API tools faq
paste
Advertisement
Guest User

Failed to Migrate one third Ctitzen Users from eDir to AD

a guest
Oct 24th, 2016
190
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 34.42 KB | None | 0 0
raw download clone embed print report
  1. We have IDM 4.0.2 and Citizens users login through a portal called HAG. HAG pointing to eDir.
  2. Now we going redirect HAG to AD. And we have changed some veto roles so we letting in Citizens to AD without Domain User rights.
  3.  
  4. The problem we get, we only succed 600 Citizen out of 1000 we tested migrate. I have changed password on the user under eDir but with no help.
  5. I have a log with user PeBe0101 who succced to migrate and DaAl0101 which is failing.
  6.  
  7. The only differens between the logs I can found under before lot of errors, this include under PeBe0101 log but not under DaAl0101
  8.  
  9. DirXML: [10/21/16 11:48:15.40]: ADDriver: change password: old=(none), new=***
  10. DirXML: [10/21/16 11:48:15.41]: ADDriver: password change complete
  11. DirXML: [10/21/16 11:48:15.41]: ADDriver: set userAccountControl returns 0x0000
  12.  
  13.  
  14.  
  15. [B]PeBe0101 log:[/B]
  16.  
  17. DirXML: [10/21/16 11:48:13.96]: <nds dtdversion="4.0" ndsversion="8.x">
  18. <source>
  19. <product edition="Standard" version="4.0.2.2">DirXML</product>
  20. <contact>Novell, Inc.</contact>
  21. </source>
  22. <input>
  23. <query class-name="user" dest-dn="CN=19**0101****,ou=USERS,ou=META,ou=_TK,dc=ty***,dc=se" event-id="0" scope="entry">
  24. <search-class class-name="user"/>
  25. <read-attr/>
  26. </query>
  27. </input>
  28. </nds>
  29. DirXML: [10/21/16 11:48:13.97]: Loader: Calling subscriptionShim->execute()
  30. DirXML: [10/21/16 11:48:13.97]: Loader: XML Document:
  31. DirXML: [10/21/16 11:48:13.97]: <nds dtdversion="4.0" ndsversion="8.x">
  32. <source>
  33. <product edition="Standard" version="4.0.2.2">DirXML</product>
  34. <contact>Novell, Inc.</contact>
  35. </source>
  36. <input>
  37. <query class-name="user" dest-dn="CN=19**0101****,ou=USERS,ou=META,ou=_TK,dc=ty***,dc=se" event-id="0" scope="entry">
  38. <search-class class-name="user"/>
  39. <read-attr/>
  40. </query>
  41. </input>
  42. </nds>
  43. DirXML: [10/21/16 11:48:13.97]: ADDriver: parse command
  44.  
  45. className user
  46. destDN CN=19**0101****,ou=USERS,ou=META,ou=_TK,dc=ty***,dc=se
  47. eventId 0
  48. association
  49. DirXML: [10/21/16 11:48:13.97]: ADDriver: query
  50. DirXML: [10/21/16 11:48:13.97]: ADDriver: query constraints
  51. DirXML: [10/21/16 11:48:13.97]: ADDriver: search-class user
  52. DirXML: [10/21/16 11:48:13.97]: ADDriver: read-attr (do not return attributes)
  53. DirXML: [10/21/16 11:48:13.97]: ADDriver: Connect using ldap_bind: user=ServiceAccount, domain=, password=***, method=negotiate, server=localhost, sign=no, seal=no ssl=yes
  54. DirXML: [10/21/16 11:48:14.21]: ADDriver: ldap_bind connection succeeded
  55. DirXML: [10/21/16 11:48:14.21]: ADDriver: query
  56. base DN: CN=19**0101****,ou=USERS,ou=META,ou=_TK,dc=ty***,dc=se,
  57. filter: (&(objectCategory=CN=Person,CN=Schema,CN=Configuration,DC=ty***,DC=se)(objectClass=user)),
  58. return: (attribute values) objectClass, objectGUID,
  59. DirXML: [10/21/16 11:48:14.21]: ADDriver: query
  60. base DN: CN=19**0101****,ou=USERS,ou=META,ou=_TK,dc=ty***,dc=se,
  61. filter: (&(objectCategory=CN=Person,CN=Schema,CN=Configuration,DC=ty***,DC=se)(objectClass=user)),
  62. return: (attribute values) objectClass, objectGUID,
  63. DirXML: [10/21/16 11:48:14.21]: ADDriver: ldap get next page ( 2147483647)
  64. DirXML: [10/21/16 11:48:14.21]: Loader: subscriptionShim->execute() returned:
  65. DirXML: [10/21/16 11:48:14.21]: Loader: XML Document:
  66. DirXML: [10/21/16 11:48:14.21]: <nds ndsversion="8.7" dtdversion="1.1">
  67. <source>
  68. <product version="4.0.0.2" asn1id="" build="20130813_120000" instance="\TK-IDVAULT2\TK\System\DriverSet02\AD ty*** Prod">AD</product>
  69. <contact>Novell, Inc.</contact>
  70. </source>
  71. <output>
  72. <status level="success" event-id="0"/>
  73. </output>
  74. </nds>
  75. DirXML: [10/21/16 11:48:14.21]:
  76. DirXML Log Event -------------------
  77. Driver = \TK-IDVAULT2\TK\System\DriverSet02\AD ty*** Prod
  78. Thread = Subscriber Channel
  79. Level = success
  80. DirXML: [10/21/16 11:48:15.19]: Loader: Received 'subscriber execute' document
  81. DirXML: [10/21/16 11:48:15.19]: Loader: XML Document:
  82. DirXML: [10/21/16 11:48:15.19]: <nds dtdversion="4.0" ndsversion="8.x">
  83. <source>
  84. <product edition="Standard" version="4.0.2.2">DirXML</product>
  85. <contact>Novell, Inc.</contact>
  86. </source>
  87. <input>
  88. <add cached-time="20161021094812.760Z" class-name="user" dest-dn="CN=PeBe0101,ou=USERS,ou=META,ou=_TK,dc=ty***,dc=se" event-id="IDM01-NDS#20161021094812#99#1:ad11fd2c-5f75-46ee-80c4-169f730601d2" qualified-src-dn="O=TK\OU=Meta\OU=Identities\CN=19**0101****" src-dn="\TK-IDVAULT2\TK\Meta\Identities\19**0101****" src-entry-id="54531" timestamp="0#0">
  89. <add-attr attr-name="displayName">
  90. <value timestamp="1326733470#15" type="string">Pe*** Be***</value>
  91. </add-attr>
  92. <add-attr attr-name="givenName">
  93. <value timestamp="1326733470#5" type="string">Pe***</value>
  94. </add-attr>
  95. <add-attr attr-name="sAMAccountName">
  96. <value timestamp="1326733470#17" type="string">PeBe0101</value>
