Microsoft KB Archive/929622

= FIX: Error message when you run a confirming import operation after the ADMA runs an export operation in MIIS: &quot;Exported-Change-Not-Reimported&quot; =

Article ID: 929622

Article Last Modified on 11/15/2007

-

APPLIES TO


 * Microsoft Identity Integration Server 2003 Enterprise Edition

-





Important This article contains information about how to modify the registry. Make sure that you back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows registry



SYMPTOMS
After the Active Directory Management Agent (ADMA) runs an export operation in Microsoft Identity Integration Server (MIIS), you receive the following error message when you run a confirming import operation:

Exported-Change-Not-Reimported

You receive this error message if the following conditions are true:
 * You modify an ntSecurityDescriptor property of an Active Directory object when you are creating the object.
 * You set the value of the ntSecurityDescriptor property in provisioning code.
 * You modify the ntSecurityDescriptor property on an Active Directory object that uses Export Attribute Flow rules.



Hotfix information
A supported hotfix is now available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing this specific problem. This hotfix might receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next service pack that contains this hotfix.

To resolve this problem, submit a request to Microsoft Online Customer Services to obtain the hotfix. To submit an online request to obtain the hotfix, visit the following Microsoft Web site:

http://go.microsoft.com/?linkid=6294451

Note If additional issues occur or any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. To create a separate service request, visit the following Microsoft Web site:

http://support.microsoft.com/contactus/?ws=support

This hotfix only takes effect if you modify the ntSecurityDescriptor property in the provisioning code when you are creating the object. If you modify the ntSecurityDescriptor property in an object that already exists in the Active Directory, this hotfix does not take effect.

Prerequisites
When you apply this hotfix, you are prompted for the MIIS 2003 installation media. Depending on the method that you originally used to install MIIS 2003, insert the media in the CD drive or in the DVD drive, or specify a share location. To apply this hotfix, the currently logged-on user account must have the same Microsoft SQL Server credentials as the account that was used to install the release version of MIIS 2003. Before you apply this hotfix to the production environment, test this hotfix in a quality assurance (QA) lab. Additionally, back up the MIIS 2003 SQL Server database, and verify that you can fully recover the data from the backup version if this hotfix is not applied correctly.

Restart requirement
You do not have to restart the computer after you apply this hotfix.

Hotfix replacement information
This hotfix replaces the hotfix that the following Microsoft Knowledge Base article describes:

925709 FIX: MIIS 2003 removes some members from the membership list of the Lotus Notes Release 4.6 or 5.0 group when MIIS 2003 exports the group member information from multiple address book files

Registry information
Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

You must change the registry to enable this hotfix after the hotfix is installed. Follow these steps, and then close Registry Editor:  Click Start, click Run, type regedit, and then click OK. Locate and then right-click the following registry key:

 Click New, and then click DWORD Value. Type ADMADoNormalization, and then press ENTER. Right-click ADMADoNormalization, and then click Modify. In the Value data box, type 1, and then click OK.</li></ol>

Note The  registry entry takes effect the next time that the ADMA runs an export operation. After the  registry entry is added to the registry, the hotfix takes effect when the ADMA creates a new object by using an nTSecurityDescriptor property. The ADMA reads the normalized value of the nTSecurityDescriptor property from Active Directory. Therefore, the &quot;Exported-Change-Not-Reimported&quot; error does not occur if you do not modify the nTSecurityDescriptor property externally. You still receive the error message if you modify the nTSecurityDescriptor property externally.

The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.

<div class="status_section">

STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the &quot;Applies to&quot; section.

<div class="moreinformation_section">

MORE INFORMATION
This hotfix only applies to new objects that are provisioned to the Active Directory. If you change the ntSecurityDescriptor property on existing objects, this hotfix does not take effect.

Updates to Microsoft Identity Integration Server 2003 Service Pack 1
Microsoft Identity Integration Services 2003 cumulative hotfix package includes all changes that were made in previous hotfixes and hotfix update rollups. MIIS SP1 contains the hotfixes from build 3.1.1016 to build 3.1.1046. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

842531 How to obtain the latest Microsoft Identity Integration Services 2003 cumulative hotfix package

Keywords: kbhotfixserver kbqfe kbpubtypekc KB929622

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.