RE: [ActiveDir] Schema Gurus needed - SAP has buggered my 2003 up grade attempt
Thanks for checking. Diane -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ken Cornetet Sent: Thursday, August 05, 2004 10:02 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Schema Gurus needed - SAP has buggered my 2003 up grade attempt Unfortunately, I don't know, and the SAP guy who installed it doesn't remember either. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ayers, Diane Sent: Wednesday, August 04, 2004 7:20 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Schema Gurus needed - SAP has buggered my 2003 up grade attempt Ken: Do you recall which version of the SAP portal it was that made the schema changes? I'm asking since we are testing the SAP portal against AD in our lab with our SAP folks. I know that the initial version that they came to us with required a schema change (version 5?) and before we got it set up they came back with the newer version that supposedly did not require a change. IIRC that was version 6. Diane -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Wednesday, August 04, 2004 12:32 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Schema Gurus needed - SAP has buggered my 2003 up grade attempt Well side by side we see: MS UID dn: CN=uid,CN=Schema,CN=Configuration,DC=X changetype: ntdsSchemaAdd objectClass: attributeSchema ldapDisplayName: uid adminDisplayName: uid adminDescription: A user ID. attributeId: 0.9.2342.19200300.100.1.1 attributeSyntax: 2.5.5.12 omSyntax: 64 isSingleValued: FALSE systemOnly: FALSE searchFlags: 8 schemaIdGuid:: oPywC4ken0KQGhQTiU2fWQ== attributeSecurityGuid:: Qi+6WaJ50BGQIADAT8LTzw== showInAdvancedViewOnly: FALSE systemFlags: 0 SAP UID dn: CN=uid,CN=Schema,CN=Configuration,DC=adstest,DC=kimball,DC=com changetype: add adminDisplayName: uid attributeID: 1.2.840.113556.1.4.7000.233.28688.28684.8.464850.1724825.154498.1299246. 15 attributeSyntax: 2.5.5.4 cn: uid instanceType: 4 isSingleValued: TRUE lDAPDisplayName: uid distinguishedName: CN=uid,CN=Schema,CN=Configuration,DC=adstest,DC=kimball,DC=com objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=adstest,DC=kimball,DC= com objectClass: attributeSchema objectGUID:: f1Sz+++ZY0eIH7t1mStJIA== oMSyntax: 20 name: uid schemaIDGUID:: Qy93MDGWsEqRfKr837RfzA== showInAdvancedViewOnly: TRUE The main diffs being O attributeSyntax/omsyntax - ci unicode string for MS, ci string for SAP - SAP shouldn't have an issue unless someone uses some multibytes in the uid. O schemaIDGuid - shouldn't be an issue unless there are property sets involved for security O attributeID - if SAP uses the ldapdisplayname in class definitions instead of the attributeIDs they should be ok. O MS is multi-valued, SAP is single valued - This could be painful if using ADSI due to the difference in how it handles mv versus sv, but if using LDAP this shouldn't be too bad, just would only use the first value in the attribute. Definitely there are points that could cause pain but wouldn't expect it would be overly difficult for SAP to correct and use the MS definition versus theirs. Unless they use UID as a unique identifier within the database in which case the multi-value could cause some serious key issues. joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al Sent: Wednesday, August 04, 2004 3:16 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Schema Gurus needed - SAP has buggered my 2003 up grade attempt Thanks Joe, I saw that (rare for me lately). Just curious if SAP and Active Directory could play well together or not. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Wednesday, August 04, 2004 3:03 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Schema Gurus needed - SAP has buggered my 2003 up grade attempt I would expect it would really dork it up pretty well... However there are two compensating things. 1. SAP shouldn't have done this. Ok so that isn't really a compensating factor but they really shouldn't have! 2. He already said that they aren't using it so breaking SAP doesn't matter. "Now for the part I don't know: how do I fix it? The SAP portal was tested, but was back-burned indefinately, so I don't have to worry about breaking it." -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al Sent: Wednesday, August 04, 2004 2:46 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Schema Gurus needed - SAP has buggered my 2003 up grade attempt Anyone have the impact that would have on SAP application by chance? Just curious really. Don't have SAP handy. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Wednesday, August 04, 2004 12:51
RE: [ActiveDir] Schema Gurus needed - SAP has buggered my 2003 up grade attempt
