required AD admin permissions?

Can anybody tell me what AD admin privileges are required for this account inorder to configure AD resource and create AD resource account, homedirectories and exchange mailbox?

Does the gateway trace give tell us about any required permissions?

Does this error mean the same:

../../../../src/wps/agent/adsi/ADSIExtension.cpp,5188): Error opening object 'LDAP://cn=tester,ou=Employee,ou=Denver,ou=Central,ou=Regions,ou=common,dc=ad,d c=omd,dc=net': ADsOpenObject(): 0X80072030: , 0000208D: NameErr: DSID-031001CD, problem 2001 (NO_OBJECT), data 0, best match of:

'OU=Employee,OU=Denver,OU=Central,OU=Regions,OU=Common,DC=AD,DC=omd,DC=net'

, There is no such object on the server.

Thanks.

[734 byte] By [G_identitya] at [2007-11-27 4:02:16]

«« Compile Netbeans Project with
»» address mapping and memory management question

# 1

Hi,sounds like cn=tester does not exist in that container. The best match part seems to imply the container itself exists tho.Can you check with native tools if cn=tester is there? If he is you indeed might lack permissions but i doubt it.Regards,Patrick

Patrick.Wehingera at 2007-7-12 9:06:59 >

top of Java-index,Web & Directory Servers,Directory Servers...

# 2

There is no cn=tester in the container. I am creating a AD resource account in this container. I am using a workflow to assign AD role which inturn creates a AD resource account using an identity template.

G_identitya at 2007-7-12 9:06:59 >

# 3

Hi,

i think that the error you pasted in your question is not the real problem here. Before issuing the create IDM checks if the object to create already exists by looking it up. In your case it does not(not found error). So IDM should catch the error and move on. If the create does not happen then you should check the gateway logs after the section that you posted here for additional errors. Those should contain the answer.

Regards,

Patrick

Patrick.Wehingera at 2007-7-12 9:06:59 >

# 4

I got it.

I posted the gateway trace in my initial posting. That is the trace I got during this process.

You said:

....So IDM should catch the error and move on. If the ....

Is there any account feature that I should enable to make IDM catch the error and move on?

Thanks.

G_identitya at 2007-7-12 9:06:59 >

# 5

Hi,

Please look at this thread

http://forum.java.sun.com/thread.jspa?threadID=5127430&messageID=9659038#96 59038

and check the log posted there for all errors. Error one is an error from the gateways point of view who was asked to get a user that does not exist. It is not an error from IDMs point of view which keeps going after it and then fails for insufficient permissions.

Regards,

Patrick

Patrick.Wehingera at 2007-7-12 9:06:59 >

# 6

Thanks Patrick.It's an Identity Temp problem that I had.

G_identitya at 2007-7-12 9:06:59 >

Java programming resources: FAQs, tutorials, compiler and browser download sites, documentation, books lists, IDEs, etc.

required AD admin permissions?

Web & Directory Servers New Topic

Web & Directory Servers Hot Topic

Web & Directory Servers

All Classified