|
| Error deleteing AD user because it is being used as a container |
 |
Fri, 7 Dec 2007 06:32:02 -0800 |
Does anyone know of a work around within MIIS to have it delete a user object
that is also a container? This problem is not in code as the code simply
calls the Deprovision method on the connector space when specific
requirements are met. MIIS Then trys to delete the user object and will fail
with CD Source Error: 8213 - "The directory service can perform the
requested
operation only on a leaf object"
The reason the user object is a container is because there are applications
(out of my control) that will use the user object as a container for a
profile object. It may not be common but it is possible as the user object
can be a container.
Any thoughts or suggestions would be appreciated.
|
| Post Reply
|
| Re: Error deleteing AD user because it is being used as a containe |
 |
Fri, 7 Dec 2007 16:22:00 -0800 |
Thank you Tomasz! That makes sense to me!
"Tomasz Onyszko" wrote:
> TheRealTaz wrote:
> > Does anyone know of a work around within MIIS to have it delete a user
object
> > that is also a container? This problem is not in code as the code
simply
> > calls the Deprovision method on the connector space when specific
> > requirements are met. MIIS Then trys to delete the user object and
will fail
> > with CD Source Error: 8213 - "The directory service can perform
the requested
> > operation only on a leaf object"
> >
> > The reason the user object is a container is because there are
applications
> > (out of my control) that will use the user object as a container for a
> > profile object. It may not be common but it is possible as the user
object
> > can be a container.
> >
> > Any thoughts or suggestions would be appreciated.
>
> Simplest approach I can imagine is to import these profile objects into
> connector space, join them to user and make sure in your deprovisioning
> logic that these objects are being deleted before user will be
> deprovisioned. This will take two synchronization cycle execution to
> delete user object or one cycle with two AD MA export \ import \synch
> cycles.
>
> --
> Tomasz Onyszko
> http://www.w2k.pl/ - (PL)
> http://blogs.dirteam.com/blogs/tomek/ - (EN)
|
| Post Reply
|
| Re: Error deleteing AD user because it is being used as a container |
 |
Fri, 07 Dec 2007 20:05:06 +010 |
TheRealTaz wrote:
> Does anyone know of a work around within MIIS to have it delete a user
object
> that is also a container? This problem is not in code as the code simply
> calls the Deprovision method on the connector space when specific
> requirements are met. MIIS Then trys to delete the user object and will
fail
> with CD Source Error: 8213 - "The directory service can perform the
requested
> operation only on a leaf object"
>
> The reason the user object is a container is because there are applications
> (out of my control) that will use the user object as a container for a
> profile object. It may not be common but it is possible as the user object
> can be a container.
>
> Any thoughts or suggestions would be appreciated.
Simplest approach I can imagine is to import these profile objects into
connector space, join them to user and make sure in your deprovisioning
logic that these objects are being deleted before user will be
deprovisioned. This will take two synchronization cycle execution to
delete user object or one cycle with two AD MA export \ import \synch
cycles.
--
Tomasz Onyszko
http://www.w2k.pl/ - (PL)
|
| Post Reply
|
|
|
|
|
|
|
|
|
|