Solved

Use ldf script to change an entity from one OU to another

Posted on 2014-01-14
6
379 Views
Last Modified: 2014-01-14
I manipulate entries in an LDAP (happens to be AD, but I am using standard ldf commands) programmatically.

I need to move a user from one OU to another.  What is the syntax to do that?  For example, I may have a user with the following DN:

CN=Moore\, William J, OU=Students, DC=jacks, DC=local

I need to change him to:

CN=Moore\, William J, OU=Stu_Applicants, DC=jacks, DC=local
0
Comment
Question by:WJoeMoore
  • 4
6 Comments
 
LVL 10

Expert Comment

by:remmett70
ID: 39780573
0
 

Author Comment

by:WJoeMoore
ID: 39780739
Thanks.  This is the error I now get:

C:\d drive scripts>ldifde -i -f "Test 1235437_3.ldf" -s seacat -j "c:\d drive scripts"
Connecting to "seacat"
Logging in as current user using SSPI
Importing directory from file "Test 1235437_3.ldf"
Loading entries.
Add error on entry starting on line 3: Other
The server side error is: 0x2089 The operation could not be performed because the object's parent is either uninstantiated or deleted.
The extended server error is:
00002089: UpdErr: DSID-031B0CEC, problem 5012 (DIR_ERROR), data 5

From:

#
# ID: 1235437
dn: CN=Moore\, William J,OU=Students,DC=jacks,DC=local
changetype: modrdn
newrdn: CN=Charlie Parker
deleteOldRdn: 1
newSuperior: DC=jacks,DC=local,OU=Stu_Applicants

Stu_Applicants currently has no 'normal' objects--just another OU.  Should we create one manually just to make sure everything is initialized properly?

Thanks!
0
 
LVL 5

Accepted Solution

by:
alicain earned 500 total points
ID: 39780767
Hello WJoeMoore,

The new parent OU will need to exist already, you could create an object as a test, but no real need to.  If its a heavily distributed environment then ensuring that replication has occurred everywhere would be wise, but more likely the problem is that the DN is the wrong way around there, it should be:
   OU=Stu_Applicants,DC=jacks,DC=local

Regards,
Alastair.
0
 

Author Comment

by:WJoeMoore
ID: 39780775
You were absolutely correct on the 2nd part of your note.  I switched the DC vs OU order and it worked fine.  Thanks, and I'll give you full credit.
0
 

Author Comment

by:WJoeMoore
ID: 39780780
I've requested that this question be closed as follows:

Accepted answer: 0 points for WJoeMoore's comment #a39780775

for the following reason:

Excellent understanding of question and error from first interpretation of answer.
0
 

Author Closing Comment

by:WJoeMoore
ID: 39780781
Accidentally gave credit to my own comment.  Too quick on the submit.
0

Join & Write a Comment

Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now