Solved

Synchronizing existing users between AD and Identity Vault

Posted on 2007-11-15
2
2,201 Views
Last Modified: 2008-02-01
I am currently testing OES 2 running on SLES10.1. I have installed Identity Manager 3.51 on the OES machine running as the metadirectory server. My connected system is Windows 2003 Server R2. I am unable to synchronize existing users, but if I create a new user in either AD or Edir the user is replicated to the other connected system.

Below is the error:

Message 1:
Thu Nov 15 14:17:08 SAST 2007
Warning
No description provided.
Code(-8003) Unable to synchronize reference to \TEST_TREE\testou\admin from attribute Owner.

Message 2:
Thu Nov 15 14:17:08 SAST 2007
Warning
No description provided.
Code(-8003) Unable to synchronize reference to \TEST_TREE\testou\users\testuser from attribute Member.

Message 6:
Thu Nov 15 14:17:08 SAST 2007
Warning
<status level="warning">Code(-8017) Operation vetoed by object creation policy.<application>DirXML</application>
      <module>Active Directory</module>
      <object-dn>\TEST_TREE\testou\users\testuser</object-dn>
      <component>Subscriber</component>
</status>
\TEST_TREE\testou\users\testuser

Any ideas ?
0
Comment
Question by:dielem10
2 Comments
 
LVL 19

Accepted Solution

by:
alextoft earned 250 total points
ID: 20293191
Firstly, ignore the "unable to sync reference" warnings. The problem is in the veto message. Have a look at your creation policies and work through them, examine the rules to see what is veto'd and why.

As I remember, IDM 3.5 will veto create operations if a user does not have the universal password populated in eDir. If you're trying to export a pre-existing user, this may well be the case. Have you setup the Universal Password policies correctly?

Alternatively, up your trace level to 5 in order to get a more detailed log output.
0
 

Author Comment

by:dielem10
ID: 20296511
Thanks. I thought the universal password for the user was set, but I was wrong. Once I set it, it all worked fine.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Fine Tune your automatic Updates for Ubuntu / Debian
In 2017, ransomware will become so virulent and widespread that if you aren’t a victim yourself, you will know someone who is.
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.
Learn how to create flexible layouts using relative units in CSS.  New relative units added in CSS3 include vw(viewports width), vh(viewports height), vmin(minimum of viewports height and width), and vmax (maximum of viewports height and width).

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now