LDIF file import
-
Sunday, June 17, 2012 12:36 PM
i was requested to create new groups in my Active directory, using the belwo Groups.ldif file:
================================================================
dn: cn=admin,ou=groups,ou=ECM,ou=applications,dc=udcdev,dc=local
changetype: add
description: Oracle application software ECM system group.
objectclass: top
objectclass: groupOfUniqueNames
cn: admin
dn: cn=sysmanager,ou=groups,ou=ECM,ou=applications,dc=udcdev,dc=local
changetype: add
description: Oracle application software ECM system group.
objectclass: top
objectclass: groupOfUniqueNames
cn: sysmanager
dn: cn=UDCGroupUser,ou=groups,ou=ECM,ou=applications,dc=udcdev,dc=local changetype: add
description: Oracle application software ECM system group.
objectclass: top
objectclass: groupOfUniqueNames
cn: UDCGroupUser
===================================================================
On my Ad users and computed, i created the OU's Applications, ECM and groups.
now when i run thecmmand:
ldifde -i -f groups.ldif -s [servername]
i'm getting the error
---------------------------------------------------------------------------
Connecting to "udcdc.udcdev.local"
Logging in as current user using SSPI
Importing directory from file "groups.ldif"
Loading entriesAdd error on entry starting on line 1: Object Class Violation
The server side error is: 0x207c A required attribute is missing.
The extended server error is:
0000207C: UpdErr: DSID-031511EA, problem 6002 (OBJ_CLASS_VIOLATION), data 0--------------------------------------------------------------------------------------------------
what is wrong with my ldif file or with the command?
All Replies
-
Sunday, June 17, 2012 3:27 PM
You really need to post your question on a more appropriate forum, such as this one:
http://social.technet.microsoft.com/Forums/en-us/winserverDS/threads
While this forum deals with LDIF formats it must be in the context of FIM.
Thanks.
(P.S. the best advice I can give you is to manually create some AD groups, then run LDIFDE to export them, and experiment with the command line options to restrict the output to just the properties you wish. You should then be able to spot what is required to change your script ... e.g. the objectclass "groupOfUniqueNames" is not a standard AD class AFAIK).
Bob Bradley (FIMBob @ http://thefimteam.com/) ... now using Event Broker 3.0 @ http://www.fimeventbroker.com/ for just-in-time delivery of FIM 2010 policy via the sync engine
-
Monday, June 18, 2012 4:35 AM
thank you too much sir for your rply,
i posted it in your mentioned forum,
this was requested to integrate AD with some Oracle Application, i was confused as well with this Objectcalass. i believe it is something related to OpenLDAP.
will keep you updated if i get any reply.
Many thanks
-
Monday, June 18, 2012 8:02 AMAs Bob pointed out - You need to update this LDIF for AD as You have to update objectClass + You might need a bit of formatting on this file but this might be a problem only with text pasted here on a forum.
-
Friday, June 29, 2012 11:41 AM
something like this should work. Don't forget to specify samAccountName, this this is mandatory in AD.
dn: CN=My Enterprise Admins,CN=Users,DC=company,DC=net
changetype: add
objectClass: top
objectClass: group
cn: My Enterprise Admins
sAMAccountName: My Enterprise Admins
groupType: -2147483640/Matthias
- Proposed As Answer by UNIFYBobMVP Wednesday, September 26, 2012 12:31 PM
- Marked As Answer by Markus VilcinskasMicrosoft Employee, Owner Thursday, March 14, 2013 9:51 AM
-
Sunday, July 01, 2012 8:56 AM
Hotrigger,
I believe Matthias is correct.............that file would probably work. The one you have doesn't have groupType attribute value, I'm pretty sure this is necessary attribute for group object in AD. Try adding that value to all of the group objects in oyur file, and I have confidence that shoud work.
- Proposed As Answer by UNIFYBobMVP Wednesday, September 26, 2012 12:31 PM
- Marked As Answer by Markus VilcinskasMicrosoft Employee, Owner Thursday, March 14, 2013 9:51 AM
.png)