  97. </add-attr>
  98. <add-attr attr-name="sn">
  99. <value timestamp="1326733470#6" type="string">Be***</value>
  100. </add-attr>
  101. <add-attr attr-name="employeeID">
  102. <value timestamp="1326733470#4" type="string">19**0101****</value>
  103. </add-attr>
  104. <add-attr attr-name="userPrincipalName">
  105. <value>PeBe0101@ty***.se</value>
  106. </add-attr>
  107. <add-attr attr-name="dirxml-uACAccountDisable">
  108. <value type="string">false</value>
  109. </add-attr>
  110. <add-attr attr-name="dirxml-uACAccountDisable">
  111. <value type="string">false</value>
  112. </add-attr>
  113. <add-attr attr-name="accountExpires">
  114. <value type="string">0</value>
  115. </add-attr>
  116. <add-attr attr-name="homePhone">
  117. <value type="string">+46700000000</value>
  118. </add-attr>
  119. <add-attr attr-name="accountExpires">
  120. <value>0</value>
  121. </add-attr>
  122. <add-attr attr-name="extensionAttribute3">
  123. <value type="string">Citizen</value>
  124. </add-attr>
  125. <pa
  126. DirXML: [10/21/16 11:48:15.19]: ssword><!-- content suppressed --></password>
  127. </add>
  128. <modify class-name="user" dest-dn="CN=PeBe0101,ou=USERS,ou=META,ou=_TK,dc=ty***,dc=se" event-id="IDM01-NDS#20161021094812#99#1:ad11fd2c-5f75-46ee-80c4-169f730601d2" qualified-src-dn="O=TK\OU=Meta\OU=Identities\CN=19**0101****" src-dn="\TK-IDVAULT2\TK\Meta\Identities\19**0101****" src-entry-id="54531">
  129. <modify-attr attr-name="PSExecute">
  130. <remove-all-values/>
  131. <add-value>
  132. <value type="string">Set-ADUser -Identity PeBe0101 -Replace @{primarygroupid=48442}</value>
  133. </add-value>
  134. </modify-attr>
  135. </modify>
  136. <modify class-name="group" event-id="IDM01-NDS#20161021094812#99#1:ad11fd2c-5f75-46ee-80c4-169f730601d2">
  137. <association>8527796a9bb60a4da4ecbd73897d3e96</association>
  138. <modify-attr attr-name="member">
  139. <add-value>
  140. <value type="string">CN=PeBe0101,ou=USERS,ou=META,ou=_TK,dc=ty***,dc=se</value>
  141. </add-value>
  142. </modify-attr>
  143. </modify>
  144. </input>
  145. </nds>
  146. DirXML: [10/21/16 11:48:15.19]: Loader: Calling subscriptionShim->execute()
  147. DirXML: [10/21/16 11:48:15.19]: Loader: XML Document:
  148. DirXML: [10/21/16 11:48:15.19]: <nds dtdversion="4.0" ndsversion="8.x">
  149. <source>
  150. <product edition="Standard" version="4.0.2.2">DirXML</product>
  151. <contact>Novell, Inc.</contact>
  152. </source>
  153. <input>
  154. <add cached-time="20161021094812.760Z" class-name="user" dest-dn="CN=PeBe0101,ou=USERS,ou=META,ou=_TK,dc=ty***,dc=se" event-id="IDM01-NDS#20161021094812#99#1:ad11fd2c-5f75-46ee-80c4-169f730601d2" qualified-src-dn="O=TK\OU=Meta\OU=Identities\CN=19**0101****" src-dn="\TK-IDVAULT2\TK\Meta\Identities\19**0101****" src-entry-id="54531" timestamp="0#0">
  155. <add-attr attr-name="displayName">
  156. <value timestamp="1326733470#15" type="string">Pe*** Be***</value>
  157. </add-attr>
  158. <add-attr attr-name="givenName">
  159. <value timestamp="1326733470#5" type="string">Pe***</value>
  160. </add-attr>
  161. <add-attr attr-name="sAMAccountName">
  162. <value timestamp="1326733470#17" type="string">PeBe0101</value>
  163. </add-attr>
  164. <add-attr attr-name="sn">
  165. <value timestamp="1326733470#6" type="string">Be***</value>
  166. </add-attr>
  167. <add-attr attr-name="employeeID">
  168. <value timestamp="1326733470#4" type="string">19**0101****</value>
  169. </add-attr>
  170. <add-attr attr-name="userPrincipalName">
  171. <value>PeBe0101@ty***.se</value>
  172. </add-attr>
  173. <add-attr attr-name="dirxml-uACAccountDisable">
  174. <value type="string">false</value>
  175. </add-attr>
  176. <add-attr attr-name="dirxml-uACAccountDisable">
  177. <value type="string">false</value>
  178. </add-attr>
  179. <add-attr attr-name="accountExpires">
  180. <value type="string">0</value>
  181. </add-attr>
  182. <add-attr attr-name="homePhone">
  183. <value type="string">+46700000000</value>
  184. </add-attr>
  185. <add-attr attr-name="accountExpires">
  186. <value>0</value>
  187. </add-attr>
  188. <add-attr attr-name="extensionAttribute3">
  189. <value type="string">Citizen</value>
  190. </add-attr>
  191. <pa
  192. DirXML: [10/21/16 11:48:15.19]: ssword><!-- content suppressed --></password>
  193. </add>
  194. <modify class-name="user" dest-dn="CN=PeBe0101,ou=USERS,ou=META,ou=_TK,dc=ty***,dc=se" event-id="IDM01-NDS#20161021094812#99#1:ad11fd2c-5f75-46ee-80c4-169f730601d2" qualified-src-dn="O=TK\OU=Meta\OU=Identities\CN=19**0101****" src-dn="\TK-IDVAULT2\TK\Meta\Identities\19**0101****" src-entry-id="54531">
  195. <modify-attr attr-name="PSExecute">
  196. <remove-all-values/>
  197. <add-value>
  198. <value type="string">Set-ADUser -Identity PeBe0101 -Replace @{primarygroupid=48442}</value>
  199. </add-value>
  200. </modify-attr>
  201. </modify>
  202. <modify class-name="group" event-id="IDM01-NDS#20161021094812#99#1:ad11fd2c-5f75-46ee-80c4-169f730601d2">
  203. <association>8527796a9bb60a4da4ecbd73897d3e96</association>
  204. <modify-attr attr-name="member">
  205. <add-value>
  206. <value type="string">CN=PeBe0101,ou=USERS,ou=META,ou=_TK,dc=ty***,dc=se</value>
  207. </add-value>
  208. </modify-attr>
  209. </modify>
  210. </input>
  211. </nds>
  212. DirXML: [10/21/16 11:48:15.19]: ADDriver: parse command
  213.  
