Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- We have IDM 4.0.2 and Citizens users login through a portal called HAG. HAG pointing to eDir.
- Now we going redirect HAG to AD. And we have changed some veto roles so we letting in Citizens to AD without Domain User rights.
- The problem we get, we only succed 600 Citizen out of 1000 we tested migrate. I have changed password on the user under eDir but with no help.
- I have a log with user PeBe0101 who succced to migrate and DaAl0101 which is failing.
- The only differens between the logs I can found under before lot of errors, this include under PeBe0101 log but not under DaAl0101
- DirXML: [10/21/16 11:48:15.40]: ADDriver: change password: old=(none), new=***
- DirXML: [10/21/16 11:48:15.41]: ADDriver: password change complete
- DirXML: [10/21/16 11:48:15.41]: ADDriver: set userAccountControl returns 0x0000
- [B]PeBe0101 log:[/B]
- DirXML: [10/21/16 11:48:13.96]: <nds dtdversion="4.0" ndsversion="8.x">
- <source>
- <product edition="Standard" version="4.0.2.2">DirXML</product>
- <contact>Novell, Inc.</contact>
- </source>
- <input>
- <query class-name="user" dest-dn="CN=19**0101****,ou=USERS,ou=META,ou=_TK,dc=ty***,dc=se" event-id="0" scope="entry">
- <search-class class-name="user"/>
- <read-attr/>
- </query>
- </input>
- </nds>
- DirXML: [10/21/16 11:48:13.97]: Loader: Calling subscriptionShim->execute()
- DirXML: [10/21/16 11:48:13.97]: Loader: XML Document:
- DirXML: [10/21/16 11:48:13.97]: <nds dtdversion="4.0" ndsversion="8.x">
- <source>
- <product edition="Standard" version="4.0.2.2">DirXML</product>
- <contact>Novell, Inc.</contact>
- </source>
- <input>
- <query class-name="user" dest-dn="CN=19**0101****,ou=USERS,ou=META,ou=_TK,dc=ty***,dc=se" event-id="0" scope="entry">
- <search-class class-name="user"/>
- <read-attr/>
- </query>
- </input>
- </nds>
- DirXML: [10/21/16 11:48:13.97]: ADDriver: parse command
- className user
- destDN CN=19**0101****,ou=USERS,ou=META,ou=_TK,dc=ty***,dc=se
- eventId 0
- association
- DirXML: [10/21/16 11:48:13.97]: ADDriver: query
- DirXML: [10/21/16 11:48:13.97]: ADDriver: query constraints
- DirXML: [10/21/16 11:48:13.97]: ADDriver: search-class user
- DirXML: [10/21/16 11:48:13.97]: ADDriver: read-attr (do not return attributes)
- DirXML: [10/21/16 11:48:13.97]: ADDriver: Connect using ldap_bind: user=ServiceAccount, domain=, password=***, method=negotiate, server=localhost, sign=no, seal=no ssl=yes
- DirXML: [10/21/16 11:48:14.21]: ADDriver: ldap_bind connection succeeded
- DirXML: [10/21/16 11:48:14.21]: ADDriver: query
- base DN: CN=19**0101****,ou=USERS,ou=META,ou=_TK,dc=ty***,dc=se,
- filter: (&(objectCategory=CN=Person,CN=Schema,CN=Configuration,DC=ty***,DC=se)(objectClass=user)),
- return: (attribute values) objectClass, objectGUID,
- DirXML: [10/21/16 11:48:14.21]: ADDriver: query
- base DN: CN=19**0101****,ou=USERS,ou=META,ou=_TK,dc=ty***,dc=se,
- filter: (&(objectCategory=CN=Person,CN=Schema,CN=Configuration,DC=ty***,DC=se)(objectClass=user)),
- return: (attribute values) objectClass, objectGUID,
- DirXML: [10/21/16 11:48:14.21]: ADDriver: ldap get next page ( 2147483647)
- DirXML: [10/21/16 11:48:14.21]: Loader: subscriptionShim->execute() returned:
- DirXML: [10/21/16 11:48:14.21]: Loader: XML Document:
- DirXML: [10/21/16 11:48:14.21]: <nds ndsversion="8.7" dtdversion="1.1">
- <source>
- <product version="4.0.0.2" asn1id="" build="20130813_120000" instance="\TK-IDVAULT2\TK\System\DriverSet02\AD ty*** Prod">AD</product>
- <contact>Novell, Inc.</contact>
- </source>
- <output>
- <status level="success" event-id="0"/>
- </output>
- </nds>
- DirXML: [10/21/16 11:48:14.21]:
- DirXML Log Event -------------------
- Driver = \TK-IDVAULT2\TK\System\DriverSet02\AD ty*** Prod
- Thread = Subscriber Channel
- Level = success
- DirXML: [10/21/16 11:48:15.19]: Loader: Received 'subscriber execute' document
- DirXML: [10/21/16 11:48:15.19]: Loader: XML Document:
- DirXML: [10/21/16 11:48:15.19]: <nds dtdversion="4.0" ndsversion="8.x">
- <source>
- <product edition="Standard" version="4.0.2.2">DirXML</product>
- <contact>Novell, Inc.</contact>
- </source>
- <input>