Unfortunately, I don't know, and the SAP guy who installed it doesn't remember either. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ayers, Diane Sent: Wednesday, August 04, 2004 7:20 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Schema Gurus needed - SAP has buggered my 2003 up grade attempt Ken: Do you recall which version of the SAP portal it was that made the schema changes? I'm asking since we are testing the SAP portal against AD in our lab with our SAP folks. I know that the initial version that they came to us with required a schema change (version 5?) and before we got it set up they came back with the newer version that supposedly did not require a change. IIRC that was version 6. Diane -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Wednesday, August 04, 2004 12:32 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Schema Gurus needed - SAP has buggered my 2003 up grade attempt Well side by side we see: MS UID dn: CN=uid,CN=Schema,CN=Configuration,DC=X changetype: ntdsSchemaAdd objectClass: attributeSchema ldapDisplayName: uid adminDisplayName: uid adminDescription: A user ID. attributeId: 0.9.2342.19200300.100.1.1 attributeSyntax: 2.5.5.12 omSyntax: 64 isSingleValued: FALSE systemOnly: FALSE searchFlags: 8 schemaIdGuid:: oPywC4ken0KQGhQTiU2fWQ== attributeSecurityGuid:: Qi+6WaJ50BGQIADAT8LTzw== showInAdvancedViewOnly: FALSE systemFlags: 0 SAP UID dn: CN=uid,CN=Schema,CN=Configuration,DC=adstest,DC=kimball,DC=com changetype: add adminDisplayName: uid attributeID: 1.2.840.113556.1.4.7000.233.28688.28684.8.464850.1724825.154498.1299246. 15 attributeSyntax: 2.5.5.4 cn: uid instanceType: 4 isSingleValued: TRUE lDAPDisplayName: uid distinguishedName: CN=uid,CN=Schema,CN=Configuration,DC=adstest,DC=kimball,DC=com objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=adstest,DC=kimball,DC= com objectClass: attributeSchema objectGUID:: f1Sz+++ZY0eIH7t1mStJIA== oMSyntax: 20 name: uid schemaIDGUID:: Qy93MDGWsEqRfKr837RfzA== showInAdvancedViewOnly: TRUE The main diffs being O attributeSyntax/omsyntax - ci unicode string for MS, ci string for SAP - SAP shouldn't have an issue unless someone uses some multibytes in the uid. O schemaIDGuid - shouldn't be an issue unless there are property sets involved for security O attributeID - if SAP uses the ldapdisplayname in class definitions instead of the attributeIDs they should be ok. O MS is multi-valued, SAP is single valued - This could be painful if using ADSI due to the difference in how it handles mv versus sv, but if using LDAP this shouldn't be too bad, just would only use the first value in the attribute. Definitely there are points that could cause pain but wouldn't expect it would be overly difficult for SAP to correct and use the MS definition versus theirs. Unless they use UID as a unique identifier within the database in which case the multi-value could cause some serious key issues. joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al Sent: Wednesday, August 04, 2004 3:16 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Schema Gurus needed - SAP has buggered my 2003 up grade attempt Thanks Joe, I saw that (rare for me lately). Just curious if SAP and Active Directory could play well together or not. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Wednesday, August 04, 2004 3:03 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Schema Gurus needed - SAP has buggered my 2003 up grade attempt I would expect it would really dork it up pretty well... However there are two compensating things. 1. SAP shouldn't have done this. Ok so that isn't really a compensating factor but they really shouldn't have! 2. He already said that they aren't using it so breaking SAP doesn't matter. "Now for the part I don't know: how do I fix it? The SAP portal was tested, but was back-burned indefinately, so I don't have to worry about breaking it." -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al Sent: Wednesday, August 04, 2004 2:46 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Schema Gurus needed - SAP has buggered my 2003 up grade attempt Anyone have the impact that would have on SAP application by chance? Just curious really. Don't have SAP handy. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Wednesday, August 04, 2004 12:51 PM To: [EMAIL PROTECTED] Cc: 'Eric Fleischman' Subject: RE: [ActiveDir] Schema Gurus needed - SAP has buggered my 2003 upgrade attempt Great, you have to love that! ~Eric have them fix their sheet! Here is a little article about defuncting attribs/classes so you ca
RE: [ActiveDir] Schema Gurus needed - SAP has buggered my 2003 up grade attempt
