adamsync.exe /sync 失败,出现“命名冲突”

adamsync.exe /sync 失败,出现“命名冲突”

我正在尝试将我的 AD LDS 实例 (localhost:50006) 与 AD DS 条目同步(基本上是尝试从 AD DS 获取用户和计算机帐户,以便我可以在我的 LDS 实例中使用 Windows 安全主体)。我一直在关注http://technet.microsoft.com/en-us/library/cc770408.aspx和_http://blogs.msdn.com/b/jeff/archive/2007/04/01/synchronize-active-directory-to-adam-with-adamsync-step-by-step.aspx 进行同步并得到发生 Ldap 错误。ldap_add_sW:命名违规。扩展信息:00002099:NameErr:DSID-030510C6,问题 2005 (NAMING_VIOLATION),数据 0,最佳匹配:'CN=Test,DC=COM'

关于如何分析或调试的任何想法都非常有帮助:)(请参阅下面的所有详细信息)

更新

看起来我需要用 posssuperiors 更新架构(http://blogs.technet.com/b/efleis/archive/2005/09/14/syncing-to-our-ou-synctargetou-nc-instead.aspx)。如果有效,我会及时通知您。

日志中的错误详细信息

Processing Entry: Page 1, Frame 1, Entry 48, Count 1, USN 0
Processing source entry <guid=2b4f58a3ba5a3246b1fd59594d2d4c4f>
Processing in-scope entry 2b4f58a3ba5a3246b1fd59594d2d4c4f.
Adding target object CN=Builtin,CN=Test,DC=COM.
Adding attributes: sourceobjectguid, objectClass, instanceType, showInAdvancedViewOnly, creationTime, forceLogoff, lockoutDuration, lockOutObservationWindow, lockoutThreshold, maxPwdAge, minPwdAge, minPwdLength, modifiedCountAtLastProm, nextRid, pwdProperties, pwdHistoryLength, uASCompat, lastagedchange, 
Ldap error occured. ldap_add_sW: Naming Violation. 
Extended Info: 00002099: NameErr: DSID-030510C6, problem 2005 (NAMING_VIOLATION), data 0, best match of:
    'CN=Test,DC=COM'
.
Ldap error occured. ldap_add_sW: Naming Violation. 
Extended Info: 00002099: NameErr: DSID-030510C6, problem 2005 (NAMING_VIOLATION), data 0, best match of:
    'CN=Test,DC=COM'
.
Saving Configuration File on CN=Test,DC=COM

Saved configuration file.

执行的命令

C:\Windows\ADAM>LDIFDE.EXE -i -u -s localhost:50008 -c "cn=Configuration,dc=X" #
configurationNamingContext -j . -f MS-adamschemaw2k8.LDF
................................................................................
................................................................................
................................................................................
................................................................................
................................................................................
................................................................................
................................................................................
................................................................................
................................................................................
................................................................................
................................................................................
................................................................................
................................................................................
................................................................................
................................................................................
.........


C:\Windows\ADAM>LDIFDE.EXE -i -c "cn=Configuration,dc=X" #configurationNamingCon
text -f MS-AdamSyncMetadata.LDF
..........


C:\Windows\ADAM>notepad test.xml

C:\Windows\ADAM>adamsync.exe /install localhost:50008 test.xml
Done.

C:\Windows\ADAM>adamsync.exe /sync localhost:50008 CN=Test,DC=COM
**Ldap error occured. ldap_add_sW: Naming Violation.
Extended Info: 00002099: NameErr: DSID-030510C6, problem 2005 (NAMING_VIOLATION)**
, data 0, best match of:
        'CN=Test,DC=COM'
.

我已经替换了文章中提到的条目(请参阅下面的 xml 和 AD LDS 实例设置配置):

<configuration>     
  <description>sample Adamsync configuration file</description>     
  <security-mode>object</security-mode>         
  <source-ad-name>mydomain.com</source-ad-name>     
  <source-ad-partition>DC=mydomain,DC=com</source-ad-partition>
  <source-ad-account>domainadminaccount</source-ad-account>                
  <account-domain>mydomain.com</account-domain>
  <target-dn>CN=Test,DC=COM</target-dn>     
  <query>           
   <base-dn>DC=mydomain,DC=com</base-dn>
   <object-filter>(objectClass=*)</object-filter>

Install a unique instance of AD LDS.

Instance name: instance5
Computers will connect to this instance of AD LDS using the following ports:
LDAP port: 50008
SSL port: 50009

AD LDS replication will use Negotiate authentication.

Store AD LDS data files in the following location:
C:\Program Files\Microsoft ADAM\instance5\data

Store AD LDS log files in the following location:
C:\Program Files\Microsoft ADAM\instance5\data

Run AD LDS using the following account:
NT AUTHORITY\NetworkService

Set up the following account to administer AD LDS:
mydomain\domainadminuseraccount

Create the following application directory partition:
CN=Test,DC=COM 

Import these LDIF files:
MS-AdamSyncMetadata.LDF
MS-ADLDS-DisplaySpecifiers.LDF
MS-InetOrgPerson.LDF
MS-User.LDF
MS-UserProxy.LDF
MS-UserProxyFull.LDF

此致!

相关内容