Thursday, November 10, 2011 4:42 PM
We have started replacing running logon scripts with group policy and this is causing problems in ILM. If the ScriptPath is blank on the AD MA export an error is generated saying invalid attribute, if you validate against the schema the error is "Required Attribute CN is missing" Where is it determined what AD objects are used during network account creation? Can including the ScriptPath be made optional? Currently my work around is ugly, have ILM create the account with a generic ScriptPath for those that should be blank, then execute a .Net program to clear the ScriptPath after the fact.
Friday, November 11, 2011 12:44 AM
Friday, November 11, 2011 2:46 AM
My ILM server creates plenty of user accounts and the script path is definitely not required. I don't even include it in the attributes imported by the AD MA.
I suspect you are trying to flow the empty string, which may not work. If you are wanting to clear it out, and are using Rule Extensions, try putting something like this in your export rule:
If you're going to clear them all out and never have ILM populate it again, you could also take the rule out and then use some other kind of tool to do the mass-update (like a vbscript, or even ADUC which can do at least some changes in bulk if you select multiple users though I don't know if it would be good for your situation or not).
- Marked As Answer by Rick 4 him Tuesday, November 15, 2011 10:09 PM
Tuesday, November 15, 2011 10:10 PM
Thanks I did just that and it worked well, Rick