Hi SAP last year has published a reviewed version of their schema extension. They renamed uid to SAP-uid. That schema version is "SAP Active Directory Schema Extension Script for EP 5.0" rev 3.6.7/94301. We run it in production without any problems. Mail me directly if you need a copy. Bart -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ayers, Diane Sent: Thursday, August 05, 2004 02:20 To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Schema Gurus needed - SAP has buggered my 2003 up grade attempt Ken: Do you recall which version of the SAP portal it was that made the schema changes? I'm asking since we are testing the SAP portal against AD in our lab with our SAP folks. I know that the initial version that they came to us with required a schema change (version 5?) and before we got it set up they came back with the newer version that supposedly did not require a change. IIRC that was version 6. Diane -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Wednesday, August 04, 2004 12:32 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Schema Gurus needed - SAP has buggered my 2003 up grade attempt Well side by side we see: MS UID dn: CN=uid,CN=Schema,CN=Configuration,DC=X changetype: ntdsSchemaAdd objectClass: attributeSchema ldapDisplayName: uid adminDisplayName: uid adminDescription: A user ID. attributeId: 0.9.2342.19200300.100.1.1 attributeSyntax: 2.5.5.12 omSyntax: 64 isSingleValued: FALSE systemOnly: FALSE searchFlags: 8 schemaIdGuid:: oPywC4ken0KQGhQTiU2fWQ== attributeSecurityGuid:: Qi+6WaJ50BGQIADAT8LTzw== showInAdvancedViewOnly: FALSE systemFlags: 0 SAP UID dn: CN=uid,CN=Schema,CN=Configuration,DC=adstest,DC=kimball,DC=com changetype: add adminDisplayName: uid attributeID: 1.2.840.113556.1.4.7000.233.28688.28684.8.464850.1724825.154498.1299246. 15 attributeSyntax: 2.5.5.4 cn: uid instanceType: 4 isSingleValued: TRUE lDAPDisplayName: uid distinguishedName: CN=uid,CN=Schema,CN=Configuration,DC=adstest,DC=kimball,DC=com objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=adstest,DC=kimball,DC= com objectClass: attributeSchema objectGUID:: f1Sz+++ZY0eIH7t1mStJIA== oMSyntax: 20 name: uid schemaIDGUID:: Qy93MDGWsEqRfKr837RfzA== showInAdvancedViewOnly: TRUE The main diffs being O attributeSyntax/omsyntax - ci unicode string for MS, ci string for SAP - SAP shouldn't have an issue unless someone uses some multibytes in the uid. O schemaIDGuid - shouldn't be an issue unless there are property sets involved for security O attributeID - if SAP uses the ldapdisplayname in class definitions instead of the attributeIDs they should be ok. O MS is multi-valued, SAP is single valued - This could be painful if using ADSI due to the difference in how it handles mv versus sv, but if using LDAP this shouldn't be too bad, just would only use the first value in the attribute. Definitely there are points that could cause pain but wouldn't expect it would be overly difficult for SAP to correct and use the MS definition versus theirs. Unless they use UID as a unique identifier within the database in which case the multi-value could cause some serious key issues. joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al Sent: Wednesday, August 04, 2004 3:16 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Schema Gurus needed - SAP has buggered my 2003 up grade attempt Thanks Joe, I saw that (rare for me lately). Just curious if SAP and Active Directory could play well together or not. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Wednesday, August 04, 2004 3:03 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Schema Gurus needed - SAP has buggered my 2003 up grade attempt I would expect it would really dork it up pretty well... However there are two compensating things. 1. SAP shouldn't have done this. Ok so that isn't really a compensating factor but they really shouldn't have! 2. He already said that they aren't using it so breaking SAP doesn't matter. "Now for the part I don't know: how do I fix it? The SAP portal was tested, but was back-burned indefinately, so I don't have to worry about breaking it." -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al Sent: Wednesday, August 04, 2004 2:46 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Schema Gurus needed - SAP has buggered my 2003 up grade attempt Anyone have the impact that would have on SAP application by chance? Just curious really. Don't have SAP handy. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Wednesday, August 04, 2004 12:51 PM To: [EMAIL PROTECTED] Cc: 'Eric Fleischman' Subject: RE: [ActiveDi
RE: [ActiveDir] Schema Gurus needed - SAP has buggered my 2003 up grade attempt
