none
LDIF file import

    Question

  • i was requested to create new groups in my Active directory, using the belwo Groups.ldif file:

    ================================================================

    
    

    dn: cn=admin,ou=groups,ou=ECM,ou=applications,dc=udcdev,dc=local

    changetype: add

    description: Oracle application software ECM system group.

    objectclass: top

    objectclass: groupOfUniqueNames

    cn: admin

    dn: cn=sysmanager,ou=groups,ou=ECM,ou=applications,dc=udcdev,dc=local

    changetype: add

    description: Oracle application software ECM system group.

    objectclass: top

    objectclass: groupOfUniqueNames

    cn: sysmanager

    dn: cn=UDCGroupUser,ou=groups,ou=ECM,ou=applications,dc=udcdev,dc=local changetype: add

    description: Oracle application software ECM system group.

    objectclass: top

    objectclass: groupOfUniqueNames

    cn: UDCGroupUser

    ===================================================================

    On my Ad users and computed, i created the OU's Applications, ECM and groups.

    now when i run thecmmand:

    ldifde -i -f groups.ldif -s [servername]

    i'm getting the error

    ---------------------------------------------------------------------------

    Connecting to "udcdc.udcdev.local"
    Logging in as current user using SSPI
    Importing directory from file "groups.ldif"
    Loading entriesAdd error on entry starting on line 1: Object Class Violation
    The server side error is: 0x207c A required attribute is missing.
    The extended server error is:
    0000207C: UpdErr: DSID-031511EA, problem 6002 (OBJ_CLASS_VIOLATION), data 0

    --------------------------------------------------------------------------------------------------

    what is wrong with my ldif file or with the command?

    Sunday, June 17, 2012 12:36 PM

Answers

  • something like this should work. Don't forget to specify samAccountName, this this is mandatory in AD.

    dn: CN=My Enterprise Admins,CN=Users,DC=company,DC=net
    changetype: add
    objectClass: top
    objectClass: group
    cn: My Enterprise Admins
    sAMAccountName: My Enterprise Admins
    groupType: -2147483640


    /Matthias

    Friday, June 29, 2012 11:41 AM
  • Hotrigger,

    I believe Matthias is correct.............that file would probably work. The one you have doesn't have groupType attribute value, I'm pretty sure this is necessary attribute for group object in AD. Try adding that value to all of the group objects in oyur file, and I have confidence that shoud work.

    Sunday, July 01, 2012 8:56 AM

All replies

  • You really need to post your question on a more appropriate forum, such as this one:

    http://social.technet.microsoft.com/Forums/en-us/winserverDS/threads

    While this forum deals with LDIF formats it must be in the context of FIM.

    Thanks.

    (P.S. the best advice I can give you is to manually create some AD groups, then run LDIFDE to export them, and experiment with the command line options to restrict the output to just the properties you wish.  You should then be able to spot what is required to change your script ... e.g. the objectclass "groupOfUniqueNames" is not a standard AD class AFAIK).


    Bob Bradley (FIMBob @ http://thefimteam.com/) ... now using Event Broker 3.0 @ http://www.fimeventbroker.com/ for just-in-time delivery of FIM 2010 policy via the sync engine

    Sunday, June 17, 2012 3:27 PM
  • thank you too much sir for your rply,

    i posted it in your mentioned forum,

    this was requested to integrate AD with some Oracle Application, i was confused as well with this Objectcalass. i believe it is something related to OpenLDAP.

    will keep you updated if i get any reply.

    Many thanks

    Monday, June 18, 2012 4:35 AM
  • As Bob pointed out - You need to update this LDIF for AD as You have to update objectClass + You might need a bit of formatting on this file but this might be a problem only with text pasted here on a forum.
    Monday, June 18, 2012 8:02 AM
  • something like this should work. Don't forget to specify samAccountName, this this is mandatory in AD.

    dn: CN=My Enterprise Admins,CN=Users,DC=company,DC=net
    changetype: add
    objectClass: top
    objectClass: group
    cn: My Enterprise Admins
    sAMAccountName: My Enterprise Admins
    groupType: -2147483640


    /Matthias

    Friday, June 29, 2012 11:41 AM
  • Hotrigger,

    I believe Matthias is correct.............that file would probably work. The one you have doesn't have groupType attribute value, I'm pretty sure this is necessary attribute for group object in AD. Try adding that value to all of the group objects in oyur file, and I have confidence that shoud work.

    Sunday, July 01, 2012 8:56 AM