Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

LDIFDE script error. Please help to solve it

Posted on 2014-12-15
16
Medium Priority
?
282 Views
Last Modified: 2015-01-27
Hello,
I am getting the error below when trying to import ldf file with bunch of attributes. WE have custom schema so I need to find out which attributes it is complaning about.

DO you know how can I compare attributes source and target schemas and determine the custom attributes that I am missing in my target schema? I can then use script to import only the ones that I have in the schema. Please note that LDIFDE script doesn't allow me to exclude attributes but I can list the attributes that I want to import. So, I would like to get the list of the attributes that are present in both schemas and attributes that are custom.


Here is the error:
Add error on line 2: No Such Attribute
The server side error is "The parameter is incorrect."
0 entries modified successfully.
An error has occurred in the program

Also this error tells me the line 2.....but still not sure which attribute on line 2. See below:
onnecting to "server01.lab.contoso.com"
Logging in as current user using SSPI
Importing directory from file "OutputUser2.ldf"
Loading entries
1: CN=Ong\, Khoon Doe,OU=Asia Pacific,OU=Terminated Users,DC=lab,DC=contoso,DC=com
Entry DN: CN=Ong\, Khoon Doe,OU=Asia Pacific,OU=Terminated Users,DC=lab,DC=contoso,DC=com
changetype: add
Attribute 0) objectClass:top person organizationalPerson user
Attribute 1) cn:Ong, Khoon Doe
Attribute 2) sn:Ong
Attribute 3) c:CN
Attribute 4) l:Tsimshatsui
Attribute 5) st:Hong Kong ,SAR
0
Comment
Question by:creative555
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 7
16 Comments
 
LVL 19

Expert Comment

by:Raheman M. Abdul
ID: 40502575
make sure there is no space in between DN:CN
make sure there are no extra spaces at the bottom of the file.
0
 
LVL 19

Expert Comment

by:Raheman M. Abdul
ID: 40502593
Make sure you have the exact spelling including lower and upper cases in the OU names etc.
Make sure there are no too many spaces in between and after words, The tool is very sensitive.

remove \ and see if that works

Ong\, Khoon Doe,
to
Ong, Khoon Doe,

Check the following if that helps.
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_21381822.html
0
 

Author Comment

by:creative555
ID: 40503157
I remove the space  between DN:CN but it is still shows no such attributues
Also just noticed that not all OUs got copied with this script. THe first user that it is trying to do is in OU that doesn't exist in the target. how do I make sure that All OUs get copied?

I used this script for OU

ldifde -f exportOu.ldf -s servername -d "dc=test,dc=lab,dc=com" -p subtree -r "(objectClass=organizationalUnit)" -l "cn,objectclass,ou"
0
WEBINAR - Latest Cyber Tips for Defense

Join the WatchGuard Threat Research Team on October 26th for an informative webinar featuring expert tips and tricks for defending your organization from today's latest cyber threats. Don't leave yourself vulnerable to attack. Register for the webinar today!

 
LVL 19

Accepted Solution

by:
Raheman M. Abdul earned 2000 total points
ID: 40503549
use -k switch to ignore the errors and continue processing.
 The operation has an object class violation
       This violation means that the specified object class does not exist, if the object being imported has no other attributes.

refer  for details: http://technet.microsoft.com/en-us/library/cc731033.aspx
0
 
LVL 19

Expert Comment

by:Raheman M. Abdul
ID: 40503756
can you post the exported .ldf file (of course after renaming the secure information to XXXXX)
0
 

Author Comment

by:creative555
ID: 40503797
Ok. So I re-imported the users using this script wich includes only 4 attributes and it worked! So, I will have to start adding one by one now. Four attributes are below.
cn,givenName,objectclass,samAccountName

Since I have so many attributes, do you know if there is a known exclusion list with attributes that just wont work and need to be exclude during export?? I already tried the second script below with the excluded list but still not able to import it. Seems that there are more exclusions.....See the second script where we need to add more exclusions

Please advise.

ldifde -f Exportuser.ldf -s <Server1> -d "dc=Export,dc=com" -p subtree
-r "(&(objectCategory=person)(objectClass=User)(givenname=*))"
-l "cn,givenName,objectclass,samAccountName"

ldifde -f Exportuser.ldf -s <Server1> -d "dc=Export,dc=com" -p subtree -r
"(&(objectCategory=person)(objectClass=User)(givenname=*))" -o "badPasswordTime,badPwdCount,lastLogoff,lastLogon,logonCount,
memberOf,objectGUID,objectSid,primaryGroupID,pwdLastSet,sAMAccountType"
0
 

Author Comment

by:creative555
ID: 40503807
ok. Here is the list of all attributes....Please advise the one we want to include and need to exclude. THank you!