Ken: Do you recall which version of the SAP portal it was that made the schema changes? I'm asking since we are testing the SAP portal against AD in our lab with our SAP folks. I know that the initial version that they came to us with required a schema change (version 5?) and before we got it set up they came back with the newer version that supposedly did not require a change. IIRC that was version 6. Diane -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Wednesday, August 04, 2004 12:32 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Schema Gurus needed - SAP has buggered my 2003 up grade attempt Well side by side we see: MS UID dn: CN=uid,CN=Schema,CN=Configuration,DC=X changetype: ntdsSchemaAdd objectClass: attributeSchema ldapDisplayName: uid adminDisplayName: uid adminDescription: A user ID. attributeId: 0.9.2342.19200300.100.1.1 attributeSyntax: 2.5.5.12 omSyntax: 64 isSingleValued: FALSE systemOnly: FALSE searchFlags: 8 schemaIdGuid:: oPywC4ken0KQGhQTiU2fWQ== attributeSecurityGuid:: Qi+6WaJ50BGQIADAT8LTzw== showInAdvancedViewOnly: FALSE systemFlags: 0 SAP UID dn: CN=uid,CN=Schema,CN=Configuration,DC=adstest,DC=kimball,DC=com changetype: add adminDisplayName: uid attributeID: 1.2.840.113556.1.4.7000.233.28688.28684.8.464850.1724825.154498.1299246. 15 attributeSyntax: 2.5.5.4 cn: uid instanceType: 4 isSingleValued: TRUE lDAPDisplayName: uid distinguishedName: CN=uid,CN=Schema,CN=Configuration,DC=adstest,DC=kimball,DC=com objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=adstest,DC=kimball,DC= com objectClass: attributeSchema objectGUID:: f1Sz+++ZY0eIH7t1mStJIA== oMSyntax: 20 name: uid schemaIDGUID:: Qy93MDGWsEqRfKr837RfzA== showInAdvancedViewOnly: TRUE The main diffs being O attributeSyntax/omsyntax - ci unicode string for MS, ci string for SAP - SAP shouldn't have an issue unless someone uses some multibytes in the uid. O schemaIDGuid - shouldn't be an issue unless there are property sets involved for security O attributeID - if SAP uses the ldapdisplayname in class definitions instead of the attributeIDs they should be ok. O MS is multi-valued, SAP is single valued - This could be painful if using ADSI due to the difference in how it handles mv versus sv, but if using LDAP this shouldn't be too bad, just would only use the first value in the attribute. Definitely there are points that could cause pain but wouldn't expect it would be overly difficult for SAP to correct and use the MS definition versus theirs. Unless they use UID as a unique identifier within the database in which case the multi-value could cause some serious key issues. joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al Sent: Wednesday, August 04, 2004 3:16 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Schema Gurus needed - SAP has buggered my 2003 up grade attempt Thanks Joe, I saw that (rare for me lately). Just curious if SAP and Active Directory could play well together or not. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Wednesday, August 04, 2004 3:03 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Schema Gurus needed - SAP has buggered my 2003 up grade attempt I would expect it would really dork it up pretty well... However there are two compensating things. 1. SAP shouldn't have done this. Ok so that isn't really a compensating factor but they really shouldn't have! 2. He already said that they aren't using it so breaking SAP doesn't matter. "Now for the part I don't know: how do I fix it? The SAP portal was tested, but was back-burned indefinately, so I don't have to worry about breaking it." -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al Sent: Wednesday, August 04, 2004 2:46 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Schema Gurus needed - SAP has buggered my 2003 up grade attempt Anyone have the impact that would have on SAP application by chance? Just curious really. Don't have SAP handy. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Wednesday, August 04, 2004 12:51 PM To: [EMAIL PROTECTED] Cc: 'Eric Fleischman' Subject: RE: [ActiveDir] Schema Gurus needed - SAP has buggered my 2003 upgrade attempt Great, you have to love that! ~Eric have them fix their sheet! Here is a little article about defuncting attribs/classes so you can learn about it http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ad/ad/d isab ling_existing_classes_and_attributes.asp Unfortunately, defuncting is something you can only do in an FFL 2K3 forest... Or you can delete stuff but I think you have to be pre-W2K SP2. OEM will definitely let you do it. Robbie published a nice little article on this
RE: [ActiveDir] Schema Gurus needed - SAP has buggered my 2003 up grade attempt
Well side by side we see: MS UID dn: CN=uid,CN=Schema,CN=Configuration,DC=X changetype: ntdsSchemaAdd objectClass: attributeSchema ldapDisplayName: uid adminDisplayName: uid adminDescription: A user ID. attributeId: 0.9.2342.19200300.100.1.1 attributeSyntax: 2.5.5.12 omSyntax: 64 isSingleValued: FALSE systemOnly: FALSE searchFlags: 8 schemaIdGuid:: oPywC4ken0KQGhQTiU2fWQ== attributeSecurityGuid:: Qi+6WaJ50BGQIADAT8LTzw== showInAdvancedViewOnly: FALSE systemFlags: 0 SAP UID dn: CN=uid,CN=Schema,CN=Configuration,DC=adstest,DC=kimball,DC=com changetype: add adminDisplayName: uid attributeID: 1.2.840.113556.1.4.7000.233.28688.28684.8.464850.1724825.154498.1299246. 15 attributeSyntax: 2.5.5.4 cn: uid instanceType: 4 isSingleValued: TRUE lDAPDisplayName: uid distinguishedName: CN=uid,CN=Schema,CN=Configuration,DC=adstest,DC=kimball,DC=com objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=adstest,DC=kimball,DC= com objectClass: attributeSchema objectGUID:: f1Sz+++ZY0eIH7t1mStJIA== oMSyntax: 20 name: uid schemaIDGUID:: Qy93MDGWsEqRfKr837RfzA== showInAdvancedViewOnly: TRUE The main diffs being O attributeSyntax/omsyntax - ci unicode string for MS, ci string for SAP - SAP shouldn't have an issue unless someone uses some multibytes in the uid. O schemaIDGuid - shouldn't be an issue unless there are property sets involved for security O attributeID - if SAP uses the ldapdisplayname in class definitions instead of the attributeIDs they should be ok. O MS is multi-valued, SAP is single valued - This could be painful if using ADSI due to the difference in how it handles mv versus sv, but if using LDAP this shouldn't be too bad, just would only use the first value in the attribute. Definitely there are points that could cause pain but wouldn't expect it would be overly difficult for SAP to correct and use the MS definition versus theirs. Unless they use UID as a unique identifier within the database in which case the multi-value could cause some serious key issues. joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al Sent: Wednesday, August 04, 2004 3:16 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Schema Gurus needed - SAP has buggered my 2003 up grade attempt Thanks Joe, I saw that (rare for me lately). Just curious if SAP and Active Directory could play well together or not. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Wednesday, August 04, 2004 3:03 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Schema Gurus needed - SAP has buggered my 2003 up grade attempt I would expect it would really dork it up pretty well... However there are two compensating things. 1. SAP shouldn't have done this. Ok so that isn't really a compensating factor but they really shouldn't have! 2. He already said that they aren't using it so breaking SAP doesn't matter. "Now for the part I don't know: how do I fix it? The SAP portal was tested, but was back-burned indefinately, so I don't have to worry about breaking it." -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al Sent: Wednesday, August 04, 2004 2:46 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Schema Gurus needed - SAP has buggered my 2003 up grade attempt Anyone have the impact that would have on SAP application by chance? Just curious really. Don't have SAP handy. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Wednesday, August 04, 2004 12:51 PM To: [EMAIL PROTECTED] Cc: 'Eric Fleischman' Subject: RE: [ActiveDir] Schema Gurus needed - SAP has buggered my 2003 upgrade attempt Great, you have to love that! ~Eric have them fix their sheet! Here is a little article about defuncting attribs/classes so you can learn about it http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ad/ad/disab ling_existing_classes_and_attributes.asp Unfortunately, defuncting is something you can only do in an FFL 2K3 forest... Or you can delete stuff but I think you have to be pre-W2K SP2. OEM will definitely let you do it. Robbie published a nice little article on this a ways back. MS got pissed and made it so you couldn't do it any more... However I think you should be able to rename that attribute without any major issue. However, I think I will wait for ~Eric to catch up with this thread to say go for it! The rename LDIF file would look something like dn: CN=uid,CN=Schema,CN=Configuration,DC=X changetype: modify replace: lDAPDisplayName lDAPDisplayName: OLDSAPuid - dn: CN=uid,CN=Schema,CN=Configuration,DC=X changetype: modrdn newrdn: cn=OLDSAPuid deleteoldrdn: 1 If any of the SAP people are out there listening or for anyone modifying the schema, as a matter of fact, for their own apps... Think about using names and
RE: [ActiveDir] Schema Gurus needed - SAP has buggered my 2003 up grade attempt
