TROUBLESHOOTING: AD LDS Provisioning: unexpected-error with No Such Attribute

TROUBLESHOOTING: AD LDS Provisioning: unexpected-error with No Such Attribute



OVERVIEW / PURPOSE / GOAL 

The purpose of this wiki is to cover an issue we recently worked dealing with provisioning users from Active Directory ( AD ) to Active Directory Lightweight Directory Services ( AD LDS ) and the error message that we received when attempting to export to AD LDS.

PROBLEM STATEMENT

In this case, we were using a metaverse extension to provision the users from Active Directory ( AD ) to Active Directory Lightweight Directory Services ( AD LDS ).  The users were provisioning successfully without synchronization errors.  However, when we went to export the user objects to AD LDS, we received an unexpected-error in the Synchronization Service Engine console.



If we drill down into the error by clicking on the unexpected-error hyperlink, then we get a dialog titled "Connector Space Object Properties".  Here we can see that we are receiving a message from the Connected Data Source, which in this case is AD LDS.  The Connected data source error is No Such Attribute.



You review the properties of the object, and cannot locate an attribute that may not exist on the connected data source.

CAUSE

In this case, AD LDS was looking for the traffic to be encrypted, and in review of the AD LDS Management Agent properties, we discovered that encryption was not selected as displayed in the below picture.

RESOLUTION

The resolution here is actually quite simple.  Place a check mark beside "Sign and Encrypt LDAP Traffic", and then click Ok.  You can do this through the following steps:
    1. Open the Synchronization Manager Console, Selct the AD LDS MA
    2. From the Actions menu, select Properties ( CTRL+ P )
    3. Select Connect to Active Directory Lightweight Directory Services

                        

  1. Click the Options button to get the Connection Options dialog

            

  1. Check mark beside Sign and Encrypt LDAP Traffic
  2. Click Ok

You do not have to re-synchronize the data.  You can run the export now. 

If you want to test the export first, because you have a lot of objects to test, then I would recommend creating a run profile that will call Export, and set a Threshold to only export a few objects.  If you decide to test, I would recommend reviewing the following Microsoft TechNet Wiki discussing the topic of Exporting to a Threshold.

SEE ALSO

FIM Landing Page: Resource Wiki Page Index

 
Sort by: Published Date | Most Recent | Most Useful
Comments
  • Richard Mueller edited Revision 17. Comment: Removed (en-US) from title, added tags

Page 1 of 1 (1 items)