- <add cached-time="20161021094812.760Z" class-name="user" dest-dn="CN=PeBe0101,ou=USERS,ou=META,ou=_TK,dc=ty***,dc=se" event-id="IDM01-NDS#20161021094812#99#1:ad11fd2c-5f75-46ee-80c4-169f730601d2" qualified-src-dn="O=TK\OU=Meta\OU=Identities\CN=19**0101****" src-dn="\TK-IDVAULT2\TK\Meta\Identities\19**0101****" src-entry-id="54531" timestamp="0#0">
- <add-attr attr-name="displayName">
- <value timestamp="1326733470#15" type="string">Pe*** Be***</value>
- </add-attr>
- <add-attr attr-name="givenName">
- <value timestamp="1326733470#5" type="string">Pe***</value>
- </add-attr>
- <add-attr attr-name="sAMAccountName">
- <value timestamp="1326733470#17" type="string">PeBe0101</value>
- </add-attr>
- <add-attr attr-name="sn">
- <value timestamp="1326733470#6" type="string">Be***</value>
- </add-attr>
- <add-attr attr-name="employeeID">
- <value timestamp="1326733470#4" type="string">19**0101****</value>
- </add-attr>
- <add-attr attr-name="userPrincipalName">
- <value>PeBe0101@ty***.se</value>
- </add-attr>
- <add-attr attr-name="dirxml-uACAccountDisable">
- <value type="string">false</value>
- </add-attr>
- <add-attr attr-name="dirxml-uACAccountDisable">
- <value type="string">false</value>
- </add-attr>
- <add-attr attr-name="accountExpires">
- <value type="string">0</value>
- </add-attr>
- <add-attr attr-name="homePhone">
- <value type="string">+46700000000</value>
- </add-attr>
- <add-attr attr-name="accountExpires">
- <value>0</value>
- </add-attr>
- <add-attr attr-name="extensionAttribute3">
- <value type="string">Citizen</value>
- </add-attr>
- <pa
- DirXML: [10/21/16 11:48:15.19]: ssword><!-- content suppressed --></password>
- </add>
- <modify class-name="user" dest-dn="CN=PeBe0101,ou=USERS,ou=META,ou=_TK,dc=ty***,dc=se" event-id="IDM01-NDS#20161021094812#99#1:ad11fd2c-5f75-46ee-80c4-169f730601d2" qualified-src-dn="O=TK\OU=Meta\OU=Identities\CN=19**0101****" src-dn="\TK-IDVAULT2\TK\Meta\Identities\19**0101****" src-entry-id="54531">
- <modify-attr attr-name="PSExecute">
- <remove-all-values/>
- <add-value>
- <value type="string">Set-ADUser -Identity PeBe0101 -Replace @{primarygroupid=48442}</value>
- </add-value>
- </modify-attr>
- </modify>
- <modify class-name="group" event-id="IDM01-NDS#20161021094812#99#1:ad11fd2c-5f75-46ee-80c4-169f730601d2">
- <association>8527796a9bb60a4da4ecbd73897d3e96</association>
- <modify-attr attr-name="member">
- <add-value>
- <value type="string">CN=PeBe0101,ou=USERS,ou=META,ou=_TK,dc=ty***,dc=se</value>
- </add-value>
- </modify-attr>
- </modify>
- </input>
- </nds>
- DirXML: [10/21/16 11:48:15.19]: Loader: Calling subscriptionShim->execute()
- DirXML: [10/21/16 11:48:15.19]: Loader: XML Document:
- DirXML: [10/21/16 11:48:15.19]: <nds dtdversion="4.0" ndsversion="8.x">
- <source>
- <product edition="Standard" version="4.0.2.2">DirXML</product>
- <contact>Novell, Inc.</contact>
- </source>
- <input>
- <add cached-time="20161021094812.760Z" class-name="user" dest-dn="CN=PeBe0101,ou=USERS,ou=META,ou=_TK,dc=ty***,dc=se" event-id="IDM01-NDS#20161021094812#99#1:ad11fd2c-5f75-46ee-80c4-169f730601d2" qualified-src-dn="O=TK\OU=Meta\OU=Identities\CN=19**0101****" src-dn="\TK-IDVAULT2\TK\Meta\Identities\19**0101****" src-entry-id="54531" timestamp="0#0">
- <add-attr attr-name="displayName">
- <value timestamp="1326733470#15" type="string">Pe*** Be***</value>
- </add-attr>
- <add-attr attr-name="givenName">
- <value timestamp="1326733470#5" type="string">Pe***</value>
- </add-attr>
- <add-attr attr-name="sAMAccountName">
- <value timestamp="1326733470#17" type="string">PeBe0101</value>
- </add-attr>
- <add-attr attr-name="sn">
- <value timestamp="1326733470#6" type="string">Be***</value>
- </add-attr>
- <add-attr attr-name="employeeID">
- <value timestamp="1326733470#4" type="string">19**0101****</value>
- </add-attr>
- <add-attr attr-name="userPrincipalName">
- <value>PeBe0101@ty***.se</value>
- </add-attr>
- <add-attr attr-name="dirxml-uACAccountDisable">
- <value type="string">false</value>
- </add-attr>
- <add-attr attr-name="dirxml-uACAccountDisable">
- <value type="string">false</value>
- </add-attr>
- <add-attr attr-name="accountExpires">
- <value type="string">0</value>
- </add-attr>
- <add-attr attr-name="homePhone">
- <value type="string">+46700000000</value>
- </add-attr>
- <add-attr attr-name="accountExpires">
- <value>0</value>
- </add-attr>
