Solved

LDIFDE script error. Please help to solve it

Posted on 2014-12-15
16
213 Views
Last Modified: 2015-01-27
Hello,
I am getting the error below when trying to import ldf file with bunch of attributes. WE have custom schema so I need to find out which attributes it is complaning about.

DO you know how can I compare attributes source and target schemas and determine the custom attributes that I am missing in my target schema? I can then use script to import only the ones that I have in the schema. Please note that LDIFDE script doesn't allow me to exclude attributes but I can list the attributes that I want to import. So, I would like to get the list of the attributes that are present in both schemas and attributes that are custom.


Here is the error:
Add error on line 2: No Such Attribute
The server side error is "The parameter is incorrect."
0 entries modified successfully.
An error has occurred in the program

Also this error tells me the line 2.....but still not sure which attribute on line 2. See below:
onnecting to "server01.lab.contoso.com"
Logging in as current user using SSPI
Importing directory from file "OutputUser2.ldf"
Loading entries
1: CN=Ong\, Khoon Doe,OU=Asia Pacific,OU=Terminated Users,DC=lab,DC=contoso,DC=com
Entry DN: CN=Ong\, Khoon Doe,OU=Asia Pacific,OU=Terminated Users,DC=lab,DC=contoso,DC=com
changetype: add
Attribute 0) objectClass:top person organizationalPerson user
Attribute 1) cn:Ong, Khoon Doe
Attribute 2) sn:Ong
Attribute 3) c:CN
Attribute 4) l:Tsimshatsui
Attribute 5) st:Hong Kong ,SAR
0
Comment
Question by:creative555
  • 9
  • 7
16 Comments
 
LVL 18

Expert Comment

by:Raheman M. Abdul
ID: 40502575
make sure there is no space in between DN:CN
make sure there are no extra spaces at the bottom of the file.
0
 
LVL 18

Expert Comment

by:Raheman M. Abdul
ID: 40502593
Make sure you have the exact spelling including lower and upper cases in the OU names etc.
Make sure there are no too many spaces in between and after words, The tool is very sensitive.

remove \ and see if that works

Ong\, Khoon Doe,
to
Ong, Khoon Doe,

Check the following if that helps.
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_21381822.html
0
 

Author Comment

by:creative555
ID: 40503157
I remove the space  between DN:CN but it is still shows no such attributues
Also just noticed that not all OUs got copied with this script. THe first user that it is trying to do is in OU that doesn't exist in the target. how do I make sure that All OUs get copied?

I used this script for OU

ldifde -f exportOu.ldf -s servername -d "dc=test,dc=lab,dc=com" -p subtree -r "(objectClass=organizationalUnit)" -l "cn,objectclass,ou"
0
 
LVL 18

Accepted Solution

by:
Raheman M. Abdul earned 500 total points
ID: 40503549
use -k switch to ignore the errors and continue processing.
 The operation has an object class violation
       This violation means that the specified object class does not exist, if the object being imported has no other attributes.

refer  for details: http://technet.microsoft.com/en-us/library/cc731033.aspx
0
 
LVL 18

Expert Comment

by:Raheman M. Abdul
ID: 40503756
can you post the exported .ldf file (of course after renaming the secure information to XXXXX)
0
 

Author Comment

by:creative555
ID: 40503797
Ok. So I re-imported the users using this script wich includes only 4 attributes and it worked! So, I will have to start adding one by one now. Four attributes are below.
cn,givenName,objectclass,samAccountName

Since I have so many attributes, do you know if there is a known exclusion list with attributes that just wont work and need to be exclude during export?? I already tried the second script below with the excluded list but still not able to import it. Seems that there are more exclusions.....See the second script where we need to add more exclusions

Please advise.

ldifde -f Exportuser.ldf -s <Server1> -d "dc=Export,dc=com" -p subtree
-r "(&(objectCategory=person)(objectClass=User)(givenname=*))"
-l "cn,givenName,objectclass,samAccountName"

ldifde -f Exportuser.ldf -s <Server1> -d "dc=Export,dc=com" -p subtree -r
"(&(objectCategory=person)(objectClass=User)(givenname=*))" -o "badPasswordTime,badPwdCount,lastLogoff,lastLogon,logonCount,
memberOf,objectGUID,objectSid,primaryGroupID,pwdLastSet,sAMAccountType"
0
 

Author Comment

by:creative555
ID: 40503807
ok. Here is the list of all attributes....Please advise the one we want to include and need to exclude. THank you!