  214. className user
  215. destDN CN=PeBe0101,ou=USERS,ou=META,ou=_TK,dc=ty***,dc=se
  216. eventId IDM01-NDS#20161021094812#99#1:ad11fd2c-5f75-46ee-80c4-169f730601d2
  217. association
  218. DirXML: [10/21/16 11:48:15.19]: ADDriver: MadCommandAdd::onCommand
  219. DirXML: [10/21/16 11:48:15.19]: ADDriver: MadCommandAdd::insertXdsAttributes()
  220. DirXML: [10/21/16 11:48:15.19]: ADDriver: displayName
  221. DirXML: [10/21/16 11:48:15.19]: ADDriver: givenName
  222. DirXML: [10/21/16 11:48:15.19]: ADDriver: sAMAccountName
  223. DirXML: [10/21/16 11:48:15.35]: ADDriver: Imported attribute sAMAccountName
  224. MAD syntax DirectoryString (2.5.5.12,64)
  225. XDS syntax string
  226. Single valued true
  227. Case sensitive false
  228. DirXML: [10/21/16 11:48:15.35]: ADDriver: sn
  229. DirXML: [10/21/16 11:48:15.35]: ADDriver: Imported attribute sn
  230. MAD syntax DirectoryString (2.5.5.12,64)
  231. XDS syntax string
  232. Single valued true
  233. Case sensitive false
  234. DirXML: [10/21/16 11:48:15.35]: ADDriver: employeeID
  235. DirXML: [10/21/16 11:48:15.35]: ADDriver: Imported attribute employeeID
  236. MAD syntax DirectoryString (2.5.5.12,64)
  237. XDS syntax string
  238. Single valued true
  239. Case sensitive false
  240. DirXML: [10/21/16 11:48:15.35]: ADDriver: userPrincipalName
  241. DirXML: [10/21/16 11:48:15.35]: ADDriver: dirxml-uACAccountDisable
  242. DirXML: [10/21/16 11:48:15.35]: ADDriver: dirxml-uACAccountDisable
  243. DirXML: [10/21/16 11:48:15.35]: ADDriver: accountExpires
  244. DirXML: [10/21/16 11:48:15.35]: ADDriver: homePhone
  245. DirXML: [10/21/16 11:48:15.35]: ADDriver: accountExpires
  246. DirXML: [10/21/16 11:48:15.35]: ADDriver: extensionAttribute3
  247. DirXML: [10/21/16 11:48:15.35]: ADDriver: Imported attribute extensionAttribute3
  248. MAD syntax DirectoryString (2.5.5.12,64)
  249. XDS syntax string
  250. Single valued true
  251. Case sensitive false
  252. DirXML: [10/21/16 11:48:15.35]: ADDriver: Add user CN=PeBe0101,ou=USERS,ou=META,ou=_TK,dc=ty***,dc=se
  253. LDAPMod operations:
  254. add attribute objectClass
  255. >> user
  256. add attribute objectCategory
  257. >> CN=Person,CN=Schema,CN=Configuration,DC=ty***,DC=se
  258. add attribute displayName
  259. >> Pe*** Be***
  260. add attribute givenName
  261. >> Pe***
  262. add attribute sAMAccountName
  263. >> PeBe0101
  264. add attribute sn
  265. >> Be***
  266. add attribute employeeID
  267. >> 19**0101****
  268. add attribute userPrincipalName
  269. >> PeBe0101@ty***.se
  270. add attribute accountExpires
  271. >> 0
  272. add attribute homePhone
  273. >> +46700000000
  274. add attribute accountExpires
  275. >> 0
  276. add attribute extensionAttribute3
  277. >> Citizen
  278. DirXML: [10/21/16 11:48:15.40]: ADDriver: change password: old=(none), new=***
  279. DirXML: [10/21/16 11:48:15.41]: ADDriver: password change complete
  280. DirXML: [10/21/16 11:48:15.41]: ADDriver: set userAccountControl returns 0x0000
  281. DirXML: [10/21/16 11:48:15.41]: ADDriver: parse command
  282.  
