Microsoft KB Archive/272768

= Objects from Active Directory Are Ignored When Running the Active Directory Management Agent =

Article ID: 272768

Article Last Modified on 11/1/2006

-

APPLIES TO


 * Microsoft Metadirectory Services 2.2 Service Pack 1

-



This article was previously published under Q272768



SYMPTOMS
After you import all of the objects from the Active Directory, certain organizational units, users, groups, or other directory objects are missing. When you set the logging level to 3, and run the affected Active Directory Management Agent (MA), the following information is recorded in the Operator's log:

DBG_03 091c 00/08/31 18:56:08.290 (AD-MA_dataFlowFromAdToMd) Object ignored

= CN=NCFour84,OU=test2,DC=mmstest,DC=com

DBG_03 091c 00/08/31 18:56:08.291 (AD-MA_dataFlowFromAdToMd) Object ignored

= CN=NCFour85,OU=test2,DC=mmstest,DC=com

DBG_03 091c 00/08/31 18:56:08.292 (AD-MA_dataFlowFromAdToMd) Object ignored

= CN=NCFour86,OU=test2,DC=mmstest,DC=com



CAUSE
All of the objects that are ignored have the proxiedObjectName attribute assigned. There is an attribute on the MA called msMMS-AdMaObjectImportExclusionAttrs that has a value of proxiedObjectName. The MA ignores any object that contains this attribute, and that is located in the Active Directory from which the MA is configured to take. The affected objects are not imported into Microsoft Metadirectory Services (MMS).

Every object that has been moved from one domain to another has a proxiedObjectName attribute because this problem occurs when you move an object from one Windows 2000 domain to another by using a program such as the MoveTree utility, Active Directory Migration tool (ADMT), or Visual Basic, Scripting Edition (VBScript).



RESOLUTION
To resolve this issue, follow these steps.

Step 1: Search for the Attribute, and Verify Its Existence and Value
 Run the Ldp.exe tool. On the Connections menu, click Connect. In the Server box, type . In the Port box, type.

The Lightweight Directory Access Protocol (LDAP) port may be set to a different number. Be sure to check the Compass Client logon configuration. On the Connections menu, click Bind. In the User box, type. </li> In the Password box, type .</li> Click to clear the Domain check box.</li> On the View menu, click Tree, and then expand the tree to view:

DsaName=Server,ou=Applications,ou=test,dc=us,dc=microsoft,dc=com

</li> In the Ldp.exe tool, right-click an MA, and then click Search.</li> Click Options, and be sure the options are set as follows:

'''Attributes: msMMS-AdMaObjectImportExclusionAttrs

Set: Base Dn: MA DN

Filter: (objectclass=*)

Scope: Base'''

</li> Click Run. You should see the following attribute and value on the resulting text:

msMMS-AdMaObjectImportExclusionAttrs: proxiedObjectName

</li></ol>

Step 2: Add the &quot;msMMS-AdMaObjectImportExclusionAttrs&quot; Attribute

 * 1) Right-click an MA, and then click Modify.

Note that base DN is populated with the correct Management Agent Distinguished Name (DN).
 * 1) In the Edit Entry Attribute box, type msMMS-AdMaObjectImportExclusionAttrs.
 * 2) In the Edit Entry Values box, type dummy

Assign a value that will never exist, or set a null value. Deleting the attribute will generate the error listed at the end of this article.
 * 1) For Operation, click Replace.
 * 2) Click Enter, and then click Run.

Step 3: Confirm the Success of the Update
<ol> In Ldp.exe, right-click an MA, and then click Search.</li> Click Options, and be sure that the options are set as follows:

'''Attributes: msMMS-AdMaObjectImportExclusionAttrs

Set: Base Dn: MA DN

Filter: (objectclass=*)

Scope: Base'''

</li> Click Run.</li></ol>

The following errors will be generated after you run the Management Agent if you have deleted the msMMS-AdMaObjectImportExclusionAttrs attribute:

WRN_04 0660 00/09/02 13:25:44.007 (AD-MA_readMultiValAttrIntoSet) Couldn't get attr 'msMMS-AdMaObjectImportExclusionAttrs' on record [ma=AD1,DsaName=dirsynchex3,ou=MMS,dc=icl,dc=com] : 26003 - PLUGAPI_RC_ATTRIBUTE_NOT_PRESENT

ERR_02 0660 00/09/02 13:25:44.008 (AD-MA_dataFlowFromAdToMd) Couldn't get list of object exclusion attributes (msMMS-AdMaObjectImportExclusionAttrs) : 26003 - PLUGAPI_RC_ATTRIBUTE_NOT_PRESENT

<div class="status_section">

STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.

Additional query words: Zoomit Via MA zscript genlogs Metadirectory

Keywords: kbenv kbprb KB272768

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.