Attribute      0)      objectClass
Attribute      1)      cn
Attribute      2)      sn
Attribute      3)      c
Attribute      4)      l
Attribute      5)      st
Attribute      6)      title
Attribute      7)      description
Attribute      8)      physicalDeliveryOfficeName
Attribute      9)      telephoneNumber
Attribute      10)      facsimileTelephoneNumber
Attribute      11)      givenName
Attribute      12)      initials
Attribute      13)      distinguishedName
Attribute      14)      instanceType
Attribute      15)      whenCreated
Attribute      16)      whenChanged
Attribute      17)      displayName
Attribute      18)      uSNCreated
Attribute      19)      uSNChanged
Attribute      20)      co
Attribute      21)      department
Attribute      22)      company
Attribute      23)      homeMTA
Attribute      24)      proxyAddresses
Attribute      25)      publicDelegates
Attribute      26)      homeMDB
Attribute      27)      streetAddress
Attribute      28)      mDBStorageQuota
Attribute      29)      mDBOverQuotaLimit
Attribute      30)      publicDelegatesBL
Attribute      31)      mDBUseDefaults
Attribute      32)      directReports
Attribute      33)      mailNickname
Attribute      34)      extensionAttribute15
Attribute      35)      replicatedObjectVersion
Attribute      36)      name
Attribute      37)      userAccountControl
Attribute      38)      codePage
Attribute      39)      countryCode
Attribute      40)      employeeID
Attribute      41)      scriptPath
Attribute      42)      logonHours
Attribute      43)      userParameters
Attribute      44)      comment
Attribute      45)      accountExpires
Attribute      46)      sAMAccountName
Attribute      47)      sIDHistory
Attribute      48)      managedObjects
Attribute      49)      legacyExchangeDN
Attribute      50)      userPrincipalName
Attribute      51)      lockoutTime
Attribute      52)      objectCategory
Attribute      53)      msNPAllowDialin
Attribute      54)      dSCorePropagationData
Attribute      55)      lastLogonTimestamp
Attribute      56)      textEncodedORAddress
Attribute      57)      mail
Attribute      58)      manager
Attribute      59)      homePhone
Attribute      60)      msExchPoliciesIncluded
Attribute      61)      msExchHomeServerName
Attribute      62)      replicationSignature
Attribute      63)      msExchALObjectVersion
Attribute      64)      msExchHideFromAddressLists
Attribute      65)      msExchMailboxSecurityDescriptor
Attribute      66)      msExchUserAccountControl
Attribute      67)      mDBOverHardQuotaLimit
Attribute      68)      msExchMailboxGuid
Attribute      69)      mat-budgetCenter
Attribute      70)      mat-mailDrop
Attribute      71)      mat-locationCode
Attribute      72)      mat-locationDescription
Attribute      73)      mat-supervisorEmployeeID
Attribute      74)      mat-supervisorName
Attribute      75)      mat-employeeStatus
Attribute      76)      mat-supervisorEmail
Attribute      77)      msExchOmaAdminWirelessEnable
Attribute      78)      msExchELCMailboxFlags
Attribute      79)      msExchWhenMailboxCreated
Attribute      80)      msRTCSIP-UserPolicies
Attribute      81)      msExchRecipientDisplayType
Attribute      82)      msExchMailboxTemplateLink
Attribute      83)      msExchTextMessagingState
Attribute      84)      msRTCSIP-UserRoutingGroupId
Attribute      85)      msExchUMDtmfMap
Attribute      86)      msExchRecipientTypeDetails
Attribute      87)      msExchVersion
Attribute      88)      msRTCSIP-DeploymentLocator
Attribute      89)      msExchRBACPolicyLink
0
 
LVL 18

Expert Comment

by:Raheman M. Abdul
ID: 40503816
You are on the right path to find out which attributes are causing the failure of the script.
I (or someone)  will come up with a modified script to automate the above process considering each attribute and testing the outcome.
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:creative555
ID: 40503845
oh. So I just realized that now that I imported only four users which are - cn,givenName,objectclass,samAccountName....
I tried to add additional line to the the ldif file as shown but it tells me 0 entries modified.....

Now do I need to change all entries from add to modify??
0
 

Author Comment

by:creative555
ID: 40503848
sorry I meant imported all users with only four attributes...
0
 

Author Comment

by:creative555
ID: 40503850
So, I added more attribs and now it is not working...Do I need to change from modify now??

dn: CN=Ong\, Khoon Doe,OU=Asia Pacific,OU=Terminated Users,DC=test,DC=lab,DC=com
changetype: add
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: Ong, Khoon Kung
givenName: Khoon Kung
sAMAccountName: ONGKK001
0
 

Author Comment

by:creative555
ID: 40503854
DO you have the script to delete all the users and attributes and start over?
0
 
LVL 18

Expert Comment

by:Raheman M. Abdul
ID: 40505205
remove-adobject cmdlet  and use -recursive
0
 

Author Comment

by:creative555
ID: 40505352
WHere do I need to run this command from? I get unrecognized as internal or external command. I tried running it on the DC (2008 and 2003) and cmd and powershell. Still not able to run it.
0
 

Author Closing Comment

by:creative555
ID: 40571645
-k switched worked. THank you
0
 
LVL 18

Expert Comment

by:Raheman M. Abdul
ID: 40572672
Glad I could help you.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

How to sign a powershell script so you can prevent tampering, and only allow users to run authorised Powershell scripts
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now