Anonymous_User Absent Member.
Absent Member.
121 views

Re: AD users in Mutiple OU's How best to migrate

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

K, there are a few problems with your setup.

First, you're on old versions of the IDM engine and MAD shim, which
means other things like filters are probably old too. While it may not
directly impact what you're seeing now, I'd still highly recommend being
on current patches.

Second, your DCs do not have filters installed, so they'll never pick up
passwords. The result is that if/when you migrate them over to
eDirectory they'll have no passwords, or made-up passwords (created by
IDM), and you do not want that usually. Having filters on the DCs will
make life better for you in general since password sync will work going
forward and if you get users to change their passwords in MAD after
setting everything up they'll just suddenly be able to get into
eDirectory magically with their current passwords..

Third, I believe the problem is now with your placement policy if
nothing else. You appear to be trying to place the objects under a
top-level 'Groups' container or a top-level Contractors container.
Maybe those exist, but if so they are not OUs. My guess is that you
need to fix the engine-side (feel free to post that trace from the
driver config written directly to a file.... no using ndstrace allowed
for this) to place them under a 'Groups' or 'Contractors' OU that is
within a top-level container (an Organization, a Country, aDomain...
something). The -601 in the trace indicates that the object
searched-for was not there in eDirectory so at the very least you have a
typo in these contexts where you are trying to put things.

Good luck.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJP/Y34AAoJEF+XTK08PnB55RIQAM6fmPjZdO+cipIdpYCshyT3
dfyCmcBgYYhkhJMhdx/wA+w/MS/G5vPbivCuf17jP7o1CdO5bW8jCYLBnvbJAulj
A6+ArrX70ZgowUMX+u3JwDakA9KSDQ76xUriDl+/lUxie7/3NjsMlcmkJOzs+TGo
rfJi1hkTxWYNRoyfUMMgof7gNWV5DkUm8JvLM27XFbYM3dWK/hXWNZwecJn4polK
v8HHUlAsUyZ01hE52AjhZUgKnirF9XsJI/nRkLpqyrHJrOims/+PclVYrmbbtYPK
W8L0BRO6LfagksY/Wnj6NGZAjSGU3hb9+EnJ3Hvn1hyj92ccKbOJtW5oKlnzh0rP
tBPMMgNvBxrqhU1SNl8Nzolv0GbIrkyPUCsdebvrPhAU0GXeOZCu6AlwTDxNHQTh
QffjpoAaqJHoaIR63MTTwhsVeqFK8tY2ksJreny0GADOfhq7nHOjHoRN3W44j+PP
6f4NOQsq8b9paMk1zNHSY1ChRl3ZBZskdpAhY672FSEvKPz/Nz7H2bk04gF/3xsp
iVoNfC5zUDTaqJk/G06lHQixAFSFZ7SVRIOrhp7/iVINxQzieo7SOcmC1JFQ5szL
mRlEGTbnaSxwWtHRZI0IfOkUrupHK12Pj6C4bv4SgNrjc8l1VzLZpilFmTG6nPcy
waTTGC4z4k2ZlR6wPUZQ
=uLUy
-----END PGP SIGNATURE-----
Labels (1)
0 Likes
1 Reply
Anonymous_User Absent Member.
Absent Member.

Re: AD users in Mutiple OU's How best to migrate

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> DNS Settings on the server when I reverted back from a Snapshot, the


That was something else I forgot to mention. In the 'Authentication
Context' field you do not need (or want) a value when you properly have
the Remote Loader (RL) installed on a domain controller (DC). You had a
value, so remove it if you have the RL on a DC like you should.

> When you say Filters on the DC's are you talking about the IDM
> Password Sync? I do have it installed on the VM I'm using for this
> project but


To capture all password changes reliably you need to have the filter on
all DCs. That is not preventing synchronization in this case, most
likely, but users without passwords are seldom useful.

> On the last issue the COntainer, that is what I'm trying to avoid.
> The


Right, so the engine side trace is where the magic is happening (and
failing) so that's the next thing to see.

Good luck.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJP/bW+AAoJEF+XTK08PnB5pdYP/1QqfKiX6grJUoZluJkTkmJq
A7iUcGn0Skl1igLHSrbDA7mbug+rJjWmfAKoGXfo1W0RuadRge3uZAfHsckD5Cci
QDTbE8n/clQS8MFSimdpX/LHWgZBZHkLOpJ7jxN1mEEeKSCvejGboNTeDaSkE0hh
y97xPUlIDZ3JJ/ybUdXOSKm42YtrQYH/vKOlXqKFhRT191yvX6VZ8SzNMzr8eF5Z
4H9gWO8WzcgMjicSPv4itCVft2d1PVu2AwtzOZ6XrVd/6t+02Sru0FqqoGdMdu1p
G1rw4HJxfokAnhKOc8Gkr1yPlotonXqSqX9+Z6Zw90UuVvC3MJ2uzBDnwyzInGBl
t8xz7n4M2wo5ZJ2pjLV6D0l/Ni0K3a0ItfvlmeWVPpltoxD3Z2vX19yxcLEkH70o
q8Gp4sPpcrpeHIqOQXuW23le/1t72Yv+wFLTkYUFMhkvvWueLmwhfazL9RYLmPoT
Yhetcj9Y3Zji7h+uNEyxiOU9u5NKLJe3MWtUcWssud6Tl3Ox0cWUFDmY96AiGe/U
xu8o6d/afLi5XRc6geltVrwia9ALrqjUsgJuxb3c5lA5WwCNSnrmPR2zyodTSs16
jWc9/yIFVTGuDK0YLGUUuySbffs/mXQIKzhNUOOi8o5wVUmAtF+5GtzfSp/K7r92
s7s1at1ZQ3kiwUoW/Lx7
=oZvt
-----END PGP SIGNATURE-----
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.