Microsoft KB Archive/944269

= The schema extensions may incorrectly store the data that is associated with the adminDisplayName attribute and with the adminDescription attribute in Microsoft ILM 2007 =

Article ID: 944269

Article Last Modified on 11/29/2007

-

APPLIES TO


 * Microsoft Identity Lifecycle Manager 2007

-



SYMPTOMS
The schema extensions may incorrectly store the data that is associated with the adminDisplayName attribute and with the adminDescription attribute in Microsoft Identity Lifecycle Manager (ILM) 2007. When this problem occurs, the adminDisplayName attribute contains the data for the adminDescription attribute. Additionally, the adminDescription attribute contains the data for the adminDisplayName attribute.



CAUSE
This issue occurs when you install the schema extensions in Microsoft Certificate Lifecycle Manager (CLM).



RESOLUTION
To resolve this issue, run a script to correctly store the data for the adminDisplayName attribute and for the adminDescription attribute. To do this, follow these steps:  Log on to the domain controller that is hosting the operations master roles. These are also known as flexible single master operations (FSMO). To do this, use an account that has schema administrator permissions.  Paste the following code into Notepad. # dn: CN=ms-Clm-Service-Connection-Point,CN=Schema,CN=Configuration,DC=company,DC=com changetype: modify add: adminDescription adminDescription: Allows storing system-wide privilege configuration data for the CLM. -
 * 1) CLM admin display name and admin description fix
 * 2) for ms-Clm-Service-Connection-Point and ms-Clm-Data
 * 3) Be sure to run ldifde with -c option to replace DC=company,DC=com
 * 1) Be sure to run ldifde with -c option to replace DC=company,DC=com

dn: CN=ms-Clm-Service-Connection-Point,CN=Schema,CN=Configuration,DC=company,DC=com changetype: modify replace: adminDisplayName adminDisplayName: ms-Clm-Service-Connection-Point -

dn: CN=ms-Clm-Data,CN=Schema,CN=Configuration,DC=company,DC=com changetype: modify add: adminDescription adminDescription: Allows storing XML policy definition for the CLM Profile Template. -

dn: CN=ms-Clm-Data,CN=Schema,CN=Configuration,DC=company,DC=com changetype:modify replace: adminDisplayName adminDisplayName: ms-Clm-Data  On the File menu, click Save, type Clm-admin-fix.ldf, click All files in the Save as type box, and then click Save. Click Start, click Run, type cmd in the Open box, and then click OK. Type the following command at the command prompt, and then press ENTER:

ldifde –i –v –f \clm-admin-fix.ldf –k –c “DC=company,DC=com” “DC= ,DC=com&quot;

Notes  The  placeholder is the path of the Clm-admin-fix.ldf file, and the   placeholder is the distinguished name of the forest root. &quot;DC=company,DC=com&quot; is not the name of a domain controller. &quot;DC=company,DC=com&quot; is a constant that will be replaced by the forest root name when you run the script. Do not modify &quot;DC=company,DC=com&quot; in the command.</li> For example, type the following command to run the script against a Windows Server 2003 forest that is named &quot;MyDomain.com&quot;:

ldifde –i –v –f clm-admin-fix.ldf –k –c &quot;DC=company,DC=com&quot; &quot;DC=mydomain,DC=com&quot;

</li></ul> </li></ol>

<div class="status_section">

STATUS
Microsoft has confirmed that this is a bug in the Microsoft products that are listed in the &quot;Applies to&quot; section.

<div class="references_section">