Solved

How to add LDAP entry that with more than one OU

Posted on 2014-01-17
5
481 Views
Last Modified: 2014-02-08
I have been adding new entries to AD using ldf for a long time very successfully.  The beginning of the entry looks like:

dn: CN={obsfucated},OU=Test-SDSU,DC=Jacks,DC=Local
changetype: add
objectclass: user
cn: {obsfucated}
displayname: {obsfucated}
name: {obsfucated}
Initials: M
...

Now, I need to add very similar entries into the OU:

OU=Import,OU=Stu_Applicants,DC=jacks,DC=local

The obvious to me was:

dn: CN={obsfucated},OU=Import,OU=Stu_Applicants,DC=jacks,DC=local
changetype: add
objectclass: user
cn: {obsfucated}
displayname: {obsfucated}
name: {obsfucated}
Initials: M
...

but I get the following error:

C:\d drive scripts>ldifde -i -f "2014-01-16-NewAD_1.ldf" -s seacat -j "c:\d drive scripts"

Connecting to "seacat"

Logging in as current user using SSPI

Importing directory from file "2014-01-16-NewAD_1.ldf"

Loading entries.

Add error on entry starting on line 6: Invalid DN Syntax

The server side error is: 0x2081 Multiple values were specified for an attribute

that can have only one value.

The extended server error is:

00002081: NameErr: DSID-03050C42, problem 2003 (BAD_ATT_SYNTAX), data 0, best ma

tch of:

        'CN=***********,OU=Import,OU=Stu_Applicants,DC=jacks,DC=local'

The entire entry (with name obsfucated) is:

# Creates built at: 01/16/2014 16:27
#
# LDAPJacks_Name_Lookup has been updated, so if this batch is not processed that file will need to be manipulated
#
# 7239114
dn: CN=Last\, First,OU=Import,OU=Stu_Applicants,DC=jacks,DC=local
changetype: add
objectclass: user
cn: Last, First Middle
displayname: Last, First Middle - SDSU Student
name: First Middle Last
Initials: A
mAPIRecipient: FALSE
givenname: First
extensionAttribute2: 7239114
sn: Last
samAccountName: eaLast
mailNickname: First.Last
userPrincipalName: First.Last@jacks.sdstate.edu
mail: First.Last@jacks.sdstate.edu
proxyAddresses: SMTP:First.Last@jacks.sdstate.edu
targetAddress: SMTP:First.Last@jacks.sdstate.edu
extensionAttribute6: AD
msExchHideFromAddressLists: TRUE
Title: APPL
Department: Applicant
streetAddress: Off Campus
physicalDeliveryOfficeName: Off Campus
l: Brookings
st: SD
description: Stu_Applicants
postalCode: 57007
company: SDSU
userParameters: m:                    d\t
0
Comment
Question by:WJoeMoore
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
5 Comments
 

Author Comment

by:WJoeMoore
ID: 39788768
I attached the wrong message.  That was the message I got when I switched something.  The original error was:

C:\d drive scripts>ldifde -i -f "2014-01-16-NewAD_1.ldf" -s seacat -j "c:\d drive scripts"

Connecting to "seacat"

Logging in as current user using SSPI

Importing directory from file "2014-01-16-NewAD_1.ldf"

Loading entries.

Add error on entry starting on line 6: Invalid DN Syntax

The server side error is: 0x2081 Multiple values were specified for an attribute

that can have only one value.

The extended server error is:

00002081: NameErr: DSID-03050C42, problem 2003 (BAD_ATT_SYNTAX), data 0, best ma

tch of:

        'CN=**************,OU=Import,OU=Stu_Applicants,DC=jacks,DC=local'

 

0 entries modified successfully.

An error has occurred in the program
0
 
LVL 22

Expert Comment

by:Matt V
ID: 39790203
You cannot specify multiple OUs.  Specify the lowest level OU as the OU for the new entry.
0
 
LVL 62

Expert Comment

by:gheist
ID: 39792242
since object'c cn is part of it.... you actually can not.
0
 

Accepted Solution

by:
WJoeMoore earned 0 total points
ID: 39829646
Neither of these responses are correct.  My problem was that the cn: entry did not match the cn: part of the dn.
0
 

Author Closing Comment

by:WJoeMoore
ID: 39843890
It took me way to long to realize this--but it was not EE that gave me the answer.
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article runs through the process of deploying a single EXE application selectively to a group of user.
Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question