Last post Jun 18, 2008 06:12 AM by filippg
Mar 17, 2008 05:53 AM|filippg|LINK
we need to change the UPN for some users. How to do this?
Mar 17, 2008 06:12 PM|filippg|LINK
to precise this a bit: of course, i can easily change the UPN using the AD Users & Computers Console or whatever kind of scripts. But the MPS holds the CN in the ProvisioningDB, and i don't want to run into inconsistent Data.
By the way: I'worried about inconsistent Data in various ways. Everybody in our house knows, that changes should only be made using the MPS. But sometimes people just do some quick klicks in Exchange MC or AD U&C. Is there a way to reload data from AD to
Mar 27, 2008 03:33 AM|aqeel asghar|LINK
Mar 27, 2008 06:36 PM|filippg|LINK
thank you for the hint. I'm not absolutely happy with this, since I have to delete the object before and have to know which plan to assign.
Maybe i'll try this, or i will write some extra script, which reads GUID and CN from AD and updates the CN in the MPS-DB based on the GUID. Then it should also be possible to automatically delete Objects from the MPS-DB which were deleted using the Users&Computers-SnapIn.
Mar 28, 2008 09:57 AM|DmitriG|LINK
Then it should also be possible to automatically delete Objects from the MPS-DB which were deleted using the Users&Computers-SnapIn.
You can create extension for ADUC MMC snap-in to accomplish this.
Mar 28, 2008 10:22 AM|filippg|LINK
Does not really sound like something i'd like to do.
I never wrote an extension for a MMC snap-in. Is it difficult? (okay, bad question) Can I use .NET? Well I think i won't do this for this task, but maybe I should have a look on Development of own MMC SnapIns and Extension of existing ones, sounds interesting.
Mar 31, 2008 03:26 PM|amos.max|LINK
on the provisioning server in samples dir, look for RenameUser in the Hosted Active Directory Namespace:
<execute namespace="Hosted Active Directory" procedure="RenameUser" impersonate="1">
<before source="data" destination="executeData" mode="merge" />
<after source="executeData" destination="data" mode="insert" />
Apr 01, 2008 03:24 AM|filippg|LINK
Thanks! That's what i was looking for.
Apr 01, 2008 08:09 AM|filippg|LINK
would have been too nice...
As soon as i use the <cn>-Attribute, provtest returns "Unable to open object 'LDAP://dc/CN=oldCN,Hosting-Path'./There is no such object on the server./ADsGetObject/GetProperties".
The Path to the user is correct. And when i remove the <cn> (which should - According to the SDK-Documentation - change the user's CN), i can change the UPN. But as i just got to know, I've also got to Change the CN, not only the UPN as initially asked.
Anybody knows why
Apr 01, 2008 12:24 PM|amos.max|LINK
don't understand your question. You're trying to change the upn AND the cn? Or only the CN? or only the upn?
Apr 01, 2008 02:04 PM|filippg|LINK
i try to Update UPN and CN (but i could do this in two steps, if this would help), since we want to keep them both consistent.
Anyway: According to the MPS SDK Docu, one should be able to update the CN with the RenameUser-Procedure. But when I try this, i get an error, that the object wasn't found.
Docu for RenameUser:
But it doesn't work:-(
Apr 03, 2008 06:12 PM|amos.max|LINK
I'ver never attempted to change the cn, since the dn of the user object isn't really visible or exposed to the client.
Sounds like a syntax problem to me though. Maybe try something like <cn>cn=newcn</cn> or a full dn or other variations (just guessing here)...
Apr 14, 2008 11:14 AM|filippg|LINK
i had the time for some tests today, and i found out how you can use this Method to change CN.
It has to be
<cn>newCN,OU=...,OU=...,OU=...,DC=...,DC=...</cn>. So, you have to specify the complete path, but you don't have to use "cn=" (or "LDAP://CN=") at the beginning.
There are only two Problems:
1. MPS throws an error, even though the name was changed ("An error encountered while processing object 'LDAP:...'./There is no such object on the server./RenameObject"). That's what made Testing a bit hard.
2. More Seriously: The MPS-Database isn't updated, it keeps the old CN. So, the Method is more or less useless.
Jun 16, 2008 05:02 PM|ulrive|LINK
Thers's a Hotfix published by MS that fixes the RenameUser procedure. I installed it 5 min ago and now it works as the documentation states it should.
Jun 17, 2008 03:30 AM|filippg|LINK
thank you for the hint!
Jun 18, 2008 03:23 AM|paulsilverstein|LINK
Why do you need to keep the CN consistant with the UPN? They are unrelated as is the users telephone AD and their CN. Our programmers locked this in, and its been nothing but a hassle - i highly recommend not trying to relate these fields as MPS wasnt
designed this way, nor is Active Directory.
Jun 18, 2008 06:12 AM|filippg|LINK
there are some tasks left here, for which we still use the xml-Files and provtest. No user knows his CN, but everybody knows his eMail-Address and put's it down in his request. So, if CN = eMailAddress, you can just use this. If it's not equal, you have
to find out the CN first.
But since namechanges don't happen too often, we decided not to keep CN consistent.