Announcement

Collapse
No announcement yet.

ldp - how do i create domain local security groups

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • ldp - how do i create domain local security groups

    hi my name is Lior
    i was trying to automate the procedure of creating OUs and Domain Local Security Groups
    i managed to make a script that creates the OUs
    but i have problems with the groups
    the file i import now looks like this

    dn: CN=Department_Name - Safty - Full Control,OU=Safty,OU=Department_Name,OU=Company_Nam e,OU=Test,DC=lior,DC=com
    changetype: add
    memberOf: CN=Department_Name - Safty - List,OU=Safty,OU=Department_Name,OU=Company_Name,O U=Test,DC=lior,DC=com
    cn: Department_Name - Safty - Full Control
    groupType: -2147483644
    instanceType: 4
    distinguishedName: CN=Department_Name - Safty - Full Control,OU=Safty,OU=Department_Name,OU=Company_Nam e,OU=Test,DC=lior,DC=com
    objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=lior,DC=com
    objectClass: top
    objectClass: group
    name: CN=Department_Name - Safty - Full Control
    sAMAccountName: CN=Department_Name - Safty - Full Control
    sAMAccountType: 536870912

    but i keep geting errors like:

    Connecting to "server.lior.com"
    Logging in as current user using SSPI
    Importing directory from file "Import.ldf"
    Loading entriesAdd error on line 1: Unwilling To Perform
    The server side error is "Access to the attribute is not permitted because the attribute is owned by the Security Accounts Manager (SAM)."
    0 entries modified successfully.
    An error has occurred in the program
    .

    plz help me

    thanks Lior

  • #2
    sAMAccountName: CN=Department_Name - Safty - Full Control
    This should be:
    sAMAccountName: Department_Name - Safty - Full Control

    I am also quite sure that objectCategory is not needed (AD should be able to figure out that objectClass "group" belongs to objectCategory "CN=Group,CN=Schema,...."

    Moreover, you can not modify memberOf and sAMAccountType by LDIFDE.
    MemberOf is a backlink and therefore you need to perform the changes to the "member" attribute of the group, you want your new group to add to.
    Guy Teverovsky
    "Smith & Wesson - the original point and click interface"

    Comment

    Working...
    X