cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5249
Views
0
Helpful
23
Replies

[SOLVED] Problem with MultiForest and AD LDS

denis.morgen
Beginner
Beginner

Hello,

I followed the procedure "How to Configure Unified Communication Manager Directory Integration in a Multi-Forest Environment"  many times but I have always the same problem : no users in ADSI Edit MMC, no users in CUCM.


Domains Trusts Relationship are ok.
I have create the AD LDS Instance (in the domain1) :
* Instance Name : MultiForest
* LDAP port : 50900
* SSL port : 50901
* Distinguished name : DC=MultiForest
* Imports LDIF Files : MS-AdamSyncMetadata.LDF, (MS-ADLDS-DisplaySpecifiers), MS-InetOrgPerson.LDF, MS-User.LDF, MS-UserProxy.LDF, MS-UserProxyFull.LDF

With LDP I have create two child (domain1 = Windows 2012 R2 / domain2 = Windows 2008 R2) :
DC=domain1,DC=MultiForest
InstanceType:5
ObjectClass:domainDNS

DC=domain2,DC=MultiForest
InstanceType:5
ObjectClass:domainDNS


With ADSchemaAnalyzer, I have create the ldif file
Target schema : Domain1_IP:389
Base schema => localhost:50900
Mark all non-present elements as included

cd \Windows\adam
mkdir logs

ldifde -i -s localhost:50900 -c CN=Configuration,DC=X #ConfigurationNamingContext -f domain1.ldf -j c:\windows\adam\logs


ADSchemaAnalyzer, I have create the ldif file
Target schema : Domain2_IP:389
Base schema => localhost:50900
Mark all non-present elements as included

ldifde -i -s localhost:50900 -c CN=Configuration,DC=X #ConfigurationNamingContext -f domain2.ldf -j c:\windows\adam\logs

ldifde -i -s localhost:50900 -c CN=Configuration,DC=X #ConfigurationNamingContext -f MS-UserProxy-Cisco.ldf -j c:\Windows\adam\logs


ADAMSync /Install localhost:50900 c:\Windows\ADAM\MS-AdamSyncConfDomain1.xml /log c:\Windows\ADAM\logs\Install.log
ADAMSync /sync localhost:50900 "dc=domain1,dc=MultiForest" /log c:\Windows\ADAM\logs\sync.log


ADAMSync /Install localhost:50900 c:\Windows\ADAM\MS-AdamSyncConfDomain2.xml /log c:\Windows\ADAM\logs\Install.log
ADAMSync /sync localhost:50900 "dc=domain2,dc=MultiForest" /log c:\Windows\ADAM\logs\sync.log


With ADSI Edit, I created root user (msDS-UserAccountDisabled > FALSE / msDS-UserDontExpirePassword > TRUE)
DC=MultiForest > CN=Roles > CN=Administrators > Propriétés > member > add CN=root,DC=MultiForest

I have updated schema and reboot AD DLS


For my test, I disabeld SSL (RequireSecureProxyBind=0)

I configured CUCM (no errors) with parameters :
* Microsoft Active Directory Application Mode
* IP for authentication : domain1_IP:50900
* LDAP : DC=MultiForest
* Filter : (&(objectClass=userProxy)(!(objectClass=Computer))(!(msDS-UserAccountDisabled=TRUE)))

No synchronization error.

But no users in CUCM... No users in ADSI Edit.

If I test a LDP connexion with many users, no problem.

No errors in logs.


Where is my error?

EDIT : I updated xml files

Solution :

* Workaround for "Ldap error occured. ldap_add_sW: Object Class Violation " : http://clintboessen.blogspot.fr/2011/06/ldap-error-occured-ldapaddsw-object.html

Workaround for "Error: We seem to be in an infinite recursive loop" : https://support.microsoft.com/en-us/kb/926933

23 Replies 23

Yeah share what you can there may be some clues. I would be happy to do a short webex with you if you want to review your setup.

Mike

Thanks Mike , that might work. When suits?

In 30min or it will have to be around 5pm EDT. You can send me an invite to miskaone+cmlds@gmail.com or your contact and I can host.

Mike,

Hello,

The problem is solved?

No not yet. I was communicating with Mike and I've update the Xml file attributes to match for case sensitives. I ran the command last night but keep getting back "no such attribute" I even took out all the attributes and tried again , but the same problem occurred. Any ideas?

I sent you youtube of my screen capture of some modifications that I did to LDAP.

From my notes looks like the User-Proxy attribute does not get updated with MayContain elements which should happen with custom cisco LDF import in the steps prior to the Adam config installation. I had to manually add these to the schema. I added the attributes/settings we discussed yesterday. 

Please email me if you cannot access of need further explanation.  Note I was lead to this issue from Denis.Morgen comment and the associated link...

http://clintboessen.blogspot.fr/2011/06/ldap-error-occured-ldapaddsw-object.html

Hi Mike, where did you send the youtube clip to?

The email account you contacted me on. Just sent another one.

Hi Fergie,

Did you follow the this procedure : http://clintboessen.blogspot.fr/2011/06/ldap-error-occured-ldapaddsw-object.html

It's the workaround from my first problem

The workaround from my second problem : https://support.microsoft.com/en-us/kb/926933

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers