Solved

Synchronizing existing users between AD and Identity Vault

Posted on 2007-11-15
2
2,229 Views
Last Modified: 2008-02-01
I am currently testing OES 2 running on SLES10.1. I have installed Identity Manager 3.51 on the OES machine running as the metadirectory server. My connected system is Windows 2003 Server R2. I am unable to synchronize existing users, but if I create a new user in either AD or Edir the user is replicated to the other connected system.

Below is the error:

Message 1:
Thu Nov 15 14:17:08 SAST 2007
Warning
No description provided.
Code(-8003) Unable to synchronize reference to \TEST_TREE\testou\admin from attribute Owner.

Message 2:
Thu Nov 15 14:17:08 SAST 2007
Warning
No description provided.
Code(-8003) Unable to synchronize reference to \TEST_TREE\testou\users\testuser from attribute Member.

Message 6:
Thu Nov 15 14:17:08 SAST 2007
Warning
<status level="warning">Code(-8017) Operation vetoed by object creation policy.<application>DirXML</application>
      <module>Active Directory</module>
      <object-dn>\TEST_TREE\testou\users\testuser</object-dn>
      <component>Subscriber</component>
</status>
\TEST_TREE\testou\users\testuser

Any ideas ?
0
Comment
Question by:dielem10
2 Comments
 
LVL 19

Accepted Solution

by:
alextoft earned 250 total points
ID: 20293191
Firstly, ignore the "unable to sync reference" warnings. The problem is in the veto message. Have a look at your creation policies and work through them, examine the rules to see what is veto'd and why.

As I remember, IDM 3.5 will veto create operations if a user does not have the universal password populated in eDir. If you're trying to export a pre-existing user, this may well be the case. Have you setup the Universal Password policies correctly?

Alternatively, up your trace level to 5 in order to get a more detailed log output.
0
 

Author Comment

by:dielem10
ID: 20296511
Thanks. I thought the universal password for the user was set, but I was wrong. Once I set it, it all worked fine.
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
NDS object move 10 914
novell vibe with zimbra mail server and ldap users 2 1,195
Novell VM migrate to ESXi 4 1 801
DOS NETWARE CLIENT ( E100BODI.COM CAN'T LOAD) 9 940
Most MSPs worth their salt are already offering cybersecurity to their customers. But cybersecurity as a service is wide encompassing and can mean many things.  So where are MSPs falling in this spectrum?
The Nano Server Image Builder helps you create a custom Nano Server image and bootable USB media with the aid of a graphical interface. Based on the inputs you provide, it generates images for deployment and creates reusable PowerShell scripts that …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used.

791 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question