  283. className user
  284. destDN CN=PeBe0101,ou=USERS,ou=META,ou=_TK,dc=ty***,dc=se
  285. eventId IDM01-NDS#20161021094812#99#1:ad11fd2c-5f75-46ee-80c4-169f730601d2
  286. association
  287. DirXML: [10/21/16 11:48:15.41]: ADDriver: parse modify class = user
  288. DirXML: [10/21/16 11:48:15.41]: ADDriver: modify-attr
  289. DirXML: [10/21/16 11:48:15.41]: ADDriver: remove-all-values
  290. DirXML: [10/21/16 11:48:15.41]: ADDriver: add-value
  291. DirXML: [10/21/16 11:48:15.41]: ADDriver: value
  292. DirXML: [10/21/16 11:48:15.41]: ADDriver: Set-ADUser -Identity PeBe0101 -Replace @{primarygroupid=48442}
  293. DirXML: [10/21/16 11:48:15.41]: ADDriver: ldap_modify user CN=PeBe0101,ou=USERS,ou=META,ou=_TK,dc=ty***,dc=se
  294. LDAPMod operations:
  295. DirXML: [10/21/16 11:48:15.41]: ADDriver: Executing Power Shell Command:
  296. DirXML: [10/21/16 11:48:15.41]: ADDriver: Set-ADUser -Identity PeBe0101 -Replace @{primarygroupid=48442}
  297. DirXML: [10/21/16 11:48:15.43]: Loader: Received document from publicationShim
  298. DirXML: [10/21/16 11:48:15.43]: Loader: XML Document:
  299. DirXML: [10/21/16 11:48:15.43]: <nds dtdversion="2.2">
  300. <source>
  301. <product build="20130813_120000" instance="\TK-IDVAULT2\TK\System\DriverSet02\AD ty*** Prod" version="4.0.0.2">AD</product>
  302. <contact>Novell, Inc.</contact>
  303. </source>
  304. <input>
  305. <modify-password event-id="AD ty*** Prod##157e6a414c7##1" class-name="user" src-dn="CN=PeBe0101,OU=USERS,OU=META,OU=_TK,DC=ty***,DC=se" password-admin-reset="true">
  306. <association>430b71ba64e5584f8ccafc9dfa209994</association>
  307. <password><!-- content suppressed --></password>
  308. </modify-password>
  309. </input>
  310. </nds>
  311. DirXML: [10/21/16 11:48:15.44]: ADDriver: PowerShell: IDM PowerShell Service Response ERROR: The specified user account is not a member of the specified group account
  312. DirXML: [10/21/16 11:48:15.52]: ADDriver: parse command
  313.  
  314. className group
  315. destDN
  316. eventId IDM01-NDS#20161021094812#99#1:ad11fd2c-5f75-46ee-80c4-169f730601d2
  317. association 8527796a9bb60a4da4ecbd73897d3e96
  318. DirXML: [10/21/16 11:48:15.52]: ADDriver: parse modify class = group
  319. DirXML: [10/21/16 11:48:15.52]: ADDriver: association
  320. DirXML: [10/21/16 11:48:15.52]: ADDriver: 8527796a9bb60a4da4ecbd73897d3e96
  321. DirXML: [10/21/16 11:48:15.52]: ADDriver: modify-attr
  322. DirXML: [10/21/16 11:48:15.52]: ADDriver: add-value
  323. DirXML: [10/21/16 11:48:15.52]: ADDriver: value
  324. DirXML: [10/21/16 11:48:15.52]: ADDriver: CN=PeBe0101,ou=USERS,ou=META,ou=_TK,dc=ty***,dc=se
  325. DirXML: [10/21/16 11:48:15.52]: ADDriver: ldap_modify group CN=Citizen,OU=GROUPS,OU=META,OU=_TK,DC=ty***,DC=se
  326. LDAPMod operations:
  327. add attribute member
  328. >> CN=PeBe0101,ou=USERS,ou=META,ou=_TK,dc=ty***,dc=se
  329. DirXML: [10/21/16 11:48:15.55]: Loader: subscriptionShim->execute() returned:
  330. DirXML: [10/21/16 11:48:15.55]: Loader: XML Document:
  331. DirXML: [10/21/16 11:48:15.55]: <nds ndsversion="8.7" dtdversion="1.1">
  332. <source>
  333. <product version="4.0.0.2" asn1id="" build="20130813_120000" instance="\TK-IDVAULT2\TK\System\DriverSet02\AD ty*** Prod">AD</product>
  334. <contact>Novell, Inc.</contact>
  335. </source>
  336. <output>
  337. <add-association dest-dn="\TK-IDVAULT2\TK\Meta\Identities\19**0101****" dest-entry-id="54531" event-id="IDM01-NDS#20161021094812#99#1:ad11fd2c-5f75-46ee-80c4-169f730601d2">430b71ba64e5584f8ccafc9dfa209994</add-association>
  338. <status level="success" event-id="IDM01-NDS#20161021094812#99#1:ad11fd2c-5f75-46ee-80c4-169f730601d2"/>
  339. <status level="error" type="powershell" event-id="IDM01-NDS#20161021094812#99#1:ad11fd2c-5f75-46ee-80c4-169f730601d2">Error completing powershell command. ERROR: The specified user account is not a member of the specified group account</status>
  340. <status level="success" event-id="IDM01-NDS#20161021094812#99#1:ad11fd2c-5f75-46ee-80c4-169f730601d2"/>
  341. <status level="success" event-id="IDM01-NDS#20161021094812#99#1:ad11fd2c-5f75-46ee-80c4-169f730601d2"/>
  342. </output>
  343. </nds>
  344. DirXML: [10/21/16 11:48:15.55]:
  345. DirXML Log Event -------------------
  346. Driver = \TK-IDVAULT2\TK\System\DriverSet02\AD ty*** Prod
  347. Thread = Subscriber Channel
  348. Object = \TK-IDVAULT2\TK\Meta\Identities\19**0101**** (CN=PeBe0101,ou=USERS,ou=META,ou=_TK,dc=ty***,dc=se)
  349. Level = success
  350. DirXML: [10/21/16 11:48:15.55]:
  351. DirXML Log Event -------------------
  352. Driver = \TK-IDVAULT2\TK\System\DriverSet02\AD ty*** Prod
  353. Thread = Subscriber Channel
  354. Object = \TK-IDVAULT2\TK\Meta\Identities\19**0101**** (CN=PeBe0101,ou=USERS,ou=META,ou=_TK,dc=ty***,dc=se)
  355. Level = error
  356. Message = Error completing powershell command. ERROR: The specified user account is not a member of the specified group account
  357. DirXML: [10/21/16 11:48:15.55]:
  358. DirXML Log Event -------------------
  359. Driver = \TK-IDVAULT2\TK\System\DriverSet02\AD ty*** Prod
  360. Thread = Subscriber Channel
  361. Object = \TK-IDVAULT2\TK\Meta\Identities\19**0101**** (CN=PeBe0101,ou=USERS,ou=META,ou=_TK,dc=ty***,dc=se)
  362. Level = success
  363. DirXML: [10/21/16 11:48:15.55]:
  364. DirXML Log Event -------------------
  365. Driver = \TK-IDVAULT2\TK\System\DriverSet02\AD ty*** Prod
  366. Thread = Subscriber Channel
  367. Object = \TK-IDVAULT2\TK\Meta\Identities\19**0101**** (CN=PeBe0101,ou=USERS,ou=META,ou=_TK,dc=ty***,dc=se)
  368. Level = success
  369. DirXML: [10/21/16 11:48:15.58]: Loader: Received 'publisher reply' document
  370.  
