Extending AD Schema - Unable to update due to constraint

-

i'm adding attributes live staging testing purposes i'm using ldifde:

d:\shared>ldifde -i -v -f attr3.ldf -j .  connecting "mydomain.com"  logging in current user using sspi  importing directory file "attr3.ldf"  loading entries  1: cn=myattribute,cn=schema,cn=configuration,dc=mydomain,dc=com  entry modified successfully.      1 entry modified successfully.    command has completed    d:\shared>

but when try update using vbs, get: 

c:\users\update.vbs(8, 1) active directory: requested operation did not   satisfy 1 or more constraints associated class of object.

please notice other attributes, original ones, able updated, issue ones i'm importing.

so, wonder if i'm missing step link or detach new attribute after imported.

this attr3.ldf

#attr3.ldf  #adding new attribute  dn: cn=myattribute,cn=schema,cn=configuration,dc=mydomain,dc=com  changetype: add  objectclass: top  objectclass: attributeschema  cn: my-attribute  distinguishedname: cn=my-attribute,cn=schema,cn=configuration,dc=mydomain,dc=com  instancetype: 4  whencreated: 20100401175340.0z  whenchanged: 20100401175341.0z  usncreated: 24154  attributeid: 2.16.840.1.113805.111  attributesyntax: 2.5.5.12  issinglevalued: true  rangelower: 0  rangeupper: 1  usnchanged: 24163  showinadvancedviewonly: true  admindisplayname: my-attribute  admindescription: my-attribute  omsyntax: 64  searchflags: 0  ldapdisplayname: myattribute  name: my-attribute  schemaidguid:: tonvw6suwuu1gev/d1pi9q==  ismemberofpartialattributeset: true  objectcategory: cn=attribute-schema,cn=schema,cn=configuration,dc=mydomain,dc=com    #the following attributes removed because getting:  #add error on entry starting on line 1: unwilling perform  #the server side error is: 0x20e7 modification not permitted security  #reasons.  #the extended server error is:  #000020e7: svcerr: dsid-03152d2c, problem 5003 (will_not_perform), data 0    #objectguid:: etkytnxbce2fpmgc8uie0w==  #attributesecurityguid:: vagn5pi80rghagdat7lgua==

and vbs code,

'update.vbs  set objuser = getobject("ldap://cn=john lennon,cn=users,dc=mydomain,dc=com")   objuser.myattribute="somevalue"  'also tried integers not luck  objuser.setinfo


thanks,

m0dest0.

i got answer:

 

i missing add attr class , refresh schema, 
 1. register dll, regsvr32 schmmgmt.dll
 2. open run , type mmc.exe
 3. add active directory schema snap-in
 4. right click on class, properties , hit add button , on. 
 5. finally, refresh schema:
    c:\users>admod -sc refreshschema
    
    admod v01.17.00cpp joe richards (joe@joeware.net) march 2011
    
    modifying rootdse...
    dn count: 1
    using server: myserver.mydomain.com:389
    directory: windows server 2008 r2
    
    modifying specified objects...
       dn: rootdse...
    
    command completed successfully
regards,



Windows Server  >  Directory Services



Comments

Post a Comment

Popular posts from this blog

Motherboard replacement

-
running windows 10 technical preview, need replace motherboard can run the  sysprep  command restoring pc ? or there easier  or more preferred way ? thanks if replace motherboard within same family of chipsets (i.e. intel > intel or amd > amd), should okay restarting pc twice. carey frisch Windows 10 Insider Preview  >  Windows 10 Insider Preview General
Read more

Cannot create Full Text Search catalog after upgrading to V12 - Database is not fully started up or it is not in an ONLINE state

-
in order access new full text search capiblities of sql azure, upgraded our azure sql v12. (a day later), when try create new catalog: create fulltext catalog mycatalog default i following message: msg 9972, level 16, state 100, line 1 database not started or not in online state. try full-text ddl command again after database started , becomes online. hi scott, apologies inconvenience caused you. known issue on service side , fix going included in next update. specific case mitigated, should able use full-text search syntax now. thanks, mihaela Microsoft Azure  >  Azure SQL Database
Read more

Remote Desktop App - Error 0x207 or 0x607

-
hi all, i manage windows 2012 r2 network, including connection broker, session hosts , remote apps virtual servers.  i've used remote desktop app on own android phone, no issues @ - connects published gateway url , can login , access network. we looking move business onto nokia handsets ms operating system (currently on blackberry), not able connect via remote desktop app on nokia lumia handset. setup, per android config , brings remote apps , remote desktop screen, know can connect.  when select remote desktop, shows following process: initiating remote connection securing remote connection certificate can't verified - choose connect it digitally signed cert (digicert sha2), pc name different physical connection broker name (inherited domain name old gov project - can't publish publicly) initiating establishing securing connection error have been 0x207 getting 0x607 a bit baffled, work on android (and ipad @ home using app). assume ms use d...
Read more