Attribute      0)      objectClass
Attribute      1)      cn
Attribute      2)      sn
Attribute      3)      c
Attribute      4)      l
Attribute      5)      st
Attribute      6)      title
Attribute      7)      description
Attribute      8)      physicalDeliveryOfficeName
Attribute      9)      telephoneNumber
Attribute      10)      facsimileTelephoneNumber
Attribute      11)      givenName
Attribute      12)      initials
Attribute      13)      distinguishedName
Attribute      14)      instanceType
Attribute      15)      whenCreated
Attribute      16)      whenChanged
Attribute      17)      displayName
Attribute      18)      uSNCreated
Attribute      19)      uSNChanged
Attribute      20)      co
Attribute      21)      department
Attribute      22)      company
Attribute      23)      homeMTA
Attribute      24)      proxyAddresses
Attribute      25)      publicDelegates
Attribute      26)      homeMDB
Attribute      27)      streetAddress
Attribute      28)      mDBStorageQuota
Attribute      29)      mDBOverQuotaLimit
Attribute      30)      publicDelegatesBL
Attribute      31)      mDBUseDefaults
Attribute      32)      directReports
Attribute      33)      mailNickname
Attribute      34)      extensionAttribute15
Attribute      35)      replicatedObjectVersion
Attribute      36)      name
Attribute      37)      userAccountControl
Attribute      38)      codePage
Attribute      39)      countryCode
Attribute      40)      employeeID
Attribute      41)      scriptPath
Attribute      42)      logonHours
Attribute      43)      userParameters
Attribute      44)      comment
Attribute      45)      accountExpires
Attribute      46)      sAMAccountName
Attribute      47)      sIDHistory
Attribute      48)      managedObjects
Attribute      49)      legacyExchangeDN
Attribute      50)      userPrincipalName
Attribute      51)      lockoutTime
Attribute      52)      objectCategory
Attribute      53)      msNPAllowDialin
Attribute      54)      dSCorePropagationData
Attribute      55)      lastLogonTimestamp
Attribute      56)      textEncodedORAddress
Attribute      57)      mail
Attribute      58)      manager
Attribute      59)      homePhone
Attribute      60)      msExchPoliciesIncluded
Attribute      61)      msExchHomeServerName
Attribute      62)      replicationSignature
Attribute      63)      msExchALObjectVersion
Attribute      64)      msExchHideFromAddressLists
Attribute      65)      msExchMailboxSecurityDescriptor
Attribute      66)      msExchUserAccountControl
Attribute      67)      mDBOverHardQuotaLimit
Attribute      68)      msExchMailboxGuid
Attribute      69)      mat-budgetCenter
Attribute      70)      mat-mailDrop
Attribute      71)      mat-locationCode
Attribute      72)      mat-locationDescription
Attribute      73)      mat-supervisorEmployeeID
Attribute      74)      mat-supervisorName
Attribute      75)      mat-employeeStatus
Attribute      76)      mat-supervisorEmail
Attribute      77)      msExchOmaAdminWirelessEnable
Attribute      78)      msExchELCMailboxFlags
Attribute      79)      msExchWhenMailboxCreated
Attribute      80)      msRTCSIP-UserPolicies
Attribute      81)      msExchRecipientDisplayType
Attribute      82)      msExchMailboxTemplateLink
Attribute      83)      msExchTextMessagingState
Attribute      84)      msRTCSIP-UserRoutingGroupId
Attribute      85)      msExchUMDtmfMap
Attribute      86)      msExchRecipientTypeDetails
Attribute      87)      msExchVersion
Attribute      88)      msRTCSIP-DeploymentLocator
Attribute      89)      msExchRBACPolicyLink
0
 
LVL 19

Expert Comment

by:Raheman M. Abdul
ID: 40503816
You are on the right path to find out which attributes are causing the failure of the script.
I (or someone)  will come up with a modified script to automate the above process considering each attribute and testing the outcome.
0
 

Author Comment

by:creative555
ID: 40503845
oh. So I just realized that now that I imported only four users which are - cn,givenName,objectclass,samAccountName....
I tried to add additional line to the the ldif file as shown but it tells me 0 entries modified.....

Now do I need to change all entries from add to modify??
0
 

Author Comment

by:creative555
ID: 40503848
sorry I meant imported all users with only four attributes...
0
 

Author Comment

by:creative555
ID: 40503850
So, I added more attribs and now it is not working...Do I need to change from modify now??

dn: CN=Ong\, Khoon Doe,OU=Asia Pacific,OU=Terminated Users,DC=test,DC=lab,DC=com
changetype: add
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: Ong, Khoon Kung
givenName: Khoon Kung
sAMAccountName: ONGKK001
0
 

Author Comment

by:creative555
ID: 40503854
DO you have the script to delete all the users and attributes and start over?
0
 
LVL 19

Expert Comment

by:Raheman M. Abdul
ID: 40505205
remove-adobject cmdlet  and use -recursive
0
 

Author Comment

by:creative555
ID: 40505352
WHere do I need to run this command from? I get unrecognized as internal or external command. I tried running it on the DC (2008 and 2003) and cmd and powershell. Still not able to run it.
0
 

Author Closing Comment

by:creative555
ID: 40571645
-k switched worked. THank you
0
 
LVL 19

Expert Comment

by:Raheman M. Abdul
ID: 40572672
Glad I could help you.
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
A walk-through example of how to obtain and apply new DID phone numbers to your cloud PBX enabled users that are configured in Office 365. Whether you have 1, 10 or 100+ users in your tenant, it's quite easy to get them phone-enabled and making/rece…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question