Yes that was a dramatic title, but I wanted you to read this.
I love Active Directory Application Mode and everyone who reads this blog knows it. However, I was let down today. I was automating the creation of an NC in a way that I hadn’t previously done. Actually it was automation of several NCs all for a single data management/reporting function and it will in the end, hopefully be a cookie cutter thing that I can deploy and redeploy as necessary. But enough about that…
So I built the initial NC manually, a series of AdMod commands and some scripts that built out the structures via more AdMod commands. Then I exported the structures with AdFind to a CSV file. Then I tried to import that CSV file and KahBlammie… It blows up on the first line which is the NC instantiation itself…
Basically I tried to create with the following (this isn’t in CSV Mode, this manual troubleshooting mode):
admod -hh . -add -b cn=ADAMRocks objectclass:++:top;container instancetype::5 –exterr
All seems ok with that though it is a little different than if I had typed it out by hand, more on that in a bit.
The error you ask?
DN: cn=ADAMRocks…: [DellLT17] Error 0x35 (53) – Unwilling To Perform
Extended Error: 00002079: SvcErr: DSID-03330A1A, problem 5003 (WILL_NOT_PERFORM), data 0
Error 2079…
ERROR_DS_BAD_INSTANCE_TYPE winerror.h
# The specified instance type is not valid.
Huh?
As I mentioned above, the command used followed what I was doing in CSV from an export, it differs slightly in what I would do normally if I typed the command manually and that is:
admod -hh . -add -b cn=ADAMRocks objectclass::container instancetype::5 –exterr
So I tried that and voila it worked. The whole issue is simply around how objectClass is being processed for the root object for the naming context. Once that one object is in place properly, the rest of the import for all of the other objects works perfect and they ALL have objectclass specified as a multi-value attribute.
So I didn’t see anything else I could do other than to tweak the CSV file. I am certainly not going to modify AdMod to try and account for this as that is getting a bit too touchy feeling with modifying what someone types in[1].
Anyway, I thought I would document it here so the next time I forget about it and hit it I can come back here to my long term memory store and read about what I did the last time. In the meanwhile, perhaps it will be useful to someone else as well.
joe
[1] Yeah there is some sort of balance I am trying to keep in place between what the user types and what the user might possibly intend.
“ADAM… you have let me down.”
I believe God said this first.