- <add-attr attr-name="extensionAttribute3">
- <value type="string">Citizen</value>
- </add-attr>
- <pa
- DirXML: [10/21/16 11:48:15.19]: ssword><!-- content suppressed --></password>
- </add>
- <modify class-name="user" dest-dn="CN=PeBe0101,ou=USERS,ou=META,ou=_TK,dc=ty***,dc=se" event-id="IDM01-NDS#20161021094812#99#1:ad11fd2c-5f75-46ee-80c4-169f730601d2" qualified-src-dn="O=TK\OU=Meta\OU=Identities\CN=19**0101****" src-dn="\TK-IDVAULT2\TK\Meta\Identities\19**0101****" src-entry-id="54531">
- <modify-attr attr-name="PSExecute">
- <remove-all-values/>
- <add-value>
- <value type="string">Set-ADUser -Identity PeBe0101 -Replace @{primarygroupid=48442}</value>
- </add-value>
- </modify-attr>
- </modify>
- <modify class-name="group" event-id="IDM01-NDS#20161021094812#99#1:ad11fd2c-5f75-46ee-80c4-169f730601d2">
- <association>8527796a9bb60a4da4ecbd73897d3e96</association>
- <modify-attr attr-name="member">
- <add-value>
- <value type="string">CN=PeBe0101,ou=USERS,ou=META,ou=_TK,dc=ty***,dc=se</value>
- </add-value>
- </modify-attr>
- </modify>
- </input>
- </nds>
- DirXML: [10/21/16 11:48:15.19]: ADDriver: parse command
- className user
- destDN CN=PeBe0101,ou=USERS,ou=META,ou=_TK,dc=ty***,dc=se
- eventId IDM01-NDS#20161021094812#99#1:ad11fd2c-5f75-46ee-80c4-169f730601d2
- association
- DirXML: [10/21/16 11:48:15.19]: ADDriver: MadCommandAdd::onCommand
- DirXML: [10/21/16 11:48:15.19]: ADDriver: MadCommandAdd::insertXdsAttributes()
- DirXML: [10/21/16 11:48:15.19]: ADDriver: displayName
- DirXML: [10/21/16 11:48:15.19]: ADDriver: givenName
- DirXML: [10/21/16 11:48:15.19]: ADDriver: sAMAccountName
- DirXML: [10/21/16 11:48:15.35]: ADDriver: Imported attribute sAMAccountName
- MAD syntax DirectoryString (2.5.5.12,64)
- XDS syntax string
- Single valued true
- Case sensitive false
- DirXML: [10/21/16 11:48:15.35]: ADDriver: sn
- DirXML: [10/21/16 11:48:15.35]: ADDriver: Imported attribute sn
- MAD syntax DirectoryString (2.5.5.12,64)
- XDS syntax string
- Single valued true
- Case sensitive false
- DirXML: [10/21/16 11:48:15.35]: ADDriver: employeeID
- DirXML: [10/21/16 11:48:15.35]: ADDriver: Imported attribute employeeID
- MAD syntax DirectoryString (2.5.5.12,64)
- XDS syntax string
- Single valued true
- Case sensitive false
- DirXML: [10/21/16 11:48:15.35]: ADDriver: userPrincipalName
- DirXML: [10/21/16 11:48:15.35]: ADDriver: dirxml-uACAccountDisable
- DirXML: [10/21/16 11:48:15.35]: ADDriver: dirxml-uACAccountDisable
- DirXML: [10/21/16 11:48:15.35]: ADDriver: accountExpires
- DirXML: [10/21/16 11:48:15.35]: ADDriver: homePhone
- DirXML: [10/21/16 11:48:15.35]: ADDriver: accountExpires
- DirXML: [10/21/16 11:48:15.35]: ADDriver: extensionAttribute3
- DirXML: [10/21/16 11:48:15.35]: ADDriver: Imported attribute extensionAttribute3
- MAD syntax DirectoryString (2.5.5.12,64)
- XDS syntax string
- Single valued true
- Case sensitive false
- DirXML: [10/21/16 11:48:15.35]: ADDriver: Add user CN=PeBe0101,ou=USERS,ou=META,ou=_TK,dc=ty***,dc=se
- LDAPMod operations:
- add attribute objectClass
- >> user
- add attribute objectCategory
- >> CN=Person,CN=Schema,CN=Configuration,DC=ty***,DC=se
- add attribute displayName
- >> Pe*** Be***
- add attribute givenName
- >> Pe***
- add attribute sAMAccountName
- >> PeBe0101
- add attribute sn
- >> Be***
- add attribute employeeID
- >> 19**0101****
- add attribute userPrincipalName
- >> PeBe0101@ty***.se
- add attribute accountExpires
- >> 0
- add attribute homePhone
- >> +46700000000
- add attribute accountExpires
- >> 0
- add attribute extensionAttribute3
- >> Citizen
- DirXML: [10/21/16 11:48:15.40]: ADDriver: change password: old=(none), new=***
- DirXML: [10/21/16 11:48:15.41]: ADDriver: password change complete
- DirXML: [10/21/16 11:48:15.41]: ADDriver: set userAccountControl returns 0x0000
- DirXML: [10/21/16 11:48:15.41]: ADDriver: parse command
- className user
- destDN CN=PeBe0101,ou=USERS,ou=META,ou=_TK,dc=ty***,dc=se
- eventId IDM01-NDS#20161021094812#99#1:ad11fd2c-5f75-46ee-80c4-169f730601d2
- association
- DirXML: [10/21/16 11:48:15.41]: ADDriver: parse modify class = user
- DirXML: [10/21/16 11:48:15.41]: ADDriver: modify-attr
- DirXML: [10/21/16 11:48:15.41]: ADDriver: remove-all-values
- DirXML: [10/21/16 11:48:15.41]: ADDriver: add-value
