No, that's why I said the error from adprep was misleading. The add of the uid attribute silently failed, but then the add of the inetorgperson person fails because OID 0.9.2342.19200300.100.1.1 isn't in the schema.
A little cruising in adsiedit shows a "delete" option for CN=uid,CN=Schema,CN=Configuration,... But I'm over my head here, and I'm somewhat hesitant to jack around without fully understanding what the ramifications are. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Wednesday, August 04, 2004 10:57 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Schema Gurus needed - SAP has buggered my 2003 upgrade attempt So you didn't see an error higher up in sch18 on this entry # Schema NC changes dn: CN=uid,CN=Schema,CN=Configuration,DC=X changetype: ntdsSchemaAdd objectClass: attributeSchema ldapDisplayName: uid adminDisplayName: uid adminDescription: A user ID. attributeId: 0.9.2342.19200300.100.1.1 attributeSyntax: 2.5.5.12 omSyntax: 64 isSingleValued: FALSE systemOnly: FALSE searchFlags: 8 schemaIdGuid:: oPywC4ken0KQGhQTiU2fWQ== attributeSecurityGuid:: Qi+6WaJ50BGQIADAT8LTzw== showInAdvancedViewOnly: FALSE systemFlags: 0 Do you have that in your directory now in a mangled format? I would guess not since the inetOrgPerson is referring to it by attributeID and not by name... But it seems you should have gotten an error on the import then when you hit it versus getting further down... -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ken Cornetet Sent: Wednesday, August 04, 2004 11:34 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Schema Gurus needed - SAP has buggered my 2003 upgrade attempt LDIF.ERR contains: Entry DN: CN=inetOrgPerson,CN=Schema,CN=Configuration,DC=adstest,DC=kimball,DC=com Add error on line 333: Unwilling To Perform The server side error is "Schema update failed: attribute in may-contain does not exist." An error has occurred in the program LDIF.LOG shows that c:\winnt\system32\sch18.ldf was being imported at the time of error. The last lines show: 24: CN=inetOrgPerson,CN=Schema,CN=Configuration,DC=adstest,DC=kimball,DC=com Entry DN: CN=inetOrgPerson,CN=Schema,CN=Configuration,DC=adstest,DC=kimball,DC=com Add error on line 333: Unwilling To Perform The server side error is "Schema update failed: attribute in may-contain does not exist." 23 entries modified successfully. An error has occurred in the program SCH18.LDF line 333 contains: dn: CN=inetOrgPerson,CN=Schema,CN=Configuration,DC=X changetype: ntdsSchemaAdd objectClass: classSchema ldapDisplayName: inetOrgPerson adminDisplayName: inetOrgPerson adminDescription: Represents people who are associated with an organization in some way. governsId: 2.16.840.1.113730.3.2.2 objectClassCategory: 1 rdnAttId: 2.5.4.3 subClassOf: 1.2.840.113556.1.5.9 systemMayContain: 2.5.4.45 systemMayContain: 2.16.840.1.113730.3.140 systemMayContain: 2.16.840.1.113730.3.1.216 systemMayContain: 2.5.4.36 systemMayContain: 0.9.2342.19200300.100.1.1 systemMayContain: 0.9.2342.19200300.100.1.21 systemMayContain: 0.9.2342.19200300.100.1.6 systemMayContain: 2.16.840.1.113730.3.1.39 systemMayContain: 0.9.2342.19200300.100.1.7 systemMayContain: 0.9.2342.19200300.100.1.42 systemMayContain: 2.5.4.10 systemMayContain: 0.9.2342.19200300.100.1.41 systemMayContain: 0.9.2342.19200300.100.1.10 systemMayContain: 0.9.2342.19200300.100.1.3 systemMayContain: 1.3.6.1.4.1.250.1.57 systemMayContain: 0.9.2342.19200300.100.1.60 systemMayContain: 2.5.4.43 systemMayContain: 1.2.840.113556.1.2.617 systemMayContain: 0.9.2342.19200300.100.1.20 systemMayContain: 2.5.4.42 systemMayContain: 1.2.840.113556.1.2.613 