Security error importing into ADAM using ldifde?

Home Forums Microsoft Networking and Management Services Active Directory Security error importing into ADAM using ldifde?

Viewing 1 post (of 1 total)
  • Author
  • Avatar

    I have an old ADAM instance that I do not want to replicate to, I want to just create a new ADAM instance on another machine and import the data.

    1. I use the Create ADAM wizzard to create my instance.
    2. I select my logged in account as an administrator.
    3. Using ADSIedit I make sure that my account is in CN=Administrators under CN=Roles
    4. I create a schema using ADSchemaAnalyzer, selecting all objects from my old ADAM instance.
    5. Using ldifde I import my schema, I also import the other MS*.ldf files needed
    6. I export all ADAM entries from the old server using ldifde.

    Now we are ready to import my old ADAM stuff.

    ldifde.exe -f users.ldf -s localhost -t 389 -j c:windowsadamlogs

    In the logs I get the following error:

    Loading entries
    1: OU=zAppAuthorizationData,DC=winteladam,DC=net
    Entry DN: OU=zAppAuthorizationData,DC=winteladam,DC=net
    changetype: add
    Attribute 0) objectClass:top organizationalUnit
    Attribute 1) ou:zAppAuthorizationData
    Attribute 2) distinguishedName:OU=zAppAuthorizationData,DC=winteladam,DC=net
    Attribute 3) instanceType:4
    Attribute 4) whenCreated:20050208220334.0Z
    Attribute 5) whenChanged:20050209221246.0Z
    Attribute 6) uSNCreated:477611
    Attribute 7) uSNChanged:477717
    Attribute 8) name:zAppAuthorizationData
    Attribute 9) objectGUID: UNPRINTABLE BINARY(16)
    Attribute 10) objectCategory:CN=Organizational-Unit,CN=Schema,CN=Configuration,CN={9DA04889-1447-4551-8790-1077ACE7FC85}

    Add error on line 2: Unwilling To Perform

    The server side error is: 0x20e7 The modification was not permitted for security reasons.

    The extended server error is:

    000020E7: SvcErr: DSID-03152A1C, problem 5003 (WILL_NOT_PERFORM), data 0

    Finally I tried adding “-b username domain password” where that is my credentials with no success.

    What step am I missing to having permissions to add this stuff into the new ADAM instance?

    Important Note:
    Just to test I connect to the new adam instance via ADSIedit and I can create and delete stuff without issue. I tried creating an OU called TESTOU in the root and had no problems.

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.