- DirXML: [10/21/16 11:48:15.41]: ADDriver: value
- DirXML: [10/21/16 11:48:15.41]: ADDriver: Set-ADUser -Identity PeBe0101 -Replace @{primarygroupid=48442}
- DirXML: [10/21/16 11:48:15.41]: ADDriver: ldap_modify user CN=PeBe0101,ou=USERS,ou=META,ou=_TK,dc=ty***,dc=se
- LDAPMod operations:
- DirXML: [10/21/16 11:48:15.41]: ADDriver: Executing Power Shell Command:
- DirXML: [10/21/16 11:48:15.41]: ADDriver: Set-ADUser -Identity PeBe0101 -Replace @{primarygroupid=48442}
- DirXML: [10/21/16 11:48:15.43]: Loader: Received document from publicationShim
- DirXML: [10/21/16 11:48:15.43]: Loader: XML Document:
- DirXML: [10/21/16 11:48:15.43]: <nds dtdversion="2.2">
- <source>
- <product build="20130813_120000" instance="\TK-IDVAULT2\TK\System\DriverSet02\AD ty*** Prod" version="4.0.0.2">AD</product>
- <contact>Novell, Inc.</contact>
- </source>
- <input>
- <modify-password event-id="AD ty*** Prod##157e6a414c7##1" class-name="user" src-dn="CN=PeBe0101,OU=USERS,OU=META,OU=_TK,DC=ty***,DC=se" password-admin-reset="true">
- <association>430b71ba64e5584f8ccafc9dfa209994</association>
- <password><!-- content suppressed --></password>
- </modify-password>
- </input>
- </nds>
- DirXML: [10/21/16 11:48:15.44]: ADDriver: PowerShell: IDM PowerShell Service Response ERROR: The specified user account is not a member of the specified group account
- DirXML: [10/21/16 11:48:15.52]: ADDriver: parse command
- className group
- destDN
- eventId IDM01-NDS#20161021094812#99#1:ad11fd2c-5f75-46ee-80c4-169f730601d2
- association 8527796a9bb60a4da4ecbd73897d3e96
- DirXML: [10/21/16 11:48:15.52]: ADDriver: parse modify class = group
- DirXML: [10/21/16 11:48:15.52]: ADDriver: association
- DirXML: [10/21/16 11:48:15.52]: ADDriver: 8527796a9bb60a4da4ecbd73897d3e96
- DirXML: [10/21/16 11:48:15.52]: ADDriver: modify-attr
- DirXML: [10/21/16 11:48:15.52]: ADDriver: add-value
- DirXML: [10/21/16 11:48:15.52]: ADDriver: value
- DirXML: [10/21/16 11:48:15.52]: ADDriver: CN=PeBe0101,ou=USERS,ou=META,ou=_TK,dc=ty***,dc=se
- DirXML: [10/21/16 11:48:15.52]: ADDriver: ldap_modify group CN=Citizen,OU=GROUPS,OU=META,OU=_TK,DC=ty***,DC=se
- LDAPMod operations:
- add attribute member
- >> CN=PeBe0101,ou=USERS,ou=META,ou=_TK,dc=ty***,dc=se
- DirXML: [10/21/16 11:48:15.55]: Loader: subscriptionShim->execute() returned:
- DirXML: [10/21/16 11:48:15.55]: Loader: XML Document:
- DirXML: [10/21/16 11:48:15.55]: <nds ndsversion="8.7" dtdversion="1.1">
- <source>
- <product version="4.0.0.2" asn1id="" build="20130813_120000" instance="\TK-IDVAULT2\TK\System\DriverSet02\AD ty*** Prod">AD</product>
- <contact>Novell, Inc.</contact>
- </source>
- <output>
- <add-association dest-dn="\TK-IDVAULT2\TK\Meta\Identities\19**0101****" dest-entry-id="54531" event-id="IDM01-NDS#20161021094812#99#1:ad11fd2c-5f75-46ee-80c4-169f730601d2">430b71ba64e5584f8ccafc9dfa209994</add-association>
- <status level="success" event-id="IDM01-NDS#20161021094812#99#1:ad11fd2c-5f75-46ee-80c4-169f730601d2"/>
- <status level="error" type="powershell" event-id="IDM01-NDS#20161021094812#99#1:ad11fd2c-5f75-46ee-80c4-169f730601d2">Error completing powershell command. ERROR: The specified user account is not a member of the specified group account</status>
- <status level="success" event-id="IDM01-NDS#20161021094812#99#1:ad11fd2c-5f75-46ee-80c4-169f730601d2"/>
- <status level="success" event-id="IDM01-NDS#20161021094812#99#1:ad11fd2c-5f75-46ee-80c4-169f730601d2"/>
- </output>
- </nds>
- DirXML: [10/21/16 11:48:15.55]:
- DirXML Log Event -------------------
- Driver = \TK-IDVAULT2\TK\System\DriverSet02\AD ty*** Prod
- Thread = Subscriber Channel
- Object = \TK-IDVAULT2\TK\Meta\Identities\19**0101**** (CN=PeBe0101,ou=USERS,ou=META,ou=_TK,dc=ty***,dc=se)
- Level = success
- DirXML: [10/21/16 11:48:15.55]:
- DirXML Log Event -------------------
- Driver = \TK-IDVAULT2\TK\System\DriverSet02\AD ty*** Prod
- Thread = Subscriber Channel
- Object = \TK-IDVAULT2\TK\Meta\Identities\19**0101**** (CN=PeBe0101,ou=USERS,ou=META,ou=_TK,dc=ty***,dc=se)
- Level = error
- Message = Error completing powershell command. ERROR: The specified user account is not a member of the specified group account
- DirXML: [10/21/16 11:48:15.55]:
- DirXML Log Event -------------------
