Synchronizing existing users between AD and Identity Vault

Posted on 2007-11-15
Medium Priority
Last Modified: 2008-02-01
I am currently testing OES 2 running on SLES10.1. I have installed Identity Manager 3.51 on the OES machine running as the metadirectory server. My connected system is Windows 2003 Server R2. I am unable to synchronize existing users, but if I create a new user in either AD or Edir the user is replicated to the other connected system.

Below is the error:

Message 1:
Thu Nov 15 14:17:08 SAST 2007
No description provided.
Code(-8003) Unable to synchronize reference to \TEST_TREE\testou\admin from attribute Owner.

Message 2:
Thu Nov 15 14:17:08 SAST 2007
No description provided.
Code(-8003) Unable to synchronize reference to \TEST_TREE\testou\users\testuser from attribute Member.

Message 6:
Thu Nov 15 14:17:08 SAST 2007
<status level="warning">Code(-8017) Operation vetoed by object creation policy.<application>DirXML</application>
      <module>Active Directory</module>

Any ideas ?
Question by:dielem10
LVL 19

Accepted Solution

alextoft earned 1000 total points
ID: 20293191
Firstly, ignore the "unable to sync reference" warnings. The problem is in the veto message. Have a look at your creation policies and work through them, examine the rules to see what is veto'd and why.

As I remember, IDM 3.5 will veto create operations if a user does not have the universal password populated in eDir. If you're trying to export a pre-existing user, this may well be the case. Have you setup the Universal Password policies correctly?

Alternatively, up your trace level to 5 in order to get a more detailed log output.

Author Comment

ID: 20296511
Thanks. I thought the universal password for the user was set, but I was wrong. Once I set it, it all worked fine.

Featured Post

The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

In computing, Vulnerability assessment and penetration testing are used to assess systems in light of the organization's security posture, but they have different purposes.
AngularJS web development a very simple procedure. So, to put it, in short, AngularJS’ stand out features are – Two-way data binding, MVC structure, directives, templates, dependency injections and testing.
Watch the video to know how one can repair corrupt Exchange OST file effortlessly and convert OST emails to MS Outlook PST file format by using Kernel for OST to PST converter tool. It can convert OST to MSG, MBOX, EML to access them. It can migrate…
From store locators to asset tracking and route optimization, learn how leading companies are using Google Maps APIs throughout the customer journey to increase checkout conversions, boost user engagement, and optimize order fulfillment. Powered …

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question