问题
Using ADSI Edit I cannot use the interface and create a new computer.
Background
So I installed Active Directory Lightweight Directory Services (AD LDS) on my Windows 8.1 Pro computer. Then I followed the tutorial to create an AD LDS instance and then this tutorial setting up groups and users. Everything works as detailed in the those tutorial pages.
However, I want to develop LDAP queries to determine the number of computers in a ActiveDirectory group and so I want to create computer objects. This is not possible from the New menu. I have read elesewhere that the importing of LDIF matters because you need the right schema. So I followed the steps a second time and imported all the LDIF files available which are a subset of the files found (for me) in C:\Windows\ADAM the selection is ...
- MS-AdamSyncMetadata.LDF
- MS-ADLDS-DisplaySpecifiers.LDF
- MS-AZMan.LDF
- MS-InetOrgPerson.LDF
- MS-MembershipTransitive.LDF
- MS-ParentDistname.LDF
- MS-ReplValMetadataExt.LDF
- MS-SecretAttributeCARs.LDF
- MS-SetOwnerBypassQuotaCARs.LDF
- MS-User.LDF
- MS-UserProxy.LDF
- MS-UserProxyFull.LDF
but even after selecting all of those I still cannot create new computer.
Now, it turns out the only ldf files outside C:\Windows\ADAM appear to be SQL Server log data files because the file extension is overloaded.
However, not all the files within C:\Windows\ADAM appear on the list, MS-ADAMSCHEMAW2K8.LDF does not appear. If I poke around in the contents of this file then I can something promising.
...
# Class: computer
dn: cn=Computer,cn=Schema,cn=Configuration,dc=X
changetype: ntdsschemaadd
objectClass: classSchema
governsID: 1.2.840.113556.1.3.30
ldapDisplayName: computer
adminDisplayName: Computer
adminDescription: Computer
# schemaIDGUID: bf967a86-0de6-11d0-a285-00aa003049e2
schemaIDGUID:: hnqWv+YN0BGihQCqADBJ4g==
objectClassCategory: 1
systemFlags: 16
# subclassOf: user
subclassOf: 1.2.840.113556.1.5.9
...
So somehow I cannot select the LDIF file I need. What am I doing wrong?
EDIT: Continuing to Google, it seems I was correct that "By default AD LDS schema does not have a computer class" because this quote appears on this Technet web page.
Experimenting with Extend the AD LDS Schema to Support NFS User Mapping
Using ldifde -i -u -f MS-AdamSchemaW2K8.LDF -s localhost:389 -j . -c "cn=Configuration,dc=X" “#configurationNamingContext” gives the error output below
Connecting to "localhost:389"
Logging in as current user using SSPI
Importing directory from file "MS-AdamSchemaW2K8.LDF"
Loading entries.
Add error on entry starting on line 16: Invalid DN Syntax
The server side error is: 0x208f The object name has bad syntax.
The extended server error is:
0000208F: NameErr: DSID-03100225, problem 2006 (BAD_NAME), data 8350, best match of:
'cn=Schema,"#configurationNamingContext"'
0 entries modified successfully.
An error has occurred in the program
.
The above problem is solved by the answer here which says do not wrap final term in quotes.
... progressing...and that solved it. will answer my own question.
回答1:
So extending the schema is the correct thing to do but understand that the instructions at the canonical Technet article have a typo which is corrected at this Technet forum Q & A.
The correct form is
ldifde -i -u -f MS-AdamSchemaW2K8.LDF -s localhost:389 -j . -c "cn=Configuration,dc=X" #configurationNamingContext
Here is proof
来源:https://stackoverflow.com/questions/46550339/cannot-create-new-computer-in-adsi-edit-on-an-ad-lds-instance