systemMayContain: 1.2.840.113556.1.2.610 systemMayContain: 1.2.840.113556.1.2.13 systemMayContain: 2.16.840.1.113730.3.1.2 systemMayContain: 2.16.840.1.113730.3.1.1 systemMayContain: 2.5.4.15 systemMayContain: 0.9.2342.19200300.100.1.55 systemPossSuperiors: 1.2.840.113556.1.5.67 systemPossSuperiors: 2.5.6.5 systemPossSuperiors: 1.2.840.113556.1.3.23 schemaIdGuid:: FMwoSDcUvEWbB61vAV5fKA== defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;S Y)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)(OA;;CR;ab721a53 -1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a54-1e2f-11d0-9819-00aa004 0529b;;PS)(OA;;CR;ab721a56-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;RPWP;77B 5B886-944A-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45795B2-9455-11d1-AEBD- 0000F80367C1;;PS)(OA;;RPWP;E45795B3-9455-11d1-AEBD-0000F80367C1;;PS)(OA; ;RP;037088f8-0ae1-11d2-b422-00a0c968f939;;RS)(OA;;RP;4c164200-20c0-11d0- a768-00aa006e0529;;RS)(OA;;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;;RS)( A;;RC;;;AU)(OA;;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;;AU)(OA;;RP;77B5 B886-944A-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;E45795B3-9455-11d1-AEBD-000 0F80367C1;;AU)(OA;;RP;e48d0154-bcf8-11d1-8702-00c04fb96050;;AU)(OA;;CR;a b721a53-1e2f-11d0-9819-00aa0040529b;;WD)(OA;;RP;5f202010-79a5-11d0-9020- 00c04fc2d4cf;;RS)(OA;;RPWP;bf967a7f-0de6-11d0-a285-00aa003049e2;;CA) showInAdvancedViewOnly: FALSE defaultHidingValue: FALSE systemOnly: FALSE defaultObjectCategory: CN=Person,CN=Schema,CN=Configuration,DC=X systemFlags: 0 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric Fleischman Sent: Wednesday, August 04, 2004 10:11 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Schema Gurus needed - SAP has buggered my 2003 upgrade attempt For the sake of completeness can you give us the error that you're getting? That way we know what element is failing on import. Thanks! ~Eric -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ken Cornetet Sent: Wednesday, August 04, 2004 9:04 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Schema Gurus needed - SAP has buggered my 2003 upgrade attempt I attempted to run adprep /forestprep in my test forest, only to have it fail with a cryptic (and misleading, as it turns out) error recorded in it's log. Googling the error text lead me to a post by a MS support guy who has written a script that will hash a schema update LDIF file against a schema dump, and warn you of any conflicts (You'd think adprep maybe should do this BEFORE it starts upgrading the schema...) Anyway, the problem stems from extending the schema for SAP's portal product which created this attribute: dn: CN=uid,CN=Schema,CN=Configuration,DC=adstest,DC=kimball,DC=com changetype: add adminDisplayName: uid attributeID: 1.2.840.113556.1.4.7000.233.28688.28684.8.464850.1724825.154498.1299246. 15 attributeSyntax: 2.5.5.4 cn: uid instanceType: 4 isSingleValued: TRUE lDAPDisplayName: uid distinguishedName: CN=uid,CN=Schema,CN=Configuration,DC=adstest,DC=kimball,DC=com objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=adstest,DC=kimball,DC= com objectClass: attributeSchema objectGUID:: f1Sz+++ZY0eIH7t1mStJIA== oMSyntax: 20 name: uid schemaIDGUID:: Qy93MDGWsEqRfKr837RfzA== showInAdvancedViewOnly: TRUE uSNChanged: 705240 uSNCreated: 705240 whenChanged: 20021002184940.0Z whenCreated: 20021002184940.0Z Now for the part I don't know: how do I fix it? The SAP portal was tested, but was back-burned indefinately, so I don't have to worry about breaking it. List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