  371.  
  372.  
  373.  
  374.  
  375. [B]DaAl0101 log:[/B]
  376.  
  377. DirXML: [10/21/16 13:00:49.40]: Loader: Received 'subscriber execute' document
  378. DirXML: [10/21/16 13:00:49.40]: Loader: XML Document:
  379. DirXML: [10/21/16 13:00:49.40]: <nds dtdversion="4.0" ndsversion="8.x">
  380. <source>
  381. <product edition="Standard" version="4.0.2.2">DirXML</product>
  382. <contact>Novell, Inc.</contact>
  383. </source>
  384. <input>
  385. <query class-name="user" dest-dn="CN=19**0101****,ou=USERS,ou=META,ou=_TK,dc=ty**,dc=se" event-id="0" scope="entry">
  386. <search-class class-name="user"/>
  387. <read-attr/>
  388. </query>
  389. </input>
  390. </nds>
  391. DirXML: [10/21/16 13:00:49.40]: Loader: Calling subscriptionShim->execute()
  392. DirXML: [10/21/16 13:00:49.40]: Loader: XML Document:
  393. DirXML: [10/21/16 13:00:49.40]: <nds dtdversion="4.0" ndsversion="8.x">
  394. <source>
  395. <product edition="Standard" version="4.0.2.2">DirXML</product>
  396. <contact>Novell, Inc.</contact>
  397. </source>
  398. <input>
  399. <query class-name="user" dest-dn="CN=19**0101****,ou=USERS,ou=META,ou=_TK,dc=ty**,dc=se" event-id="0" scope="entry">
  400. <search-class class-name="user"/>
  401. <read-attr/>
  402. </query>
  403. </input>
  404. </nds>
  405. DirXML: [10/21/16 13:00:49.40]: ADDriver: parse command
  406.  
  407. className user
  408. destDN CN=19**0101****,ou=USERS,ou=META,ou=_TK,dc=ty**,dc=se
  409. eventId 0
  410. association
  411. DirXML: [10/21/16 13:00:49.40]: ADDriver: query
  412. DirXML: [10/21/16 13:00:49.40]: ADDriver: query constraints
  413. DirXML: [10/21/16 13:00:49.40]: ADDriver: search-class user
  414. DirXML: [10/21/16 13:00:49.40]: ADDriver: read-attr (do not return attributes)
  415. DirXML: [10/21/16 13:00:49.40]: ADDriver: query
  416. base DN: CN=19**0101****,ou=USERS,ou=META,ou=_TK,dc=ty**,dc=se,
  417. filter: (&(objectCategory=CN=Person,CN=Schema,CN=Configuration,DC=ty**,DC=se)(objectClass=user)),
  418. return: (attribute values) objectClass, objectGUID,
  419. DirXML: [10/21/16 13:00:49.40]: ADDriver: query
  420. base DN: CN=19**0101****,ou=USERS,ou=META,ou=_TK,dc=ty**,dc=se,
  421. filter: (&(objectCategory=CN=Person,CN=Schema,CN=Configuration,DC=ty**,DC=se)(objectClass=user)),
  422. return: (attribute values) objectClass, objectGUID,
  423. DirXML: [10/21/16 13:00:49.40]: ADDriver: ldap get next page ( 2147483647)
  424. DirXML: [10/21/16 13:00:49.40]: Loader: subscriptionShim->execute() returned:
  425. DirXML: [10/21/16 13:00:49.40]: Loader: XML Document:
  426. DirXML: [10/21/16 13:00:49.40]: <nds ndsversion="8.7" dtdversion="1.1">
  427. <source>
  428. <product version="4.0.0.2" asn1id="" build="20130813_120000" instance="\TK-IDVAULT2\TK\System\DriverSet02\AD ty** Prod">AD</product>
  429. <contact>Novell, Inc.</contact>
  430. </source>
  431. <output>
  432. <status level="success" event-id="0"/>
  433. </output>
  434. </nds>
  435. DirXML: [10/21/16 13:00:49.40]:
  436. DirXML Log Event -------------------
  437. Driver = \TK-IDVAULT2\TK\System\DriverSet02\AD ty** Prod
  438. Thread = Subscriber Channel
  439. Level = success
  440. DirXML: [10/21/16 13:00:50.21]: Loader: Received 'subscriber execute' document
  441. DirXML: [10/21/16 13:00:50.57]: Loader: XML Document:
  442. DirXML: [10/21/16 13:00:50.57]: <nds dtdversion="4.0" ndsversion="8.x">
  443. <source>
  444. <product edition="Standard" version="4.0.2.2">DirXML</product>
  445. <contact>Novell, Inc.</contact>
  446. </source>
  447. <input>
  448. <add cached-time="20161021110046.961Z" class-name="user" dest-dn="CN=DaAl0101,ou=USERS,ou=META,ou=_TK,dc=ty**,dc=se" event-id="IDM01-NDS#20161021110043#3#2:b3501c97-f8dc-4a30-a28c-790577c5e571" qualified-src-dn="O=TK\OU=Meta\OU=Identities\CN=19**0101****" src-dn="\TK-IDVAULT2\TK\Meta\Identities\19**0101****" src-entry-id="58799" timestamp="1477047646#15">
  449. <add-attr attr-name="displayName">
  450. <value timestamp="1365744671#12" type="string">Da*** Al**</value>
  451. </add-attr>
  452. <add-attr attr-name="givenName">
  453. <value timestamp="1365744671#5" type="string">Da***</value>
  454. </add-attr>
  455. <add-attr attr-name="sAMAccountName">
  456. <value timestamp="1365744671#14" type="string">DaAl0101</value>
  457. </add-attr>
  458. <add-attr attr-name="sn">
  459. <value timestamp="1365744671#6" type="string">Al**</value>
  460. </add-attr>
  461. <add-attr attr-name="employeeID">
  462. <value timestamp="1365744671#4" type="string">19**0101****</value>
  463. </add-attr>
  464. <add-attr attr-name="userPrincipalName">
  465. <value>DaAl0101@ty**.se</value>
  466. </add-attr>
  467. <add-attr attr-name="dirxml-uACAccountDisable">
  468. <value type="string">false</value>
  469. </add-attr>
  470. <add-attr attr-name="dirxml-uACAccountDisable">
  471. <value type="string">false</value>
  472. </add-attr>
  473. <add-attr attr-name="accountExpires">
  474. <value type="string">0</value>
  475. </add-attr>
  476. <add-attr attr-name="homePhone">
  477. <value type="string"/>
