[Fedora-directory-users] AD sync errors when renaming an account?
Josh Kelley
joshkel at gmail.com
Wed Aug 22 22:10:57 UTC 2007
We're regularly (every few seconds) getting the following errors in
our error log:
[22/Aug/2007:17:57:45 -0400] NSMMReplicationPlugin - agmt="cn=ad2 <->
fds2" (ad2:636): Consumer failed to replay change (uniqueid
1dc8382d-1dd211b2-805a97b7-83570000, CSN 46cca925000100010000):
Referral received. Will retry later.
This is with a Windows Sync agreement between Active Directory and FDS
1.0.2. These errors seem to occur when we rename an account on the
FDS side (using a Perl script that updates several name-related
attributes then invokes a modDN operation), but I'm not certain that's
the cause. Initiating full resynchronization appears to clear the
error, but it also apparently causes FDS to lose whatever changes it
was trying to make. (For example, we have several new FDS accounts
created with ntUserCreateNewAccount=true that never appeared in AD.)
In particular, the Perl script updates the ntUserDomainID attribute.
Is that what's causing this problem? How should accounts be renamed
in a Windows Sync environment?
If the problem is not changing the value of ntUserDomainID, any
suggestions for tracking down the problem?
Thank you.
Josh Kelley
More information about the Fedora-directory-users
mailing list