Thanks Joe, I saw that (rare for me lately). Just curious if SAP and Active Directory could play well together or not. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Wednesday, August 04, 2004 3:03 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Schema Gurus needed - SAP has buggered my 2003 up grade attempt I would expect it would really dork it up pretty well... However there are two compensating things. 1. SAP shouldn't have done this. Ok so that isn't really a compensating factor but they really shouldn't have! 2. He already said that they aren't using it so breaking SAP doesn't matter. "Now for the part I don't know: how do I fix it? The SAP portal was tested, but was back-burned indefinately, so I don't have to worry about breaking it." -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al Sent: Wednesday, August 04, 2004 2:46 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Schema Gurus needed - SAP has buggered my 2003 up grade attempt Anyone have the impact that would have on SAP application by chance? Just curious really. Don't have SAP handy. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Wednesday, August 04, 2004 12:51 PM To: [EMAIL PROTECTED] Cc: 'Eric Fleischman' Subject: RE: [ActiveDir] Schema Gurus needed - SAP has buggered my 2003 upgrade attempt Great, you have to love that! ~Eric have them fix their sheet! Here is a little article about defuncting attribs/classes so you can learn about it http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ad/ad/disab ling_existing_classes_and_attributes.asp Unfortunately, defuncting is something you can only do in an FFL 2K3 forest... Or you can delete stuff but I think you have to be pre-W2K SP2. OEM will definitely let you do it. Robbie published a nice little article on this a ways back. MS got pissed and made it so you couldn't do it any more... However I think you should be able to rename that attribute without any major issue. However, I think I will wait for ~Eric to catch up with this thread to say go for it! The rename LDIF file would look something like dn: CN=uid,CN=Schema,CN=Configuration,DC=X changetype: modify replace: lDAPDisplayName lDAPDisplayName: OLDSAPuid - dn: CN=uid,CN=Schema,CN=Configuration,DC=X changetype: modrdn newrdn: cn=OLDSAPuid deleteoldrdn: 1 If any of the SAP people are out there listening or for anyone modifying the schema, as a matter of fact, for their own apps... Think about using names and ldapDisplayNames unique to your company, MS will let you register a name... joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ken Cornetet Sent: Wednesday, August 04, 2004 12:13 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Schema Gurus needed - SAP has buggered my 2003 upgrade attempt No, that's why I said the error from adprep was misleading. The add of the uid attribute silently failed, but then the add of the inetorgperson person fails because OID 0.9.2342.19200300.100.1.1 isn't in the schema. A little cruising in adsiedit shows a "delete" option for CN=uid,CN=Schema,CN=Configuration,... But I'm over my head here, and I'm somewhat hesitant to jack around without fully understanding what the ramifications are. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Wednesday, August 04, 2004 10:57 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Schema Gurus needed - SAP has buggered my 2003 upgrade attempt So you didn't see an error higher up in sch18 on this entry # Schema NC changes dn: CN=uid,CN=Schema,CN=Configuration,DC=X changetype: ntdsSchemaAdd objectClass: attributeSchema ldapDisplayName: uid adminDisplayName: uid adminDescription: A user ID. attributeId: 0.9.2342.19200300.100.1.1 attributeSyntax: 2.5.5.12 omSyntax: 64 isSingleValued: FALSE systemOnly: FALSE searchFlags: 8 schemaIdGuid:: oPywC4ken0KQGhQTiU2fWQ== attributeSecurityGuid:: Qi+6WaJ50BGQIADAT8LTzw== showInAdvancedViewOnly: FALSE systemFlags: 0 Do you have that in your directory now in a mangled format? I would guess not since the inetOrgPerson is referring to it by attributeID and not by name... But it seems you should have gotten an error on the import then when you hit it versus getting further down... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ken Cornetet Sent: Wednesday, August 04, 2004 11:34 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Schema Gurus needed - SAP has buggered my 2003 upgrade attempt LDIF.ERR contains: Entry DN: CN=inetOrgPerson,CN=Schema,CN=Configuration,DC=adstest,DC=kimball,DC=com Add error on line 333: Unwilling To Perform The server side error is "Schem
RE: [ActiveDir] Schema Gurus needed - SAP has buggered my 2003 up grade attempt
I would expect it would really dork it up pretty well... However there are two compensating things. 1. SAP shouldn't have done this. Ok so that isn't really a compensating factor but they really shouldn't have! 2. He already said that they aren't using it so breaking SAP doesn't matter. "Now for the part I don't know: how do I fix it? The SAP portal was tested, but was back-burned indefinately, so I don't have to worry about breaking it." -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al Sent: Wednesday, August 04, 2004 2:46 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Schema Gurus needed - SAP has buggered my 2003 up grade attempt Anyone have the impact that would have on SAP application by chance? Just curious really. Don't have SAP handy. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Wednesday, August 04, 2004 12:51 PM To: [EMAIL PROTECTED] Cc: 'Eric Fleischman' Subject: RE: [ActiveDir] Schema Gurus needed - SAP has buggered my 2003 upgrade attempt Great, you have to love that! ~Eric have them fix their sheet! Here is a little article about defuncting attribs/classes so you can learn about it http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ad/ad/disab ling_existing_classes_and_attributes.asp Unfortunately, defuncting is something you can only do in an FFL 2K3 forest... Or you can delete stuff but I think you have to be pre-W2K SP2. OEM will definitely let you do it. Robbie published a nice little article on this a ways back. MS got pissed and made it so you couldn't do it any more... However I think you should be able to rename that attribute without any major issue. However, I think I will wait for ~Eric to catch up with this thread to say go for it! The rename LDIF file would look something like dn: CN=uid,CN=Schema,CN=Configuration,DC=X changetype: modify replace: lDAPDisplayName lDAPDisplayName: OLDSAPuid - dn: CN=uid,CN=Schema,CN=Configuration,DC=X changetype: modrdn newrdn: cn=OLDSAPuid deleteoldrdn: 1 If any of the SAP people are out there listening or for anyone modifying the schema, as a matter of fact, for their own apps... Think about using names and ldapDisplayNames unique to your company, MS will let you register a name... joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ken Cornetet Sent: Wednesday, August 04, 2004 12:13 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Schema Gurus needed - SAP has buggered my 2003 upgrade attempt No, that's why I said the error from adprep was misleading. The add of the uid attribute silently failed, but then the add of the inetorgperson person fails because OID 0.9.2342.19200300.100.1.1 isn't in the schema. A little cruising in adsiedit shows a "delete" option for CN=uid,CN=Schema,CN=Configuration,... But I'm over my head here, and I'm somewhat hesitant to jack around without fully understanding what the ramifications are. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Wednesday, August 04, 2004 10:57 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Schema Gurus needed - SAP has buggered my 2003 upgrade attempt So you didn't see an error higher up in sch18 on this entry # Schema NC changes dn: CN=uid,CN=Schema,CN=Configuration,DC=X changetype: ntdsSchemaAdd objectClass: attributeSchema ldapDisplayName: uid adminDisplayName: uid adminDescription: A user ID. attributeId: 0.9.2342.19200300.100.1.1 attributeSyntax: 2.5.5.12 omSyntax: 64 isSingleValued: FALSE systemOnly: FALSE searchFlags: 8 schemaIdGuid:: oPywC4ken0KQGhQTiU2fWQ== attributeSecurityGuid:: Qi+6WaJ50BGQIADAT8LTzw== showInAdvancedViewOnly: FALSE systemFlags: 0 Do you have that in your directory now in a mangled format? I would guess not since the inetOrgPerson is referring to it by attributeID and not by name... But it seems you should have gotten an error on the import then when you hit it versus getting further down... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ken Cornetet Sent: Wednesday, August 04, 2004 11:34 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Schema Gurus needed - SAP has buggered my 2003 upgrade attempt LDIF.ERR contains: Entry DN: CN=inetOrgPerson,CN=Schema,CN=Configuration,DC=adstest,DC=kimball,DC=com Add error on line 333: Unwilling To Perform The server side error is "Schema update failed: attribute in may-contain does not exist." An error has occurred in the program LDIF.LOG shows that c:\winnt\system32\sch18.ldf was being imported at the time of error. The last lines show: 24: CN=inetOrgPerson,CN=Schema,CN=Configuration,DC=adstest,DC=kimball,DC=com Entry DN: CN=inetOrgPerson,CN=Schema,CN=Configuration,DC=adstest,DC=kimball,DC=co
RE: [ActiveDir] Schema Gurus needed - SAP has buggered my 2003 up grade attempt