- Driver = \TK-IDVAULT2\TK\System\DriverSet02\AD ty*** Prod
- Thread = Subscriber Channel
- Object = \TK-IDVAULT2\TK\Meta\Identities\19**0101**** (CN=PeBe0101,ou=USERS,ou=META,ou=_TK,dc=ty***,dc=se)
- Level = success
- DirXML: [10/21/16 11:48:15.55]:
- DirXML Log Event -------------------
- Driver = \TK-IDVAULT2\TK\System\DriverSet02\AD ty*** Prod
- Thread = Subscriber Channel
- Object = \TK-IDVAULT2\TK\Meta\Identities\19**0101**** (CN=PeBe0101,ou=USERS,ou=META,ou=_TK,dc=ty***,dc=se)
- Level = success
- DirXML: [10/21/16 11:48:15.58]: Loader: Received 'publisher reply' document
- [B]DaAl0101 log:[/B]
- DirXML: [10/21/16 13:00:49.40]: Loader: Received 'subscriber execute' document
- DirXML: [10/21/16 13:00:49.40]: Loader: XML Document:
- DirXML: [10/21/16 13:00:49.40]: <nds dtdversion="4.0" ndsversion="8.x">
- <source>
- <product edition="Standard" version="4.0.2.2">DirXML</product>
- <contact>Novell, Inc.</contact>
- </source>
- <input>
- <query class-name="user" dest-dn="CN=19**0101****,ou=USERS,ou=META,ou=_TK,dc=ty**,dc=se" event-id="0" scope="entry">
- <search-class class-name="user"/>
- <read-attr/>
- </query>
- </input>
- </nds>
- DirXML: [10/21/16 13:00:49.40]: Loader: Calling subscriptionShim->execute()
- DirXML: [10/21/16 13:00:49.40]: Loader: XML Document:
- DirXML: [10/21/16 13:00:49.40]: <nds dtdversion="4.0" ndsversion="8.x">
- <source>
- <product edition="Standard" version="4.0.2.2">DirXML</product>
- <contact>Novell, Inc.</contact>
- </source>
- <input>
- <query class-name="user" dest-dn="CN=19**0101****,ou=USERS,ou=META,ou=_TK,dc=ty**,dc=se" event-id="0" scope="entry">
- <search-class class-name="user"/>
- <read-attr/>
- </query>
- </input>
- </nds>
- DirXML: [10/21/16 13:00:49.40]: ADDriver: parse command
- className user
- destDN CN=19**0101****,ou=USERS,ou=META,ou=_TK,dc=ty**,dc=se
- eventId 0
- association
- DirXML: [10/21/16 13:00:49.40]: ADDriver: query
- DirXML: [10/21/16 13:00:49.40]: ADDriver: query constraints
- DirXML: [10/21/16 13:00:49.40]: ADDriver: search-class user
- DirXML: [10/21/16 13:00:49.40]: ADDriver: read-attr (do not return attributes)
- DirXML: [10/21/16 13:00:49.40]: ADDriver: query
- base DN: CN=19**0101****,ou=USERS,ou=META,ou=_TK,dc=ty**,dc=se,
- filter: (&(objectCategory=CN=Person,CN=Schema,CN=Configuration,DC=ty**,DC=se)(objectClass=user)),
- return: (attribute values) objectClass, objectGUID,
- DirXML: [10/21/16 13:00:49.40]: ADDriver: query
- base DN: CN=19**0101****,ou=USERS,ou=META,ou=_TK,dc=ty**,dc=se,
- filter: (&(objectCategory=CN=Person,CN=Schema,CN=Configuration,DC=ty**,DC=se)(objectClass=user)),
- return: (attribute values) objectClass, objectGUID,
- DirXML: [10/21/16 13:00:49.40]: ADDriver: ldap get next page ( 2147483647)
- DirXML: [10/21/16 13:00:49.40]: Loader: subscriptionShim->execute() returned:
- DirXML: [10/21/16 13:00:49.40]: Loader: XML Document:
- DirXML: [10/21/16 13:00:49.40]: <nds ndsversion="8.7" dtdversion="1.1">
- <source>
- <product version="4.0.0.2" asn1id="" build="20130813_120000" instance="\TK-IDVAULT2\TK\System\DriverSet02\AD ty** Prod">AD</product>
- <contact>Novell, Inc.</contact>
- </source>
- <output>
- <status level="success" event-id="0"/>
- </output>
- </nds>
- DirXML: [10/21/16 13:00:49.40]:
- DirXML Log Event -------------------
- Driver = \TK-IDVAULT2\TK\System\DriverSet02\AD ty** Prod
- Thread = Subscriber Channel
- Level = success
- DirXML: [10/21/16 13:00:50.21]: Loader: Received 'subscriber execute' document
- DirXML: [10/21/16 13:00:50.57]: Loader: XML Document:
- DirXML: [10/21/16 13:00:50.57]: <nds dtdversion="4.0" ndsversion="8.x">
- <source>
- <product edition="Standard" version="4.0.2.2">DirXML</product>
- <contact>Novell, Inc.</contact>
- </source>
- <input>
- <add cached-time="20161021110046.961Z" class-name="user" dest-dn="CN=DaAl0101,ou=USERS,ou=META,ou=_TK,dc=ty**,dc=se" event-id="IDM01-NDS#20161021110043#3#2:b3501c97-f8dc-4a30-a28c-790577c5e571" qualified-src-dn="O=TK\OU=Meta\OU=Identities\CN=19**0101****" src-dn="\TK-IDVAULT2\TK\Meta\Identities\19**0101****" src-entry-id="58799" timestamp="1477047646#15">
- <add-attr attr-name="displayName">
- <value timestamp="1365744671#12" type="string">Da*** Al**</value>
- </add-attr>
- <add-attr attr-name="givenName">
