Rename User objects in AD with ILM having child objects
-
terça-feira, 8 de maio de 2012 14:27
Hi we have two OU in our AD
OU1. Active users OU
OU2. Disabled users OU
I am unable to rename user objects in AD from OU1 to OU2 with ilm, When done encounters an error System.InvalidOperationException: Unable to rename non-leaf object.
checking through ADSI edit i found that a container(CN=ExchangeActiveSyncDevices) is placed under user objects which holds the data of users with Exchange server synchronising devices like iphone and smartphone details.
Is it possible to rename such objects kindly provide me a way through.
-Dhayanandh
Todas as Respostas
-
terça-feira, 8 de maio de 2012 16:58
Hi,
Have you checked if the ADMA account has permissions on the Sync Devices container?
You may need to make ILM aware of the objects int he Sync Devices container and rename those as well as the user objects in the OU.
Check out this post on deprovisioning to see if it gives you any guidance: http://social.technet.microsoft.com/Forums/en-US/ilm2/thread/4b77100e-d195-4a46-a1ce-58cbf65ccf38
Hope that helps.
Thanks,
Sami
-
terça-feira, 8 de maio de 2012 19:25
We have leaf objects underneath user account objects in our AD from our third-party self-service password reset product (Specops Password Reset). With ILM 2007 FP1 at least, ILM is blissfully unaware that the user accounts with SSPR enrollments are not leaf objects so long as we do not include the object class to which the SSPR enrollments belong. It is only when ILM tries to export a delete that it notices the object isn't a leaf, but since we currently just rename and enable/disable, it meets our needs.
Are you including the object class for the active sync devices in your AD MA configuration, and could you remove them?
Chris
.png)
