Anonymous_User Absent Member.
Absent Member.
248 views

PS on AD without Exchange


Hi,

Not sure if this is doable, I have an Win 2008 R2 with AD but without
Exchange.
I installed the Exchange powershell utilities from Exch2010 in it anyway
because I thought that would be enough for the powershell commands to be
executed.

IDM_AD_Exch_2010_Service is running.
In the driver configuration I have set EXCH 2010 as interface type.

The error I get is from the Remote Loader:
DirXML: [08/06/14 16:54:48.31]: Loader: XML Document:
DirXML: [08/06/14 16:54:48.31]: <nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.0.2.4">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<add cached-time="20140806145447.757Z" class-name="user"
dest-dn="CN=TesEle0101,ou=Synkade,ou=personal,ou=Users,ou=CAS,ou=Skolor,ou=edu,dc=edu,dc=varmdo,dc=se"
event-id="IDM01-VK#20140806145447#1#1:a24df3f9-f93f-4bac-8c3c-49fe81633c80"
qualified-src-dn="O=Varmdo\OU=User\OU=Elev\OU=Active\CN=TesEle0101"
src-dn="\IDM\Varmdo\User\Elev\Active\TesEle0101" src-entry-id="289032"
timestamp="1407336887#2">
<add-attr attr-name="displayName">
<value timestamp="1407335819#12" type="string">Test1 Elev
Testsson</value>
</add-attr>
<add-attr attr-name="givenName">
<value timestamp="1407336887#2" type="string">Test</value>
</add-attr>
<add-attr attr-name="mail">
<value timestamp="1407335009#12"
type="string">Test.Testsson@edu.varmdo.se</value>
</add-attr>
<add-attr attr-name="sn">
<value timestamp="1407335009#11" type="string">Elev
Testsson</value>
</add-attr>
<add-attr attr-name="homeDrive">
<value type="string">H:</value>
</add-attr>
<add-attr attr-name="homeDirectory">
<value
type="string">\\vk-edu-fs01.edu.varmdo.se\home$\TesEle0101</value>
</add-attr>
<add-attr attr-name="PSexecute">
<value type="string">Invoke-Expression -command
"c:\novell\powershell\homedir.ps1 -dirPath
\\vk-edu-fs01.edu.varmdo.se\home$ -name TesEle0101 -domain EDU"</value>
</add-attr>
<add-attr attr-name="userPrincipalName">
<value>TesEle0101@edu.varmdo.se</value>
</add-attr>
<add-attr attr-name="sAMAccountName">
<value>TesEle0101</value>
</add-attr>
<add-attr attr-name="dirxml-uACAccountDisable">
<value type="string">false</value>
</add-attr>
DirXML: [08/06/14 16:54:48.31]: <add-attr
attr-name="dirxml-uACAccountDisable">
<value type="state">false</value>
</add-attr>
<password><!-- content suppressed --></password>
</add>
</input>
</nds>
DirXML: [08/06/14 16:54:48.31]: ADDriver: parse command

className user
destDN
CN=TesEle0101,ou=Synkade,ou=personal,ou=Users,ou=CAS,ou=Skolor,ou=edu,dc=edu,dc=varmdo,dc=se
eventId
IDM01-VK#20140806145447#1#1:a24df3f9-f93f-4bac-8c3c-49fe81633c80
association
DirXML: [08/06/14 16:54:48.31]: ADDriver: MadCommandAdd::onCommand
DirXML: [08/06/14 16:54:48.31]: ADDriver:
MadCommandAdd::insertXdsAttributes()
DirXML: [08/06/14 16:54:48.31]: ADDriver: displayName
DirXML: [08/06/14 16:54:48.31]: ADDriver: givenName
DirXML: [08/06/14 16:54:48.31]: ADDriver: mail
DirXML: [08/06/14 16:54:48.31]: ADDriver: sn
DirXML: [08/06/14 16:54:48.31]: ADDriver: homeDrive
DirXML: [08/06/14 16:54:48.31]: ADDriver: homeDirectory
DirXML: [08/06/14 16:54:48.31]: ADDriver: PSexecute
DirXML: [08/06/14 16:54:48.31]: Loader: subscriptionShim->execute()
returned:
DirXML: [08/06/14 16:54:48.31]: Loader: XML Document:
DirXML: [08/06/14 16:54:48.31]: <nds ndsversion="8.7" dtdversion="1.1">
<source>
<product version="3.5.14" asn1id="" build="20110211_120000"
instance="\IDM\Res\DriverSetStandard\Varmdo EDU AD">AD</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status level="error" type="app-general" text1="schema violation"
event-id="IDM01-VK#20140806145447#1#1:a24df3f9-f93f-4bac-8c3c-49fe81633c80">
<message>Attribute 'PSexecute' is not in the application
schema</message>
<xds-path>/nds/input/add[@event-id='IDM01-VK#20140806145447#1#1:a24df3f9-f93f-4bac-8c3c-49fe81633c80'][@class-name='user'][@src-dn='\IDM\Varmdo\User\Elev\Active\TesEle0101'][@dest-dn='CN=TesEle0101,ou=Synkade,ou=personal,ou=Users,ou=CAS,ou=Skolor,ou=edu,dc=edu,dc=varmdo,dc=se'][@class-name='user']</xds-path>
</status>
</output>
</nds>


