ldap/ldapobject.py", line
375, in rename_s
return self.result(msgid,all=1,timeout=self.timeout)
File "/usr/lib/python2.5/site-packages/ldap/ldapobject.py", line
428, in result
res_type,res_data,res_msgid = self.result2(msgid,all,timeout)
File "/usr/lib/python2.5/site-packages/ldap/ldapobject.py", line
432, in result2
res_type, res_data, res_msgid, srv_ctrls =
self.result3(msgid,all,timeout)
File "/usr/lib/python2.5/site-packages/ldap/ldapobject.py", line
438, in result3
rtype, rdata, rmsgid, serverctrls =
self._ldap_call(self._l.result3,msgid,all,timeout)
File "/usr/lib/python2.5/site-packages/ldap/ldapobject.py", line 97,
in _ldap_call
result = func(*args,**kwargs)
ldap.OTHER: {'info': '00002089: UpdErr: DSID-031B0CEC, problem 5012
(DIR_ERROR), data 2\n', 'desc': 'Other (e.g., implementation specific)
error'}

One interesting thing is that if I say delold=False, the error is
different:
ldap.UNWILLING_TO_PERFORM: {'info': '00000057: LdapErr: DSID-0C090AAB,
comment: Old RDN must be deleted, data 0, v1db1', 'desc': 'Server is
unwilling to perform'}

Any clue what could be happening here? Our directory is an up-to-date
2008 R2 with one DC.

Geert Jansen

unread,

Sep 12, 2011, 2:14:34 AM9/12/11

to pyth...@googlegroups.com

Hi,

unfortunately i have no idea.. The fact that you can move user
accounts but not computer accounts, indicates to me that the problem
is on the AD side. I know AD needs to enforce a lot of constraints on
object attributes, and sometimes this manifests itself as generic
errors if those constraints can't be maintained. For example, i know
you get a very unhelpful error if you try to activate a user account
which has no password set.

The only things i could recommend are i) experiment some more (see if
you can move to a sub-OU of the current OU, etc, ii) see if there's
any logs on the DC, and iii) ask on one of the Microsoft forums.

Good luck,
Geert

> --
> You received this message because you are subscribed to the Google Groups "python-ad" group.
> To post to this group, send email to pyth...@googlegroups.com.
> To unsubscribe from this group, send email to python-ad+...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/python-ad?hl=en.
>
>

Reply all

Reply to author

Forward

0 new messages