No announcement yet.

Security error importing into ADAM using ldifde?

  • Filter
  • Time
  • Show
Clear All
new posts

  • Security error importing into ADAM using ldifde?

    I have an old ADAM instance that I do not want to replicate to, I want to just create a new ADAM instance on another machine and import the data.

    1. I use the Create ADAM wizzard to create my instance.
    2. I select my logged in account as an administrator.
    3. Using ADSIedit I make sure that my account is in CN=Administrators under CN=Roles
    4. I create a schema using ADSchemaAnalyzer, selecting all objects from my old ADAM instance.
    5. Using ldifde I import my schema, I also import the other MS*.ldf files needed
    6. I export all ADAM entries from the old server using ldifde.

    Now we are ready to import my old ADAM stuff.
    ldifde.exe -f users.ldf -s localhost -t 389 -j c:\windows\adam\logs
    In the logs I get the following error:
    Loading entries
    1: OU=zAppAuthorizationData,DC=winteladam,DC=net
    Entry DN: OU=zAppAuthorizationData,DC=winteladam,DC=net
    changetype: add
    Attribute 0) objectClass:top organizationalUnit
    Attribute 1) ou:zAppAuthorizationData
    Attribute 2) distinguishedName:OU=zAppAuthorizationData,DC=wint eladam,DC=net
    Attribute 3) instanceType:4
    Attribute 4) whenCreated:20050208220334.0Z
    Attribute 5) whenChanged:20050209221246.0Z
    Attribute 6) uSNCreated:477611
    Attribute 7) uSNChanged:477717
    Attribute name:zAppAuthorizationData
    Attribute 9) objectGUID: UNPRINTABLE BINARY(16)
    Attribute 10) objectCategory:CN=Organizational-Unit,CN=Schema,CN=Configuration,CN={9DA04889-1447-4551-8790-1077ACE7FC85}

    Add error on line 2: Unwilling To Perform

    The server side error is: 0x20e7 The modification was not permitted for security reasons.

    The extended server error is:

    000020E7: SvcErr: DSID-03152A1C, problem 5003 (WILL_NOT_PERFORM), data 0
    Finally I tried adding "-b username domain password" where that is my credentials with no success.

    What step am I missing to having permissions to add this stuff into the new ADAM instance?

    Important Note:
    Just to test I connect to the new adam instance via ADSIedit and I can create and delete stuff without issue. I tried creating an OU called TESTOU in the root and had no problems.

  • #2
    Re: Security error importing into ADAM using ldifde?

    I needed to remove a ton of stuff during the initial export:
    ldifde -f file.ldf -d "DC=winteladam,DC=net" -s localhost -t 389 -r "(objectclass=*)" -o

    "whenCreated,whenChanged,uSNCreated,uSNChanged,nam e,objectGUID,badPwdCount,badPasswordTime,pwdLastSe t,objectSid,obje

    ctCategory,dSCorePropagationData,lastLogonTimestam p,distinguishedName,instanceType,lockoutTime"