Anyone have the impact that would have on SAP application by chance? Just curious really. Don't have SAP handy. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Wednesday, August 04, 2004 12:51 PM To: [EMAIL PROTECTED] Cc: 'Eric Fleischman' Subject: RE: [ActiveDir] Schema Gurus needed - SAP has buggered my 2003 upgrade attempt Great, you have to love that! ~Eric have them fix their sheet! Here is a little article about defuncting attribs/classes so you can learn about it http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ad/ad/disab ling_existing_classes_and_attributes.asp Unfortunately, defuncting is something you can only do in an FFL 2K3 forest... Or you can delete stuff but I think you have to be pre-W2K SP2. OEM will definitely let you do it. Robbie published a nice little article on this a ways back. MS got pissed and made it so you couldn't do it any more... However I think you should be able to rename that attribute without any major issue. However, I think I will wait for ~Eric to catch up with this thread to say go for it! The rename LDIF file would look something like dn: CN=uid,CN=Schema,CN=Configuration,DC=X changetype: modify replace: lDAPDisplayName lDAPDisplayName: OLDSAPuid - dn: CN=uid,CN=Schema,CN=Configuration,DC=X changetype: modrdn newrdn: cn=OLDSAPuid deleteoldrdn: 1 If any of the SAP people are out there listening or for anyone modifying the schema, as a matter of fact, for their own apps... Think about using names and ldapDisplayNames unique to your company, MS will let you register a name... joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ken Cornetet Sent: Wednesday, August 04, 2004 12:13 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Schema Gurus needed - SAP has buggered my 2003 upgrade attempt No, that's why I said the error from adprep was misleading. The add of the uid attribute silently failed, but then the add of the inetorgperson person fails because OID 0.9.2342.19200300.100.1.1 isn't in the schema. A little cruising in adsiedit shows a "delete" option for CN=uid,CN=Schema,CN=Configuration,... But I'm over my head here, and I'm somewhat hesitant to jack around without fully understanding what the ramifications are. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Wednesday, August 04, 2004 10:57 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Schema Gurus needed - SAP has buggered my 2003 upgrade attempt So you didn't see an error higher up in sch18 on this entry # Schema NC changes dn: CN=uid,CN=Schema,CN=Configuration,DC=X changetype: ntdsSchemaAdd objectClass: attributeSchema ldapDisplayName: uid adminDisplayName: uid adminDescription: A user ID. attributeId: 0.9.2342.19200300.100.1.1 attributeSyntax: 2.5.5.12 omSyntax: 64 isSingleValued: FALSE systemOnly: FALSE searchFlags: 8 schemaIdGuid:: oPywC4ken0KQGhQTiU2fWQ== attributeSecurityGuid:: Qi+6WaJ50BGQIADAT8LTzw== showInAdvancedViewOnly: FALSE systemFlags: 0 Do you have that in your directory now in a mangled format? I would guess not since the inetOrgPerson is referring to it by attributeID and not by name... But it seems you should have gotten an error on the import then when you hit it versus getting further down... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ken Cornetet Sent: Wednesday, August 04, 2004 11:34 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Schema Gurus needed - SAP has buggered my 2003 upgrade attempt LDIF.ERR contains: Entry DN: CN=inetOrgPerson,CN=Schema,CN=Configuration,DC=adstest,DC=kimball,DC=com Add error on line 333: Unwilling To Perform The server side error is "Schema update failed: attribute in may-contain does not exist." An error has occurred in the program LDIF.LOG shows that c:\winnt\system32\sch18.ldf was being imported at the time of error. The last lines show: 24: CN=inetOrgPerson,CN=Schema,CN=Configuration,DC=adstest,DC=kimball,DC=com Entry DN: CN=inetOrgPerson,CN=Schema,CN=Configuration,DC=adstest,DC=kimball,DC=com Add error on line 333: Unwilling To Perform The server side error is "Schema update failed: attribute in may-contain does not exist." 23 entries modified successfully. An error has occurred in the program SCH18.LDF line 333 contains: dn: CN=inetOrgPerson,CN=Schema,CN=Configuration,DC=X changetype: ntdsSchemaAdd objectClass: classSchema ldapDisplayName: inetOrgPerson adminDisplayName: inetOrgPerson adminDescription: Represents people who are associated with an organization in some way. governsId: 2.16.840.1.113730.3.2.2 objectClassCategory: 1 rdnAttId: 2.5.4.3 subClassOf: 1.2.840.113556.1.5.9 systemMayContain: 2.5.4.45 systemMayContain: 2.16.840.1.113730.3.140 systemMayContain: 2.16.840.1.113730.3.1.216 systemMayContain: 2.5.4.36 systemMayContain: 0.9.2342.19200300.100.1.1 systemMayContain: 0.9.2342.19200300