  478. </add-attr>
  479. <add-attr attr-name="accountExpires">
  480. <value>0</value>
  481. </add-attr>
  482. <add-attr attr-name="extensionAttribute3">
  483. <value type="string">Citizen</value>
  484. </ad
  485. DirXML: [10/21/16 13:00:50.57]: d-attr>
  486. <password><!-- content suppressed --></password>
  487. </add>
  488. <modify class-name="user" dest-dn="CN=DaAl0101,ou=USERS,ou=META,ou=_TK,dc=ty**,dc=se" event-id="IDM01-NDS#20161021110043#3#2:b3501c97-f8dc-4a30-a28c-790577c5e571" qualified-src-dn="O=TK\OU=Meta\OU=Identities\CN=19**0101****" src-dn="\TK-IDVAULT2\TK\Meta\Identities\19**0101****" src-entry-id="58799">
  489. <modify-attr attr-name="PSExecute">
  490. <remove-all-values/>
  491. <add-value>
  492. <value type="string">Set-ADUser -Identity DaAl0101 -Replace @{primarygroupid=48442}</value>
  493. </add-value>
  494. </modify-attr>
  495. <modify-attr attr-name="PSExecute">
  496. <remove-all-values/>
  497. <add-value>
  498. <value type="string">Remove-ADGroupMember -Identity "Domain Users" -Members "DaAl0101" -Confirm:$false</value>
  499. </add-value>
  500. </modify-attr>
  501. </modify>
  502. <modify class-name="group" event-id="IDM01-NDS#20161021110043#3#2:b3501c97-f8dc-4a30-a28c-790577c5e571">
  503. <association>8527796a9bb60a4da4ecbd73897d3e96</association>
  504. <modify-attr attr-name="member">
  505. <add-value>
  506. <value type="string">CN=DaAl0101,ou=USERS,ou=META,ou=_TK,dc=ty**,dc=se</value>
  507. </add-value>
  508. </modify-attr>
  509. </modify>
  510. </input>
  511. </nds>
  512. DirXML: [10/21/16 13:00:50.57]: Loader: Calling subscriptionShim->execute()
  513. DirXML: [10/21/16 13:00:50.57]: Loader: XML Document:
  514. DirXML: [10/21/16 13:00:50.57]: <nds dtdversion="4.0" ndsversion="8.x">
  515. <source>
  516. <product edition="Standard" version="4.0.2.2">DirXML</product>
  517. <contact>Novell, Inc.</contact>
  518. </source>
  519. <input>
  520. <add cached-time="20161021110046.961Z" class-name="user" dest-dn="CN=DaAl0101,ou=USERS,ou=META,ou=_TK,dc=ty**,dc=se" event-id="IDM01-NDS#20161021110043#3#2:b3501c97-f8dc-4a30-a28c-790577c5e571" qualified-src-dn="O=TK\OU=Meta\OU=Identities\CN=19**0101****" src-dn="\TK-IDVAULT2\TK\Meta\Identities\19**0101****" src-entry-id="58799" timestamp="1477047646#15">
  521. <add-attr attr-name="displayName">
  522. <value timestamp="1365744671#12" type="string">Da*** Al**</value>
  523. </add-attr>
  524. <add-attr attr-name="givenName">
  525. <value timestamp="1365744671#5" type="string">Da***</value>
  526. </add-attr>
  527. <add-attr attr-name="sAMAccountName">
  528. <value timestamp="1365744671#14" type="string">DaAl0101</value>
  529. </add-attr>
  530. <add-attr attr-name="sn">
  531. <value timestamp="1365744671#6" type="string">Al**</value>
  532. </add-attr>
  533. <add-attr attr-name="employeeID">
  534. <value timestamp="1365744671#4" type="string">19**0101****</value>
  535. </add-attr>
  536. <add-attr attr-name="userPrincipalName">
  537. <value>DaAl0101@ty**.se</value>
  538. </add-attr>
  539. <add-attr attr-name="dirxml-uACAccountDisable">
  540. <value type="string">false</value>
  541. </add-attr>
  542. <add-attr attr-name="dirxml-uACAccountDisable">
  543. <value type="string">false</value>
  544. </add-attr>
  545. <add-attr attr-name="accountExpires">
  546. <value type="string">0</value>
  547. </add-attr>
  548. <add-attr attr-name="homePhone">
  549. <value type="string"/>
  550. </add-attr>
  551. <add-attr attr-name="accountExpires">
  552. <value>0</value>
  553. </add-attr>
  554. <add-attr attr-name="extensionAttribute3">
  555. <value type="string">Citizen</value>
  556. </ad
  557. DirXML: [10/21/16 13:00:50.57]: d-attr>
  558. <password><!-- content suppressed --></password>
  559. </add>
  560. <modify class-name="user" dest-dn="CN=DaAl0101,ou=USERS,ou=META,ou=_TK,dc=ty**,dc=se" event-id="IDM01-NDS#20161021110043#3#2:b3501c97-f8dc-4a30-a28c-790577c5e571" qualified-src-dn="O=TK\OU=Meta\OU=Identities\CN=19**0101****" src-dn="\TK-IDVAULT2\TK\Meta\Identities\19**0101****" src-entry-id="58799">
  561. <modify-attr attr-name="PSExecute">
  562. <remove-all-values/>
  563. <add-value>
  564. <value type="string">Set-ADUser -Identity DaAl0101 -Replace @{primarygroupid=48442}</value>
  565. </add-value>
  566. </modify-attr>
  567. <modify-attr attr-name="PSExecute">
  568. <remove-all-values/>
  569. <add-value>
  570. <value type="string">Remove-ADGroupMember -Identity "Domain Users" -Members "DaAl0101" -Confirm:$false</value>
  571. </add-value>
  572. </modify-attr>
  573. </modify>
  574. <modify class-name="group" event-id="IDM01-NDS#20161021110043#3#2:b3501c97-f8dc-4a30-a28c-790577c5e571">
  575. <association>8527796a9bb60a4da4ecbd73897d3e96</association>
  576. <modify-attr attr-name="member">
  577. <add-value>
  578. <value type="string">CN=DaAl0101,ou=USERS,ou=META,ou=_TK,dc=ty**,dc=se</value>
  579. </add-value>
  580. </modify-attr>
  581. </modify>
  582. </input>
  583. </nds>
  584. DirXML: [10/21/16 13:00:50.57]: ADDriver: parse command
  585.  