- <value timestamp="1365744671#5" type="string">Da***</value>
- </add-attr>
- <add-attr attr-name="sAMAccountName">
- <value timestamp="1365744671#14" type="string">DaAl0101</value>
- </add-attr>
- <add-attr attr-name="sn">
- <value timestamp="1365744671#6" type="string">Al**</value>
- </add-attr>
- <add-attr attr-name="employeeID">
- <value timestamp="1365744671#4" type="string">19**0101****</value>
- </add-attr>
- <add-attr attr-name="userPrincipalName">
- <value>DaAl0101@ty**.se</value>
- </add-attr>
- <add-attr attr-name="dirxml-uACAccountDisable">
- <value type="string">false</value>
- </add-attr>
- <add-attr attr-name="dirxml-uACAccountDisable">
- <value type="string">false</value>
- </add-attr>
- <add-attr attr-name="accountExpires">
- <value type="string">0</value>
- </add-attr>
- <add-attr attr-name="homePhone">
- <value type="string"/>
- </add-attr>
- <add-attr attr-name="accountExpires">
- <value>0</value>
- </add-attr>
- <add-attr attr-name="extensionAttribute3">
- <value type="string">Citizen</value>
- </ad
- DirXML: [10/21/16 13:00:50.57]: d-attr>
- <password><!-- content suppressed --></password>
- </add>
- <modify class-name="user" dest-dn="CN=DaAl0101,ou=USERS,ou=META,ou=_TK,dc=ty**,dc=se" event-id="IDM01-NDS#20161021110043#3#2:b3501c97-f8dc-4a30-a28c-790577c5e571" qualified-src-dn="O=TK\OU=Meta\OU=Identities\CN=19**0101****" src-dn="\TK-IDVAULT2\TK\Meta\Identities\19**0101****" src-entry-id="58799">
- <modify-attr attr-name="PSExecute">
- <remove-all-values/>
- <add-value>
- <value type="string">Set-ADUser -Identity DaAl0101 -Replace @{primarygroupid=48442}</value>
- </add-value>
- </modify-attr>
- <modify-attr attr-name="PSExecute">
- <remove-all-values/>
- <add-value>
- <value type="string">Remove-ADGroupMember -Identity "Domain Users" -Members "DaAl0101" -Confirm:$false</value>
- </add-value>
- </modify-attr>
- </modify>
- <modify class-name="group" event-id="IDM01-NDS#20161021110043#3#2:b3501c97-f8dc-4a30-a28c-790577c5e571">
- <association>8527796a9bb60a4da4ecbd73897d3e96</association>
- <modify-attr attr-name="member">
- <add-value>
- <value type="string">CN=DaAl0101,ou=USERS,ou=META,ou=_TK,dc=ty**,dc=se</value>
- </add-value>
- </modify-attr>
- </modify>
- </input>
- </nds>
- DirXML: [10/21/16 13:00:50.57]: Loader: Calling subscriptionShim->execute()
- DirXML: [10/21/16 13:00:50.57]: Loader: XML Document:
- DirXML: [10/21/16 13:00:50.57]: <nds dtdversion="4.0" ndsversion="8.x">
- <source>
- <product edition="Standard" version="4.0.2.2">DirXML</product>
- <contact>Novell, Inc.</contact>
- </source>
- <input>
- <add cached-time="20161021110046.961Z" class-name="user" dest-dn="CN=DaAl0101,ou=USERS,ou=META,ou=_TK,dc=ty**,dc=se" event-id="IDM01-NDS#20161021110043#3#2:b3501c97-f8dc-4a30-a28c-790577c5e571" qualified-src-dn="O=TK\OU=Meta\OU=Identities\CN=19**0101****" src-dn="\TK-IDVAULT2\TK\Meta\Identities\19**0101****" src-entry-id="58799" timestamp="1477047646#15">
- <add-attr attr-name="displayName">
- <value timestamp="1365744671#12" type="string">Da*** Al**</value>
- </add-attr>
- <add-attr attr-name="givenName">
- <value timestamp="1365744671#5" type="string">Da***</value>
- </add-attr>
- <add-attr attr-name="sAMAccountName">
- <value timestamp="1365744671#14" type="string">DaAl0101</value>
- </add-attr>
- <add-attr attr-name="sn">
- <value timestamp="1365744671#6" type="string">Al**</value>
- </add-attr>
- <add-attr attr-name="employeeID">
- <value timestamp="1365744671#4" type="string">19**0101****</value>
- </add-attr>
- <add-attr attr-name="userPrincipalName">
- <value>DaAl0101@ty**.se</value>
- </add-attr>
- <add-attr attr-name="dirxml-uACAccountDisable">
- <value type="string">false</value>
- </add-attr>
- <add-attr attr-name="dirxml-uACAccountDisable">
- <value type="string">false</value>
- </add-attr>
- <add-attr attr-name="accountExpires">
- <value type="string">0</value>
- </add-attr>
- <add-attr attr-name="homePhone">
- <value type="string"/>
- </add-attr>
- <add-attr attr-name="accountExpires">
- <value>0</value>
- </add-attr>
- <add-attr attr-name="extensionAttribute3">
- <value type="string">Citizen</value>
- </ad
- DirXML: [10/21/16 13:00:50.57]: d-attr>
- <password><!-- content suppressed --></password>
- </add>
