Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.
Anonymous_User Absent Member.
Absent Member.
191 views

AD group without association


Hi,

I have an AD group in each OU in the AD that I need to add all the users
to that are placed in that OU.
So the group is not associated.
The user is associated.
My problem is that I have tried two or three versions that all report
success but neither add the group membership, usually we get an error
back.

This is two versions from the RL that reports success but does not work,
the first using dn the other association via resolv-token(or maybe xpath
from alex, same same):


Code:
--------------------
DirXML: [09/18/14 08:43:50.48]: Loader: Calling subscriptionShim->execute()
DirXML: [09/18/14 08:43:50.48]: Loader: XML Document:
DirXML: [09/18/14 08:43:50.48]: <nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.0.2.4">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<modify dest-dn="CN=IT_G,OU=IT-Enheten,OU=KLK,OU=Users,OU=USER,OU=Vaxholm,DC=vaxholm,DC=se" event-id="VX-IDM01-NDS#20140918064349#3#1:f2538b92-e14e-4863-a598-27163378bcfe">
<modify-attr attr-name="member">
<add-value>
<value type="dn">CN=Test Placering,OU=HR-Enheten,OU=KLK,OU=Users,OU=USER,OU=Vaxholm,DC=vaxholm,DC=se</value>
</add-value>
</modify-attr>
</modify>
</input>
</nds>
DirXML: [09/18/14 08:43:50.48]: ADDriver: parse command

className
destDN CN=IT_G,OU=IT-Enheten,OU=KLK,OU=Users,OU=USER,OU=Vaxholm,DC=vaxholm,DC=se
eventId VX-IDM01-NDS#20140918064349#3#1:f2538b92-e14e-4863-a598-27163378bcfe
association
DirXML: [09/18/14 08:43:50.48]: ADDriver: parse modify class =
DirXML: [09/18/14 08:43:50.48]: Loader: subscriptionShim->execute() returned:
DirXML: [09/18/14 08:43:50.48]: Loader: XML Document:
DirXML: [09/18/14 08:43:50.48]: <nds ndsversion="8.7" dtdversion="1.1">
<source>
<product version="4.0.0.3" asn1id="" build="20131219_120000" instance="\IDM\Res\DriverSetStandard\Vaxholm ADM AD">AD</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status level="success" event-id="VX-IDM01-NDS#20140918064349#3#1:f2538b92-e14e-4863-a598-27163378bcfe"/>
</output>
</nds>
DirXML: [09/18/14 08:43:50.48]:
DirXML Log Event -------------------
Driver = \IDM\Res\DriverSetStandard\Vaxholm ADM AD
Thread = Subscriber Channel
Object = CN=IT_G,OU=IT-Enheten,OU=KLK,OU=Users,OU=USER,OU=Vaxholm,DC=vaxholm,DC=se
Level = success

--------------------



Code:
--------------------
DirXML: [09/18/14 09:24:57.84]: Loader: Calling subscriptionShim->execute()
DirXML: [09/18/14 09:24:57.84]: Loader: XML Document:
DirXML: [09/18/14 09:24:57.84]: <nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.0.2.4">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<modify event-id="VX-IDM01-NDS#20140918072457#3#1:aea3e1aa-6297-4b62-8221-0ff8440daa3c">
<association>377c2a0455015249a042b51272ce667b</association>
<modify-attr attr-name="member">
<add-value>
<value association-ref="406e478cc9c6aa4e9dea1df8ed63d80c" type="dn">\IDM\Vaxholm\User\Personal\Active\tespla</value>
</add-value>
</modify-attr>
</modify>
</input>
</nds>
DirXML: [09/18/14 09:24:57.84]: ADDriver: parse command

className
destDN
eventId VX-IDM01-NDS#20140918072457#3#1:aea3e1aa-6297-4b62-8221-0ff8440daa3c
association 377c2a0455015249a042b51272ce667b
DirXML: [09/18/14 09:24:57.84]: ADDriver: parse modify class =
DirXML: [09/18/14 09:24:57.84]: Loader: subscriptionShim->execute() returned:
DirXML: [09/18/14 09:24:57.84]: Loader: XML Document:
DirXML: [09/18/14 09:24:57.84]: <nds ndsversion="8.7" dtdversion="1.1">
<source>
<product version="4.0.0.3" asn1id="" build="20131219_120000" instance="\IDM\Res\DriverSetStandard\Vaxholm ADM AD">AD</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status level="success" event-id="VX-IDM01-NDS#20140918072457#3#1:aea3e1aa-6297-4b62-8221-0ff8440daa3c"/>
</output>
</nds>
--------------------


Any suggestions on what is wrong is welcome 🙂


--
joakim_ganse
------------------------------------------------------------------------
joakim_ganse's Profile: https://forums.netiq.com/member.php?userid=159
View this thread: https://forums.netiq.com/showthread.php?t=51776

Labels (1)
0 Likes
4 Replies
Anonymous_User Absent Member.
Absent Member.

Re: AD group without association


Soooo simple.

All versions worked after... specifying the Object Class, Group in this
case.
I just assumed it would work if I just pointed to the object.


--
joakim_ganse
------------------------------------------------------------------------
joakim_ganse's Profile: https://forums.netiq.com/member.php?userid=159
View this thread: https://forums.netiq.com/showthread.php?t=51776

0 Likes
Knowledge Partner
Knowledge Partner

Re: AD group without association

On 9/18/2014 4:46 AM, joakim ganse wrote:
>
> Soooo simple.
>
> All versions worked after... specifying the Object Class, Group in this
> case.
> I just assumed it would work if I just pointed to the object.
>


I even have an article about this!!!

https://www.netiq.com/communities/cool-solutions/when-active-directory-driver-will-not-synchronize-attributes/

Have you learned nothing yet? Step one of IDM troubleshooting, check my
articles first. 🙂

Hehe. When Will/RobS started working with me at our current company, I
spent a lot of effort into intimidating them to find the article before
I could. Then I askd Will a question, and he responded with my article.
It was perfect turnabout!


0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: AD group without association


Lol,

That is so true but you now have so many articles it is often quicker to
fix the problem than search for the answer 😉

What I did do yesterday was to Buy your book, yes, with real money.
Only have to find some time to read it even if I will mostly have it as
an reference.


--
joakim_ganse
------------------------------------------------------------------------
joakim_ganse's Profile: https://forums.netiq.com/member.php?userid=159
View this thread: https://forums.netiq.com/showthread.php?t=51776

0 Likes
Knowledge Partner
Knowledge Partner

Re: AD group without association

On 9/19/2014 5:07 AM, joakim ganse wrote:
>
> Lol,
>
> That is so true but you now have so many articles it is often quicker to
> fix the problem than search for the answer 😉


That is why I sort by topic, and the URL's have the topic in the name.
🙂 Makes searching faster. Go to:
http://wiki.novell.com/index.php/Geoffrey_Carman%27s_personal_collection

(But you had that bookmarked already, I know, else I shall have to mock you)

And search in text for your keyword. Alas, lots of tidbits discussed as
side notes in there, but what can I do.

> What I did do yesterday was to Buy your book, yes, with real money.
> Only have to find some time to read it even if I will mostly have it as
> an reference.


See everyone, that is the right way to do it! 🙂

Will be selling and signing books at Brainshare, if you are coming!

But regardless, glad to help, send fish. A good herring goes a long way
to mending hurt feelings. 🙂



0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.