  586. className user
  587. destDN CN=DaAl0101,ou=USERS,ou=META,ou=_TK,dc=ty**,dc=se
  588. eventId IDM01-NDS#20161021110043#3#2:b3501c97-f8dc-4a30-a28c-790577c5e571
  589. association
  590. DirXML: [10/21/16 13:00:50.57]: ADDriver: MadCommandAdd::onCommand
  591. DirXML: [10/21/16 13:00:50.57]: ADDriver: MadCommandAdd::insertXdsAttributes()
  592. DirXML: [10/21/16 13:00:50.57]: ADDriver: displayName
  593. DirXML: [10/21/16 13:00:50.57]: ADDriver: givenName
  594. DirXML: [10/21/16 13:00:50.57]: ADDriver: sAMAccountName
  595. DirXML: [10/21/16 13:00:50.57]: ADDriver: sn
  596. DirXML: [10/21/16 13:00:50.57]: ADDriver: employeeID
  597. DirXML: [10/21/16 13:00:50.57]: ADDriver: userPrincipalName
  598. DirXML: [10/21/16 13:00:50.57]: ADDriver: dirxml-uACAccountDisable
  599. DirXML: [10/21/16 13:00:50.57]: ADDriver: dirxml-uACAccountDisable
  600. DirXML: [10/21/16 13:00:50.57]: ADDriver: accountExpires
  601. DirXML: [10/21/16 13:00:50.57]: ADDriver: homePhone
  602. DirXML: [10/21/16 13:00:50.57]: ADDriver: accountExpires
  603. DirXML: [10/21/16 13:00:50.57]: ADDriver: extensionAttribute3
  604. DirXML: [10/21/16 13:00:50.57]: ADDriver: Add user CN=DaAl0101,ou=USERS,ou=META,ou=_TK,dc=ty**,dc=se
  605. LDAPMod operations:
  606. add attribute objectClass
  607. >> user
  608. add attribute objectCategory
  609. >> CN=Person,CN=Schema,CN=Configuration,DC=ty**,DC=se
  610. add attribute displayName
  611. >> Da*** Al**
  612. add attribute givenName
  613. >> Da***
  614. add attribute sAMAccountName
  615. >> DaAl0101
  616. add attribute sn
  617. >> Al**
  618. add attribute employeeID
  619. >> 19**0101****
  620. add attribute userPrincipalName
  621. >> DaAl0101@ty**.se
  622. add attribute accountExpires
  623. >> 0
  624. add attribute homePhone
  625. >>
  626. add attribute accountExpires
  627. >> 0
  628. add attribute extensionAttribute3
  629. >> Citizen
  630. DirXML: [10/21/16 13:00:50.57]: ADDriver: parse command
  631.  
  632. className user
  633. destDN CN=DaAl0101,ou=USERS,ou=META,ou=_TK,dc=ty**,dc=se
  634. eventId IDM01-NDS#20161021110043#3#2:b3501c97-f8dc-4a30-a28c-790577c5e571
  635. association
  636. DirXML: [10/21/16 13:00:50.57]: ADDriver: parse modify class = user
  637. DirXML: [10/21/16 13:00:50.57]: ADDriver: modify-attr
  638. DirXML: [10/21/16 13:00:50.57]: ADDriver: remove-all-values
  639. DirXML: [10/21/16 13:00:50.57]: ADDriver: add-value
  640. DirXML: [10/21/16 13:00:50.57]: ADDriver: value
  641. DirXML: [10/21/16 13:00:50.57]: ADDriver: Set-ADUser -Identity DaAl0101 -Replace @{primarygroupid=48442}
  642. DirXML: [10/21/16 13:00:50.57]: ADDriver: modify-attr
  643. DirXML: [10/21/16 13:00:50.57]: ADDriver: remove-all-values
  644. DirXML: [10/21/16 13:00:50.57]: ADDriver: add-value
  645. DirXML: [10/21/16 13:00:50.57]: ADDriver: value
  646. DirXML: [10/21/16 13:00:50.57]: ADDriver: Remove-ADGroupMember -Identity "Domain Users" -Members "DaAl0101" -Confirm:$false
  647. DirXML: [10/21/16 13:00:50.57]: ADDriver: ldap_modify user CN=DaAl0101,ou=USERS,ou=META,ou=_TK,dc=ty**,dc=se
  648. LDAPMod operations:
  649. DirXML: [10/21/16 13:00:50.57]: ADDriver: Executing Power Shell Command:
  650. DirXML: [10/21/16 13:00:50.57]: ADDriver: Remove-ADGroupMember -Identity "Domain Users" -Members "DaAl0101" -Confirm:$false
  651. DirXML: [10/21/16 13:00:50.60]: ADDriver: PowerShell: IDM PowerShell Service Response ERROR: Cannot find an object with identity: 'DaAl0101' under: 'DC=ty**,DC=se'.
  652. DirXML: [10/21/16 13:00:50.60]: ADDriver: parse command
  653.  
  654. className group
  655. destDN
  656. eventId IDM01-NDS#20161021110043#3#2:b3501c97-f8dc-4a30-a28c-790577c5e571
  657. association 8527796a9bb60a4da4ecbd73897d3e96
  658. DirXML: [10/21/16 13:00:50.60]: ADDriver: parse modify class = group
  659. DirXML: [10/21/16 13:00:50.60]: ADDriver: association
  660. DirXML: [10/21/16 13:00:50.60]: ADDriver: 8527796a9bb60a4da4ecbd73897d3e96
  661. DirXML: [10/21/16 13:00:50.60]: ADDriver: modify-attr
  662. DirXML: [10/21/16 13:00:50.60]: ADDriver: add-value
  663. DirXML: [10/21/16 13:00:50.60]: ADDriver: value
  664. DirXML: [10/21/16 13:00:50.60]: ADDriver: CN=DaAl0101,ou=USERS,ou=META,ou=_TK,dc=ty**,dc=se
  665. DirXML: [10/21/16 13:00:50.60]: ADDriver: ldap_modify group CN=Citizen,OU=GROUPS,OU=META,OU=_TK,DC=ty**,DC=se
  666. LDAPMod operations:
  667. add attribute member
  668. >> CN=DaAl0101,ou=USERS,ou=META,ou=_TK,dc=ty**,dc=se
  669. DirXML: [10/21/16 13:00:50.60]: Loader: subscriptionShim->execute() returned:
  670. DirXML: [10/21/16 13:00:50.60]: Loader: XML Document:
  671. DirXML: [10/21/16 13:00:50.60]: <nds ndsversion="8.7" dtdversion="1.1">
  672. <source>
  673. <product version="4.0.0.2" asn1id="" build="20130813_120000" instance="\TK-IDVAULT2\TK\System\DriverSet02\AD ty** Prod">AD</product>
  674. <contact>Novell, Inc.</contact>
  675. </source>
  676. <output>
  677. <status level="error" type="driver-general" event-id="IDM01-NDS#20161021110043#3#2:b3501c97-f8dc-4a30-a28c-790577c5e571">
  678. <ldap-err ldap-rc="21" ldap-rc-name="LDAP_INVALID_SYNTAX">
  679. <client-err ldap-rc="21" ldap-rc-name="LDAP_INVALID_SYNTAX">Invalid Syntax</client-err>
  680. <server-err>00000057: LdapErr: DSID-0C090DA7, comment: Error in attribute conversion operation, data 0, v2580</server-err>
  681. <server-err-ex win32-rc="87"/>
  682. </ldap-err>
  683. </status>
  684. <status level="error" type="powershell" event-id="IDM01-NDS#20161021110043#3#2:b3501c97-f8dc-4a30-a28c-790577c5e571">Error completing powershell command. ERROR: Cannot find an object with identity: 'DaAl0101' under: 'DC=ty**,DC=se'.</status>
  685. <status level="success" event-id="IDM01-NDS#20161021110043#3#2:b3501c97-f8dc-4a30-a28c-790577c5e571"/>
  686. <status level="warning" type="driver-general" event-id="IDM01-NDS#20161021110043#3#2:b3501c97-f8dc-4a30-a28c-790577c5e571">
  687. <ldap-err ldap-rc="32" ldap-rc-name="LDAP_NO_SUCH_OBJECT">
  688. <client-err ldap-rc="32" ldap-rc-name="LDAP_NO_SUCH_OBJECT">No Such Object</client-err>
  689. <server-err>00000525: NameErr: DSID-031A1292, problem 2001 (NO_OBJECT), data 0, best match of:
  690. ''
  691. </server-err>
  692. <server-err-ex win32-rc="1317"/>
  693. </ldap-err>
  694. </status>
  695. </output>
  696. </nds>
  697. DirXML: [10/21/16 13:00:50.60]:
  698. DirXML Log Event -------------------
  699. Driver = \TK-IDVAULT2\TK\System\DriverSet02\AD ty** Prod
  700. Thread = Subscriber Channel
  701. Object = \TK-IDVAULT2\TK\Meta\Identities\19**0101**** (CN=DaAl0101,ou=USERS,ou=META,ou=_TK,dc=ty**,dc=se)
  702. Level = error
  703. Message = <ldap-err ldap-rc="21" ldap-rc-name="LDAP_INVALID_SYNTAX">
  704. <client-err ldap-rc="21" ldap-rc-name="LDAP_INVALID_SYNTAX">Invalid Syntax</client-err>
  705. <server-err>00000057: LdapErr: DSID-0C090DA7, comment: Error in attribute conversion operation, data 0, v2580</server-err>
  706. <server-err-ex win32-rc="87"/>
  707. </ldap-err>
  708. DirXML: [10/21/16 13:00:50.60]:
  709. DirXML Log Event -------------------
  710. Driver = \TK-IDVAULT2\TK\System\DriverSet02\AD ty** Prod
  711. Thread = Subscriber Channel
  712. Object = \TK-IDVAULT2\TK\Meta\Identities\19**0101**** (CN=DaAl0101,ou=USERS,ou=META,ou=_TK,dc=ty**,dc=se)
  713. Level = error
  714. Message = Error completing powershell command. ERROR: Cannot find an object with identity: 'DaAl0101' under: 'DC=ty**,DC=se'.
  715. DirXML: [10/21/16 13:00:50.60]:
  716. DirXML Log Event -------------------
  717. Driver = \TK-IDVAULT2\TK\System\DriverSet02\AD ty** Prod
  718. Thread = Subscriber Channel
  719. Object = \TK-IDVAULT2\TK\Meta\Identities\19**0101**** (CN=DaAl0101,ou=USERS,ou=META,ou=_TK,dc=ty**,dc=se)
  720. Level = success
  721. DirXML: [10/21/16 13:00:50.60]:
  722. DirXML Log Event -------------------
  723. Driver = \TK-IDVAULT2\TK\System\DriverSet02\AD ty** Prod
  724. Thread = Subscriber Channel
  725. Object = \TK-IDVAULT2\TK\Meta\Identities\19**0101**** (CN=DaAl0101,ou=USERS,ou=META,ou=_TK,dc=ty**,dc=se)
  726. Level = warning
  727. Message = <ldap-err ldap-rc="32" ldap-rc-name="LDAP_NO_SUCH_OBJECT">
  728. <client-err ldap-rc="32" ldap-rc-name="LDAP_NO_SUCH_OBJECT">No Such Object</client-err>
  729. <server-err>00000525: NameErr: DSID-031A1292, problem 2001 (NO_OBJECT), data 0, best match of:
  730. ''
  731. </server-err>
  732. <server-err-ex win32-rc="1317"/>
  733. </ldap-err>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!