- <modify class-name="user" dest-dn="CN=DaAl0101,ou=USERS,ou=META,ou=_TK,dc=ty**,dc=se" event-id="IDM01-NDS#20161021110043#3#2:b3501c97-f8dc-4a30-a28c-790577c5e571" qualified-src-dn="O=TK\OU=Meta\OU=Identities\CN=19**0101****" src-dn="\TK-IDVAULT2\TK\Meta\Identities\19**0101****" src-entry-id="58799">
- <modify-attr attr-name="PSExecute">
- <remove-all-values/>
- <add-value>
- <value type="string">Set-ADUser -Identity DaAl0101 -Replace @{primarygroupid=48442}</value>
- </add-value>
- </modify-attr>
- <modify-attr attr-name="PSExecute">
- <remove-all-values/>
- <add-value>
- <value type="string">Remove-ADGroupMember -Identity "Domain Users" -Members "DaAl0101" -Confirm:$false</value>
- </add-value>
- </modify-attr>
- </modify>
- <modify class-name="group" event-id="IDM01-NDS#20161021110043#3#2:b3501c97-f8dc-4a30-a28c-790577c5e571">
- <association>8527796a9bb60a4da4ecbd73897d3e96</association>
- <modify-attr attr-name="member">
- <add-value>
- <value type="string">CN=DaAl0101,ou=USERS,ou=META,ou=_TK,dc=ty**,dc=se</value>
- </add-value>
- </modify-attr>
- </modify>
- </input>
- </nds>
- DirXML: [10/21/16 13:00:50.57]: ADDriver: parse command
- className user
- destDN CN=DaAl0101,ou=USERS,ou=META,ou=_TK,dc=ty**,dc=se
- eventId IDM01-NDS#20161021110043#3#2:b3501c97-f8dc-4a30-a28c-790577c5e571
- association
- DirXML: [10/21/16 13:00:50.57]: ADDriver: MadCommandAdd::onCommand
- DirXML: [10/21/16 13:00:50.57]: ADDriver: MadCommandAdd::insertXdsAttributes()
- DirXML: [10/21/16 13:00:50.57]: ADDriver: displayName
- DirXML: [10/21/16 13:00:50.57]: ADDriver: givenName
- DirXML: [10/21/16 13:00:50.57]: ADDriver: sAMAccountName
- DirXML: [10/21/16 13:00:50.57]: ADDriver: sn
- DirXML: [10/21/16 13:00:50.57]: ADDriver: employeeID
- DirXML: [10/21/16 13:00:50.57]: ADDriver: userPrincipalName
- DirXML: [10/21/16 13:00:50.57]: ADDriver: dirxml-uACAccountDisable
- DirXML: [10/21/16 13:00:50.57]: ADDriver: dirxml-uACAccountDisable
- DirXML: [10/21/16 13:00:50.57]: ADDriver: accountExpires
- DirXML: [10/21/16 13:00:50.57]: ADDriver: homePhone
- DirXML: [10/21/16 13:00:50.57]: ADDriver: accountExpires
- DirXML: [10/21/16 13:00:50.57]: ADDriver: extensionAttribute3
- DirXML: [10/21/16 13:00:50.57]: ADDriver: Add user CN=DaAl0101,ou=USERS,ou=META,ou=_TK,dc=ty**,dc=se
- LDAPMod operations:
- add attribute objectClass
- >> user
- add attribute objectCategory
- >> CN=Person,CN=Schema,CN=Configuration,DC=ty**,DC=se
- add attribute displayName
- >> Da*** Al**
- add attribute givenName
- >> Da***
- add attribute sAMAccountName
- >> DaAl0101
- add attribute sn
- >> Al**
- add attribute employeeID
- >> 19**0101****
- add attribute userPrincipalName
- >> DaAl0101@ty**.se
- add attribute accountExpires
- >> 0
- add attribute homePhone
- >>
- add attribute accountExpires
- >> 0
- add attribute extensionAttribute3
- >> Citizen
- DirXML: [10/21/16 13:00:50.57]: ADDriver: parse command
- className user
- destDN CN=DaAl0101,ou=USERS,ou=META,ou=_TK,dc=ty**,dc=se
- eventId IDM01-NDS#20161021110043#3#2:b3501c97-f8dc-4a30-a28c-790577c5e571
- association
- DirXML: [10/21/16 13:00:50.57]: ADDriver: parse modify class = user
- DirXML: [10/21/16 13:00:50.57]: ADDriver: modify-attr
- DirXML: [10/21/16 13:00:50.57]: ADDriver: remove-all-values
- DirXML: [10/21/16 13:00:50.57]: ADDriver: add-value
- DirXML: [10/21/16 13:00:50.57]: ADDriver: value
- DirXML: [10/21/16 13:00:50.57]: ADDriver: Set-ADUser -Identity DaAl0101 -Replace @{primarygroupid=48442}
- DirXML: [10/21/16 13:00:50.57]: ADDriver: modify-attr
- DirXML: [10/21/16 13:00:50.57]: ADDriver: remove-all-values
- DirXML: [10/21/16 13:00:50.57]: ADDriver: add-value
- DirXML: [10/21/16 13:00:50.57]: ADDriver: value
- DirXML: [10/21/16 13:00:50.57]: ADDriver: Remove-ADGroupMember -Identity "Domain Users" -Members "DaAl0101" -Confirm:$false
- DirXML: [10/21/16 13:00:50.57]: ADDriver: ldap_modify user CN=DaAl0101,ou=USERS,ou=META,ou=_TK,dc=ty**,dc=se
- LDAPMod operations:
- DirXML: [10/21/16 13:00:50.57]: ADDriver: Executing Power Shell Command:
- DirXML: [10/21/16 13:00:50.57]: ADDriver: Remove-ADGroupMember -Identity "Domain Users" -Members "DaAl0101" -Confirm:$false
- DirXML: [10/21/16 13:00:50.60]: ADDriver: PowerShell: IDM PowerShell Service Response ERROR: Cannot find an object with identity: 'DaAl0101' under: 'DC=ty**,DC=se'.
