Link to home
Create AccountLog in
Avatar of Michael Pfister
Michael PfisterFlag for Germany

asked on

LDS/ADAM sync fails with Ldap error occured. 2: Other.

We're using LDS on a Windows 2008 R2 server to sync an entire AD structure. The sync worked for months.
Since someone renamed a few OUs in our source AD, the replication fails with:

Processing Entry: Page 17, Frame 2, Entry 0, Count 0, USN 10982793
Processing source entry <guid=3d06383f157fa0449aa8f3a00a01db97>
Processing in-scope entry 3d06383f157fa0449aa8f3a00a01db97.
(sourceobjectguid=\3d\06\38\3f\15\7f\a0\44\9a\a8\f3\a0\0a\01\db\97) exists in target. Converting object creation to object modification.
Renaming target object (implicit) OU=User,OU=<OU name>,DC=<DC name> to .
Ldap error occured. 2: Other.
Extended Info: 00002089: UpdErr: DSID-031B0CEC, problem 5012 (DIR_ERROR), data 2
Ldap error occured. 2: Other.
Extended Info: 00002089: UpdErr: DSID-031B0CEC, problem 5012 (DIR_ERROR), data 2
Saving Configuration File on DC=<DC name>
Saved configuration file.

The OU=User,OU=<OU name>,DC=<DC name> was renamed (probably).
The only way to fix this is to manually remove the offending OU (OU=<OU name>,DC=<DC name>) from LDS and do a full resync.

Always manually removing the OUs from LDS is not really an option. Any ideas?
Avatar of Justin Owens
Justin Owens
Flag of United States of America image

Depends on if you want quick and dirty or if you want a cause/effect solution.  Quick and dirty is backup and then delete your LDS database on your remote server and re-sync the entire thing (or you could just delete the objects in that OU and the OU itself from LDS, but that is more work, really).  Your missing OU won't be an issue then.  

Cause/effect is more difficult.  LDS keys off of userPrincipalName, and it has an entry for an OU already with an existing userPrincipalName, because renaming an OU won't change that.  It sees the conflict and doesn't know what to do with it.

DrUltima
Avatar of Michael Pfister

ASKER

Anything that can run automatically would be fine, but I can't take the entire LDS down for long... max. 5 minutes?
Time depends on how big your AD is and how fast your connection is between your AD controller and your LDS server.  If downtime is an issue, I would suggest doing the re-sync after hours.
After hours is difficult .. working time is 24h/5 days. A full sync takes around 10 mins (big AD, low bandwidth)...
ASKER CERTIFIED SOLUTION
Avatar of Justin Owens
Justin Owens
Flag of United States of America image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
I don't know how often they will change the OU structure... I hope not on a daily basis. Thanks for your help