Problem:
System throws below error-01 when try to execute command-01.
Error-01:
Unwilling To Perform
The server side error is "The modification was not permitted for security reasons."
0 entries modified successfully.
An error has occurred in the program
Command-01:
ldifde /i /f schema.ldf /v /k /c "DC=development,DC=nyc" "dc=sso,dc=test,dc=com"
Cause:
1. This problem may occur when try to import data that cannot be written to Active Directory
Solution:
1. Import data from Active Directory using filter and specify only those fields which are needed
Command-02: include fields using '/l field1,field2'
ldifde /f schema.ldf /v /l field1,field2
Command-03: exclude fields using '/o field1,field2'
ldifde /i /f schema.ldf /v /o field1,field2
2. Import data from Active Directory using parameter "/n" which will exclude all the binary fields
Command-04:
ldifde /i /f schema.ldf /v /n
Notes:
1. http://support.microsoft.com/kb/276382
2. http://support.microsoft.com/kb/237677
System throws below error-01 when try to execute command-01.
Error-01:
Unwilling To Perform
The server side error is "The modification was not permitted for security reasons."
0 entries modified successfully.
An error has occurred in the program
Command-01:
ldifde /i /f schema.ldf /v /k /c "DC=development,DC=nyc" "dc=sso,dc=test,dc=com"
Cause:
1. This problem may occur when try to import data that cannot be written to Active Directory
Solution:
1. Import data from Active Directory using filter and specify only those fields which are needed
Command-02: include fields using '/l field1,field2'
ldifde /f schema.ldf /v /l field1,field2
Command-03: exclude fields using '/o field1,field2'
ldifde /i /f schema.ldf /v /o field1,field2
2. Import data from Active Directory using parameter "/n" which will exclude all the binary fields
Command-04:
ldifde /i /f schema.ldf /v /n
Notes:
- To get more detail information about the error, below command can be used
Command-05:
ldifde /i /f schema.ldf /v /k /c "DC= development,DC=nyc" "dc=sso,dc=test,dc=com" /j c:\ldiflog\
'c:\ldiflog' folder has to exist - Few fields are required in Active Directory
- distinguishedName or dn
- objectclass
- sAMAccountName
- Few fields are optionalchangetype, accountExpires, codePage, cn, countryCode, displayName, instanceType, logonHours, distinguishedName, objectCategory, name, userAccountControl, uSNChanged, uSNCreated, whenChanged, whenCreated
- Few fields cannot be imported
badPasswordTime, badPwdCount, lastLogoff, lastLogon, logonCount, memberOf, objectGUID, objectSid, primaryGroupID, pwdLastSet, sAMAccountType
1. http://support.microsoft.com/kb/276382
2. http://support.microsoft.com/kb/237677
