Here in my company we sync Active Directory to ADLDS and ADAM servers using ADAMSync. One day the sync was broken with the following error message. When I first saw the following error in ADAM sync log, it took a while to realize what happened in Active Directory to cause break the ADAM sync.
Extended Info: 0000217B: AtrErr: DSID-03050758, #1:
0: 0000217B: DSID-03050758, problem 1006 (ATT_OR_VALUE_EXISTS), data 0, Att 90290 (userPrincipalName)
.
Ldap error occured. ldap_add_sW: Attribute Or Value Exists.
Extended Info: 0000217B: AtrErr: DSID-03050758, #1:
0: 0000217B: DSID-03050758, problem 1006 (ATT_OR_VALUE_EXISTS), data 0, Att 90290 (userPrincipalName)
Obviously if you read carefully, sync was broken because of userPrincipalName mismatch between ADLDS and Active Directory. Our help desk created a new user account, then realized the name was wrong and corrected it later. ADAM sync was happened between wrong UPN and modified correct UPN. Now ADLDS holds the unmodified UPN and it sees new UPN for the user and sync quits.
Solution to my problem: Correct the UPN for the user in ADLDS user ADSIEdit (match it exact in Active Directory). Start the ADAMSync and it will sync correctly. Sometimes you may have to fix multiple users' UPNs. If you have multiple UPNs, check all of them with source and target.
No comments:
Post a Comment