无法在AD LDS实例上的ADSI编辑中创建新计算机 [英] Cannot create new computer in ADSI Edit on an AD LDS instance
问题描述
使用ADSI Edit,我无法使用该界面并创建新的计算机.
Using ADSI Edit I cannot use the interface and create a new computer.
背景
所以我安装了 Active Directory轻型目录Windows 8.1 Pro计算机上的服务(AD LDS).然后,我按照该教程创建AD LDS实例,然后此教程设置组和用户.一切正常,如那些教程页中所述.
So I installed Active Directory Lightweight Directory Services (AD LDS) on my Windows 8.1 Pro computer. Then I followed the tutorial to create an AD LDS instance and then this tutorial setting up groups and users. Everything works as detailed in the those tutorial pages.
但是,我想开发LDAP查询来确定ActiveDirectory组中的计算机数量,因此我想创建计算机对象.在新建"菜单中这是不可能的.在其他地方,我读过LDIF的导入很重要,因为您需要正确的架构.因此,我第二次执行了步骤,并导入了所有可用的LDIF文件,这些文件是在C:\Windows\ADAM中找到的文件的子集(对我来说),选择是...
However, I want to develop LDAP queries to determine the number of computers in a ActiveDirectory group and so I want to create computer objects. This is not possible from the New menu. I have read elesewhere that the importing of LDIF matters because you need the right schema. So I followed the steps a second time and imported all the LDIF files available which are a subset of the files found (for me) in C:\Windows\ADAM the selection is ...
- MS-AdamSyncMetadata.LDF
- MS-ADLDS-DisplaySpecifiers.LDF
- MS-AZMan.LDF
- MS-InetOrgPerson.LDF
- MS-MembershipTransitive.LDF
- MS-ParentDistname.LDF
- MS-ReplValMetadataExt.LDF
- MS-SecretAttributeCARs.LDF
- MS-SetOwnerBypassQuotaCARs.LDF
- MS-User.LDF
- MS-UserProxy.LDF
- MS-UserProxyFull.LDF
- MS-AdamSyncMetadata.LDF
- MS-ADLDS-DisplaySpecifiers.LDF
- MS-AZMan.LDF
- MS-InetOrgPerson.LDF
- MS-MembershipTransitive.LDF
- MS-ParentDistname.LDF
- MS-ReplValMetadataExt.LDF
- MS-SecretAttributeCARs.LDF
- MS-SetOwnerBypassQuotaCARs.LDF
- MS-User.LDF
- MS-UserProxy.LDF
- MS-UserProxyFull.LDF
但是即使选择了所有这些,我仍然无法创建新计算机.
but even after selecting all of those I still cannot create new computer.
现在,事实证明,C:\Windows\ADAM之外的唯一ldf文件似乎是SQL Server日志数据文件,因为文件扩展名已过载.
Now, it turns out the only ldf files outside C:\Windows\ADAM appear to be SQL Server log data files because the file extension is overloaded.
但是,并非C:\Windows\ADAM中的所有文件都出现在列表上,MS-ADAMSCHEMAW2K8.LDF没有出现.如果我在此文件的内容中四处查找,那么我可以做些有前途的事情.
However, not all the files within C:\Windows\ADAM appear on the list, MS-ADAMSCHEMAW2K8.LDF does not appear. If I poke around in the contents of this file then I can something promising.
...
# Class: computer
dn: cn=Computer,cn=Schema,cn=Configuration,dc=X
changetype: ntdsschemaadd
objectClass: classSchema
governsID: 1.2.840.113556.1.3.30
ldapDisplayName: computer
adminDisplayName: Computer
adminDescription: Computer
# schemaIDGUID: bf967a86-0de6-11d0-a285-00aa003049e2
schemaIDGUID:: hnqWv+YN0BGihQCqADBJ4g==
objectClassCategory: 1
systemFlags: 16
# subclassOf: user
subclassOf: 1.2.840.113556.1.5.9
...
因此,我无法以某种方式选择所需的LDIF文件.我在做什么错了?
So somehow I cannot select the LDIF file I need. What am I doing wrong?
继续使用Google,看来默认情况下,AD LDS架构没有计算机类" 是正确的,因为此引号出现在此
Continuing to Google, it seems I was correct that "By default AD LDS schema does not have a computer class" because this quote appears on this Technet web page.
使用
使用ldifde -i -u -f MS-AdamSchemaW2K8.LDF -s localhost:389 -j . -c "cn=Configuration,dc=X" #configurationNamingContext会在下面显示错误输出
Using ldifde -i -u -f MS-AdamSchemaW2K8.LDF -s localhost:389 -j . -c "cn=Configuration,dc=X" "#configurationNamingContext" gives the error output below
Connecting to "localhost:389"
Logging in as current user using SSPI
Importing directory from file "MS-AdamSchemaW2K8.LDF"
Loading entries.
Add error on entry starting on line 16: Invalid DN Syntax
The server side error is: 0x208f The object name has bad syntax.
The extended server error is:
0000208F: NameErr: DSID-03100225, problem 2006 (BAD_NAME), data 8350, best match of:
'cn=Schema,"#configurationNamingContext"'
0 entries modified successfully.
An error has occurred in the program
.
The above problem is solved by the answer here which says do not wrap final term in quotes.
...进行中...就解决了.会回答我自己的问题.
... progressing...and that solved it. will answer my own question.
推荐答案
因此,扩展架构是正确的做法,但要了解规范 Technet论坛问与答A .
So extending the schema is the correct thing to do but understand that the instructions at the canonical Technet article have a typo which is corrected at this Technet forum Q & A.
正确的格式是
ldifde -i -u -f MS-AdamSchemaW2K8.LDF -s localhost:389 -j . -c "cn=Configuration,dc=X" #configurationNamingContext
这是证据
这篇关于无法在AD LDS实例上的ADSI编辑中创建新计算机的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