- DirXML: [10/21/16 13:00:50.60]: ADDriver: parse command
- className group
- destDN
- eventId IDM01-NDS#20161021110043#3#2:b3501c97-f8dc-4a30-a28c-790577c5e571
- association 8527796a9bb60a4da4ecbd73897d3e96
- DirXML: [10/21/16 13:00:50.60]: ADDriver: parse modify class = group
- DirXML: [10/21/16 13:00:50.60]: ADDriver: association
- DirXML: [10/21/16 13:00:50.60]: ADDriver: 8527796a9bb60a4da4ecbd73897d3e96
- DirXML: [10/21/16 13:00:50.60]: ADDriver: modify-attr
- DirXML: [10/21/16 13:00:50.60]: ADDriver: add-value
- DirXML: [10/21/16 13:00:50.60]: ADDriver: value
- DirXML: [10/21/16 13:00:50.60]: ADDriver: CN=DaAl0101,ou=USERS,ou=META,ou=_TK,dc=ty**,dc=se
- DirXML: [10/21/16 13:00:50.60]: ADDriver: ldap_modify group CN=Citizen,OU=GROUPS,OU=META,OU=_TK,DC=ty**,DC=se
- LDAPMod operations:
- add attribute member
- >> CN=DaAl0101,ou=USERS,ou=META,ou=_TK,dc=ty**,dc=se
- DirXML: [10/21/16 13:00:50.60]: Loader: subscriptionShim->execute() returned:
- DirXML: [10/21/16 13:00:50.60]: Loader: XML Document:
- DirXML: [10/21/16 13:00:50.60]: <nds ndsversion="8.7" dtdversion="1.1">
- <source>
- <product version="4.0.0.2" asn1id="" build="20130813_120000" instance="\TK-IDVAULT2\TK\System\DriverSet02\AD ty** Prod">AD</product>
- <contact>Novell, Inc.</contact>
- </source>
- <output>
- <status level="error" type="driver-general" event-id="IDM01-NDS#20161021110043#3#2:b3501c97-f8dc-4a30-a28c-790577c5e571">
- <ldap-err ldap-rc="21" ldap-rc-name="LDAP_INVALID_SYNTAX">
- <client-err ldap-rc="21" ldap-rc-name="LDAP_INVALID_SYNTAX">Invalid Syntax</client-err>
- <server-err>00000057: LdapErr: DSID-0C090DA7, comment: Error in attribute conversion operation, data 0, v2580</server-err>
- <server-err-ex win32-rc="87"/>
- </ldap-err>
- </status>
- <status level="error" type="powershell" event-id="IDM01-NDS#20161021110043#3#2:b3501c97-f8dc-4a30-a28c-790577c5e571">Error completing powershell command. ERROR: Cannot find an object with identity: 'DaAl0101' under: 'DC=ty**,DC=se'.</status>
- <status level="success" event-id="IDM01-NDS#20161021110043#3#2:b3501c97-f8dc-4a30-a28c-790577c5e571"/>
- <status level="warning" type="driver-general" event-id="IDM01-NDS#20161021110043#3#2:b3501c97-f8dc-4a30-a28c-790577c5e571">
- <ldap-err ldap-rc="32" ldap-rc-name="LDAP_NO_SUCH_OBJECT">
- <client-err ldap-rc="32" ldap-rc-name="LDAP_NO_SUCH_OBJECT">No Such Object</client-err>
- <server-err>00000525: NameErr: DSID-031A1292, problem 2001 (NO_OBJECT), data 0, best match of:
- ''
- </server-err>
- <server-err-ex win32-rc="1317"/>
- </ldap-err>
- </status>
- </output>
- </nds>
- DirXML: [10/21/16 13:00:50.60]:
- DirXML Log Event -------------------
- Driver = \TK-IDVAULT2\TK\System\DriverSet02\AD ty** Prod
- Thread = Subscriber Channel
- Object = \TK-IDVAULT2\TK\Meta\Identities\19**0101**** (CN=DaAl0101,ou=USERS,ou=META,ou=_TK,dc=ty**,dc=se)
- Level = error
- Message = <ldap-err ldap-rc="21" ldap-rc-name="LDAP_INVALID_SYNTAX">
- <client-err ldap-rc="21" ldap-rc-name="LDAP_INVALID_SYNTAX">Invalid Syntax</client-err>
- <server-err>00000057: LdapErr: DSID-0C090DA7, comment: Error in attribute conversion operation, data 0, v2580</server-err>
- <server-err-ex win32-rc="87"/>
- </ldap-err>
- DirXML: [10/21/16 13:00:50.60]:
- DirXML Log Event -------------------
- Driver = \TK-IDVAULT2\TK\System\DriverSet02\AD ty** Prod
- Thread = Subscriber Channel
- Object = \TK-IDVAULT2\TK\Meta\Identities\19**0101**** (CN=DaAl0101,ou=USERS,ou=META,ou=_TK,dc=ty**,dc=se)
- Level = error
- Message = Error completing powershell command. ERROR: Cannot find an object with identity: 'DaAl0101' under: 'DC=ty**,DC=se'.
- DirXML: [10/21/16 13:00:50.60]:
- DirXML Log Event -------------------
- Driver = \TK-IDVAULT2\TK\System\DriverSet02\AD ty** Prod
- Thread = Subscriber Channel
- Object = \TK-IDVAULT2\TK\Meta\Identities\19**0101**** (CN=DaAl0101,ou=USERS,ou=META,ou=_TK,dc=ty**,dc=se)
- Level = success
- DirXML: [10/21/16 13:00:50.60]:
- DirXML Log Event -------------------
- Driver = \TK-IDVAULT2\TK\System\DriverSet02\AD ty** Prod
- Thread = Subscriber Channel
- Object = \TK-IDVAULT2\TK\Meta\Identities\19**0101**** (CN=DaAl0101,ou=USERS,ou=META,ou=_TK,dc=ty**,dc=se)
- Level = warning
- Message = <ldap-err ldap-rc="32" ldap-rc-name="LDAP_NO_SUCH_OBJECT">
- <client-err ldap-rc="32" ldap-rc-name="LDAP_NO_SUCH_OBJECT">No Such Object</client-err>
- <server-err>00000525: NameErr: DSID-031A1292, problem 2001 (NO_OBJECT), data 0, best match of:
- ''
- </server-err>
- <server-err-ex win32-rc="1317"/>
- </ldap-err>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement