Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Active Directory OU Move through ADSI

Posted on 2011-02-28
9
Medium Priority
?
1,399 Views
Last Modified: 2012-05-11
Hi Everyone,

I'm attempting to perform a rename of user's distinguishedName that results in the user being moved from one OU to another.  I'm using an IDM tool called Oracel Waveset (formerly Sun IDM) and when I pass in the new OU to be moved the gateway uses an ADSI call to actually move the user, however when I perform this command I recieve the following:

Unable to set user info: 'The name provided is not a properly formed account name'

I know that isn't a lot to go on, but can any of the AD experts out there tell me what would be expected to perform a move? ie. what attributes need to be passed in? should only the new DN be sufficient.  What about case sensitivity, is the DN case sensitive? If so, what is the format of that case sensitivity?  Any help would be greatly appreciated.
0
Comment
Question by:zozig
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 2
9 Comments
 
LVL 11

Expert Comment

by:Renato Montenegro Rustici
ID: 35003526
Take a look at this document:

Moving and Renaming User Accounts
http://technet.microsoft.com/en-us/library/ee198798.aspx

Try passing the parameters as the examples.

If it does not work, provide us with more information about the code used to move the users.
0
 
LVL 11

Expert Comment

by:Renato Montenegro Rustici
ID: 35003551
I found a topic in this forum:

Thread: Cannot Provision Users from IDM to AD
http://forums.oracle.com/forums/thread.jspa?threadID=1966907&tstart=-2

It seems like your issue. Try following the same steps to see if you can solve it.
0
 
LVL 11

Expert Comment

by:Renato Montenegro Rustici
ID: 35003566
At least you can check out three things:

1) See if your version of IDM is compatible with the version of Windows you are using.

2) It seems like case sensitivity may be an issue in IDM.

3) Check out the permissions for the AD adapter proxy account.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 1

Author Comment

by:zozig
ID: 35003661
Hi rmrustice,

Thanks for all the input, I have looked at the IDM thread you pointed out and it does make me think the DN is case sensitive but I just can't seem to find what is the right combination for example I've tried the follwoing:
CN=rnTest,OU=TestOU,DC=AD-DEV,DC=COM
cn=rnTest,ou=TestOU,dc=AD-DEV,dc=COM
cn=rntest,ou=testou,dc=ad-dev,dc=com
CN=RNTEST,OU=TESTOUT,DC=AD-DEV,DC=COM

not sure how many iterations I can go for DN but they have all given me the same error, the IDM version I'm using is compatible with the version of AD and the user does have permsions, I can move the user in the native tools with the account as well as move it with powershell scripts.  In any case, thanks for the feedback, I guess I'll keep trying different iterations of case sensitivity.

0
 
LVL 11

Accepted Solution

by:
Renato Montenegro Rustici earned 2000 total points
ID: 35003686
As far as I know, the DN case sensitivity is not important to ADSI. It may be important to the IDM.

To know exactly how it's registered in Active Directory, open ADSIEDIT.MSC, then navigate to the user. The interface will be very similar to the Active Directory Users and Computers. Then, open the user account, navigate thru the attributes until you find the distinguishedName. Double click it and copy it's contents.
0
 
LVL 11

Expert Comment

by:Renato Montenegro Rustici
ID: 35003708
Another way to get to the users distinguished name would be like this command:

dsquery user "dc=yourdomain,dc=com" -scope subtree -name johndoe

In this case, your domain is named yourdomain.com. Change it to fit your domain name. johndoe is the account name. Change it appropriately.
0
 
LVL 7

Expert Comment

by:FemSteenkamp
ID: 35006320
does it ask for the name and ou separately?
0
 
LVL 11

Expert Comment

by:Renato Montenegro Rustici
ID: 35224627
Any news on that?
0
 
LVL 1

Author Closing Comment

by:zozig
ID: 36289044
Sorry for the very late response on this, thanks for the help, I was able to resolve with a powershell script to move the user
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A hard and fast method for reducing Active Directory Administrators members.
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Suggested Courses

598 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question