I've been wrestling with an active directory import the past few days where it apparently refuses to import group objects that include the "memberOf" attribute....is this supported? If not, does anyone know of a relatively easy way to keep group nesting in tact when exporting/importing using LDIFDE?
So far it seems to fail with that on both the Group and User object that I'm trying to work with which include a memberOf attribute. The error I'm getting is the same as detailed in http://support.microsoft.com/default.aspx?scid=kb;en-us;276382 , however at first glance it doesn't seem I'm using the fields mentioned in this KB article as being forbidden. I s'pose I could revert to a big ol' vbscript to re-nest all these groups, but I'd rather not... Suggestions? Example User Object I'm trying to import: dn: CN=User88,OU=Level2,OU=Level1,DC=mydomain0,DC=com changetype: add memberOf: CN=Readers,OU=Level2,OU=Level1,DC=mydomain0,DC=com memberOf: CN=Admins,OU=Level2,OU=Level1,DC=mydomain0,DC=com memberOf: CN=Editors,OU=Level2,OU=Level1,DC=mydomain0,DC=com memberOf: CN=Authors,OU=Level2,OU=Level1,DC=mydomain0,DC=com cn: User88 givenName:: User88 objectClass: user sAMAccountName: User88 Example Group Object I'm trying to import: dn: CN=Admins,OU=Level2,OU=Level1,DC=mydomain0,DC=com changetype: add memberOf: CN=InsideTesting,DC=nrwsstaging0,DC=hq,DC=cnrf,DC=navy,DC=mil memberOf: CN=OUAdmins,DC=nrwsstaging0,DC=hq,DC=cnrf,DC=navy,DC=mil cn: Staff OU Admins objectClass: group sAMAccountName: Staff OU Admins List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
