First User Created in a Metaverse Container Is Placed in the Wrong Location (291303)



The information in this article applies to:

  • Microsoft Metadirectory Services 2.1
  • Microsoft Metadirectory Services 2.2

This article was previously published under Q291303

SYMPTOMS

If you run a management agent that contains an MAScript that uses the -addparent switch on the Importt.exe program, the first user object in any container is displayed in the wrong organizational unit structure.

CAUSE

This issue occurs if you changed the way the object's distinguished name (also known as DN) is created in the construction template. In this case, the -addparent switch on the Importt.exe program ignores the distinguished name location of the first user object in the location of the parent object. The following information can be seen in the logs.

0001-UPDATE PARENT[00]: o=mmstalk.com,ma=Netscape,DsaName=xforestdc,ou=Applications,dc=microsoft,dc=com
0001-UPDATE PARENT[00]: ou=People,o=mmstalk.com,ma=Netscape,DsaName=xforestdc,ou=Applications,dc=microsoft,dc=com
					

RESOLUTION

To work around this issue, use either of the methods described in this section:

Method One

To work around this issue:
  1. In the Compass utility, click the management agent.
  2. On the Action menu, click Configure MA.
  3. Click the Mode and Namespace management tab, click to select the Select this management agent as the "Prime Namespace" check box, and then click OK.
  4. Run the management agent twice.
After you complete this procedure, the user is moved to the correct location. If you click to select the Select this management agent as the "Prime Namespace" check box, this management agent is authorized to set the metaverse distinguished name of its connected objects to the value that this management agent defines.

Method Two

To work around this issue, you can remove the -addparent switch from the MAControl script on the affected management agent. However, when you use this workaround, the number of failed object imports may increase. Also, when you use this workaround, you may have to increase template administration to compensate for the missing -addparent switch. You should use this method with caution.

NOTE: The procedure described in this section uses the Netscape management agent.

To remove the -addparent switch from the MAControl script:
  1. In the Compass utility, click the management agent.
  2. On the Action menu, click Design MA.
  3. In the Control MA Operations section, click the MA Control Script tab.
  4. Locate the following text:

    echo Synchronizing Metadirectory Users

  5. Remove the -addparent switch on Importt from the following line in the execute command program:

    EXECUTE importt -addParent -objectClass "zcLdapUser" -updateDib -currentDn "%dn%"
    						

    When you are finished, the line is similar to the following line:

    EXECUTE importt -objectClass "zcLdapUser" -updateDib -currentDn "%dn%"
    						

  6. Click OK.
  7. Run the management agent.

MORE INFORMATION

To recreate the issue described in the Summary section of this article, use the following procedure:
  1. Run the management agent in Reflector mode so that the Connected Directory structure is imported.
  2. Change Imp.st or the Metaverse construction template. Change the metaverse object's distinguished name so that it does not mirror the structure of the joined connector space object. The following text is an example of how the construction template may be altered:

    #  $dn=CN=$mvp.cn(,$base_dn())
      $dn=CN=$mvp.cn(,$ma($zcMaUNSBase))
    						

In the preceding example:
  • The number symbol (#) is the comment character.
  • The $base_dn() variable determines the distinguished name that this object's parent has in the metaverse.
  • The $zcMaUNSBase variable is the default distinguished name of the metaverse location where new objects that are imported by this management agent are placed.
After the management agent runs, the following text is logged in the Zscript.log file:

0001-CONNECTOR ADDED[00]: uid=TestUser1,ou=People,o=mmstalk.com,ma=Netscape,DsaName=xforestdc,ou=Applications,dc=microsoft,dc=com
0001-META ADDED[00]: CN=TestUser1,OU=People,O=mmstalk.com,dc=microsoft,dc=com

0002-CONNECTOR ADDED[00]: uid=TestUser2,ou=People,o=mmstalk.com,ma=Netscape,DsaName=xforestdc,ou=Applications,dc=microsoft,dc=com
0002-META ADDED[00]:CN=TestUser2,OU=Users,dc=microsoft,dc=com
					

In this example, the first user, TestUser1, is incorrectly created in the People organizational unit. TestUser1 should have been created in the Users organizational unit as shown by the second user, TestUser2.

For additional information about the -addparent switch, click the article number below to view the article in the Microsoft Knowledge Base:

283196 Explanation of the -Addparent Switch used by Importt


Modification Type:MinorLast Reviewed:1/25/2006
Keywords:kbenv kbprb KB291303