My question is why aren't these attributes documented as not able to import like the others are? Very frustrating
thanks Christopher Bodnar Enterprise Architect I, Corporate Office of Technology:Enterprise Architecture and Engineering Services Tel 610-807-6459 3900 Burgess Place, Bethlehem, PA 18017 [email protected] The Guardian Life Insurance Company of America www.guardianlife.com From: Michael Leone <[email protected]> To: [email protected] Date: 06/06/2013 12:44 PM Subject: Re: [NTSysADM] LDIFDE question Sent by: [email protected] On Thu, Jun 6, 2013 at 11:28 AM, Christopher Bodnar <[email protected]> wrote: > > Figured it out: > > Exported just one user, and started eliminating attributes one by one. Found that I had to remove these 2 attributes to get it to work. : > > userAccountControl: I think UAC is computed from the settings for the individual components (i.e., "Password Never Expires", "Account Disabled", etc). So I imagine the values for UAC will be re-computed when the account is accessed? Am I right, or am I just speaking out of an inappropriate orifice? > lastLogonTimestamp: That's filled in by a DC, isn't it? Probably not too useful until the user actually logs in, which in a test domain hasn't actually happened yet (the logon was in the production domain). > And I think userAccountControl would work if I made the password policy the same as it is in production. ----------------------------------------- This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you.
<<image/jpeg>>
