Hi, We are trying to export to an ADLDS instance and get the "A required attribute is missing - cd-error" message and "required attribute 'CN' is missing" We are using the FIM Portal with exactly the same settings and attribute flows as another ADLDS solution; but this one gives us this error message. We have the DN configured twice, once for 'initial', and a heap of other attributes. Any ideas on why would we get "required attribute 'CN' is missing"? Thank you, SK

Is there a CN= in front of the DNs?My Book - Active Directory, 4th Edition My Blog - www.briandesmond.com

Yes, its as follows: "CN="+accountName+",CN=Users,CN=Adatum,CN=org" this rule is duplicated, the other is 'initial flow only' Other attributes we are flowing: givenName, sn, displayName, employeeID, telephoneNumber thanks

Have you looked at the affected CS object (CSSearch or CSExport)? Do the staged attributes look right? Cheers, MarkusMarkus Vilcinskas, Knowledge Engineer, Microsoft Corporation

CSExport lists attribute flows, but at the bottom there is extra information: - <cd-error> <error-code>8316</error-code> <error-literal>A required attribute is missing.</error-literal> <server-error-detail>0000207C: UpdErr: DSID-031514AC, problem 6002 (OBJ_CLASS_VIOLATION), data 0</server-error-detail> </cd-error> thank you

Just making sure - does the staged (to be exported) DN on this object look right? As Brian has indicated, the most common case for this error is an issue with the DN flow. Typically, there is an issue with the staged DN attribute value. Cheers, Markus Markus Vilcinskas, Knowledge Engineer, Microsoft Corporation

Just had 3 set of separate eyes on the DN path, compared to ADLDS, and it is correct. Very odd, since we did a different ADLDS the other day without issues. Perhaps we will need to recreate ADLDS partition.

Is there a precedence issue with the accountName attribute? Are you looping it in and out of AD?My Book - Active Directory, 4th Edition My Blog - www.briandesmond.com

So we recreated the ADLDS partition, redid the MA and Sync Rule...and now get this error message: "Microsoft.MetadirectoryServices.ProvisioningBySyncRuleException: The DN must be set before calling CSEntry.CommitNewConnector." We have the DN configured twice, one as 'initial flow only'. Why this error message now?

It looks like your issue is related to your data - e.g.: invalid accountName attribute. Cheers, MarkusMarkus Vilcinskas, Knowledge Engineer, Microsoft Corporation

so... I setup a new ADLDS instance and recreated all the MPR, Sets, Workflows and Sync Rule, and the MA - it exported fine to the ADLDS 'User' object. Then, I redid everything again, and this time tried to export to the 'UserProxyFull' class of ADLDS and I get the same error message: "A required attribute is missing - cd-error" and "required attribute 'CN' is missing" Does 'userProxyFull' have different requirements?

Hello, do you flow the objectSID attribute too ? This attribute is mandatory for userProxyFull. You can check this by trying to add a userProxyFull in the ADLDS GUI directly (OBJ_CLASS_VIOLATION is returned).

Hi, Tried ObjectSID, and CN flows - but we still get the same error. We have decided that too much time has been wasted trying this via the Portal, so we will revert to the old classical code method of doing this (as we have before, and it works). Thanks for everyone's support.

Just for sake of completeness - the accountName is populated?Regards, Soren Granfeldt blog is at http://blog.goverco.com | twitter at https://twitter.com/#!/MrGranfeldt