--[ UxBoD ]-- wrote:
> Hi,
>
> We are setting up a new Windows 2K3 AD server and attempting to syncronise
> the users from our LDAP server version 8.1.0.
>
> Performing the full sync fails after about 30 seconds with a message in the
> error log:
>
> [14/Jul/2010:07:46:10 -0400] - add value "^V" to attribute type "ARecord" in
> entry "DC=@,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=domain,DC=com"
> failed: duplicate new value
> [14/Jul/2010:07:46:10 -0400] - add value "null or non-ASCII" to attribute
> type "dnsproperty" in entry
> "DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=domain,DC=com" failed:
> duplicate new value
>
> and none of the users or groups are sent to AD. I am guessing it may be how
> our LDAP server schema is setup as we use something like:
>
> dc=domain,dc=com
> |_ o=Internal
> |___o=a0000
> |____ou=Desktops
> |_____uid=fred
>
> We have set the Windows subtree to be dc=domain,dc=com and the replication
> subtree to be dc=domain,dc=com with a DS subtree of
> o=Internal,dc=domain,dc=com.
>
> Our understanding was that within AD Users & Groups GUI we should have seen a
> similar schema created.
>
> Though for some reason the replication is traversing the whole of the
> internal AD tree.
Because you set the AD subtree to be dc=domain,dc=com ?
> Should we create a new Organisational Unit within AD called, for arguments
> sake, clients and set the Windows subtree to be ou=clients,dc=domain,dc=com
> so that it forces it to that branch ?
>
I think that's the way it was designed. Usually AD trees have a
CN=Users,DC=domain,DC=com where all of the user entries live, and
winsync is designed to work with that sort of structure.
--
389 users mailing list
[email protected]
https://admin.fedoraproject.org/mailman/listinfo/389-users