--
joakim_ganse
------------------------------------------------------------------------
joakim_ganse's Profile: https://forums.netiq.com/member.php?userid=159
View this thread: https://forums.netiq.com/showthread.php?t=51480

Labels (1)
0 Likes
7 Replies
Anonymous_User Absent Member.
Absent Member.

Re: PS on AD without Exchange

joakim ganse wrote:

>
> Hi,
>
> Not sure if this is doable, I have an Win 2008 R2 with AD but without
> Exchange.
> I installed the Exchange powershell utilities from Exch2010 in it anyway
> because I thought that would be enough for the powershell commands to be
> executed.
>
> IDM_AD_Exch_2010_Service is running.
> In the driver configuration I have set EXCH 2010 as interface type.
>
> The error I get is from the Remote Loader:

....
><message>Attribute 'PSexecute' is not in the application
> schema</message>


This suggests that the AD driver shim isn't detecting the psedoattribute as something that needs to be sent to the Exchange/PS service.

From what I understand, the Exch Service tries to connect to an exchange server on startup. As this won't work, maybe the AD driver shim subsequently decides the Exch service can't be used.

Are you able to enable more debugging/trace to see if you can confirm this theory.

--
If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: PS on AD without Exchange


Would like to turn more tracing/debugging on but where?
I can upper the RL trace to 5 from 3, not sure that would help.

Currently I changed the script to run scheduled instead but that is not
optimal.


--
joakim_ganse
------------------------------------------------------------------------
joakim_ganse's Profile: https://forums.netiq.com/member.php?userid=159
View this thread: https://forums.netiq.com/showthread.php?t=51480

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: PS on AD without Exchange


Hello,

It looks like your AD driver is version 3.5.14, am I right? Maybe trying
to upgrade it to 4.0.0.3 since you are running IDM 4.0.2, it might not
be supported in that version. Also, the command is PSExecute, with a
capital E, not sure if that makes a difference though.

Good luck.


--
jacmarpet
------------------------------------------------------------------------
jacmarpet's Profile: https://forums.netiq.com/member.php?userid=415
View this thread: https://forums.netiq.com/showthread.php?t=51480

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: PS on AD without Exchange

jacmarpet wrote:

>
> It looks like your AD driver is version 3.5.14, am I right? Maybe trying
> to upgrade it to 4.0.0.3 since you are running IDM 4.0.2, it might not
> be supported in that version.


Good catch, this feature DEFINITELY requires a 4.0.0.x AD driver shim (and matching IDM/Exchange service)

--
If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: PS on AD without Exchange


Duh,

Updates, updates, updates, some with extra patches.
Can't wait for 4.5


--
joakim_ganse
------------------------------------------------------------------------
joakim_ganse's Profile: https://forums.netiq.com/member.php?userid=159
View this thread: https://forums.netiq.com/showthread.php?t=51480

0 Likes
Knowledge Partner
Knowledge Partner

Re: PS on AD without Exchange

joakim ganse wrote:

> Can't wait for 4.5


Hungry for new bugs, he?
______________________________________________
https://www.is4it.de/identity-access-management
0 Likes
Knowledge Partner
Knowledge Partner

Re: PS on AD without Exchange

On 8/15/2014 12:47 PM, Lothar Haeger wrote:
> joakim ganse wrote:
>
>> Can't wait for 4.5

>
> Hungry for new bugs, he?


Well the issue is they won't take up old bugs on 4.02 since maybe it is
fixed in 4.5 now. 🙂

So yes.


0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.