Active Directory OU Move through ADSI
Hi Everyone,
I'm attempting to perform a rename of user's distinguishedName that results in the user being moved from one OU to another. I'm using an IDM tool called Oracel Waveset (formerly Sun IDM) and when I pass in the new OU to be moved the gateway uses an ADSI call to actually move the user, however when I perform this command I recieve the following:
Unable to set user info: 'The name provided is not a properly formed account name'
I know that isn't a lot to go on, but can any of the AD experts out there tell me what would be expected to perform a move? ie. what attributes need to be passed in? should only the new DN be sufficient. What about case sensitivity, is the DN case sensitive? If so, what is the format of that case sensitivity? Any help would be greatly appreciated.
I'm attempting to perform a rename of user's distinguishedName that results in the user being moved from one OU to another. I'm using an IDM tool called Oracel Waveset (formerly Sun IDM) and when I pass in the new OU to be moved the gateway uses an ADSI call to actually move the user, however when I perform this command I recieve the following:
Unable to set user info: 'The name provided is not a properly formed account name'
I know that isn't a lot to go on, but can any of the AD experts out there tell me what would be expected to perform a move? ie. what attributes need to be passed in? should only the new DN be sufficient. What about case sensitivity, is the DN case sensitive? If so, what is the format of that case sensitivity? Any help would be greatly appreciated.
I found a topic in this forum:
Thread: Cannot Provision Users from IDM to AD
http://forums.oracle.com/forums/thread.jspa?threadID=1966907&tstart=-2
It seems like your issue. Try following the same steps to see if you can solve it.
Thread: Cannot Provision Users from IDM to AD
http://forums.oracle.com/forums/thread.jspa?threadID=1966907&tstart=-2
It seems like your issue. Try following the same steps to see if you can solve it.
At least you can check out three things:
1) See if your version of IDM is compatible with the version of Windows you are using.
2) It seems like case sensitivity may be an issue in IDM.
3) Check out the permissions for the AD adapter proxy account.
1) See if your version of IDM is compatible with the version of Windows you are using.
2) It seems like case sensitivity may be an issue in IDM.
3) Check out the permissions for the AD adapter proxy account.
ASKER
Hi rmrustice,
Thanks for all the input, I have looked at the IDM thread you pointed out and it does make me think the DN is case sensitive but I just can't seem to find what is the right combination for example I've tried the follwoing:
CN=rnTest,OU=TestOU,DC=AD-
cn=rnTest,ou=TestOU,dc=AD-
cn=rntest,ou=testou,dc=ad-
CN=RNTEST,OU=TESTOUT,DC=AD
not sure how many iterations I can go for DN but they have all given me the same error, the IDM version I'm using is compatible with the version of AD and the user does have permsions, I can move the user in the native tools with the account as well as move it with powershell scripts. In any case, thanks for the feedback, I guess I'll keep trying different iterations of case sensitivity.
Thanks for all the input, I have looked at the IDM thread you pointed out and it does make me think the DN is case sensitive but I just can't seem to find what is the right combination for example I've tried the follwoing:
CN=rnTest,OU=TestOU,DC=AD-
cn=rnTest,ou=TestOU,dc=AD-
cn=rntest,ou=testou,dc=ad-
CN=RNTEST,OU=TESTOUT,DC=AD
not sure how many iterations I can go for DN but they have all given me the same error, the IDM version I'm using is compatible with the version of AD and the user does have permsions, I can move the user in the native tools with the account as well as move it with powershell scripts. In any case, thanks for the feedback, I guess I'll keep trying different iterations of case sensitivity.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Another way to get to the users distinguished name would be like this command:
dsquery user "dc=yourdomain,dc=com" -scope subtree -name johndoe
In this case, your domain is named yourdomain.com. Change it to fit your domain name. johndoe is the account name. Change it appropriately.
dsquery user "dc=yourdomain,dc=com" -scope subtree -name johndoe
In this case, your domain is named yourdomain.com. Change it to fit your domain name. johndoe is the account name. Change it appropriately.
does it ask for the name and ou separately?
Any news on that?
ASKER
Sorry for the very late response on this, thanks for the help, I was able to resolve with a powershell script to move the user
Moving and Renaming User Accounts
http://technet.microsoft.com/en-us/library/ee198798.aspx
Try passing the parameters as the examples.
If it does not work, provide us with more information about the code used to move the users.