Announcement

Collapse
No announcement yet.

Exporting User Objects

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Exporting User Objects

    I'm having problems with exporting User Objects in certain OU's. The problem is sporadic....sometimes it works / other times it skips certain OU's. Naturally, you would think this is permissions related, but I have FULL CONTROL over ALL of these OU's. I'm running v6.7. Do you know what is causing this / how to correct?

  • #2
    Re: Exporting User Objects

    Are the users in the OUs themselves, or in sub-OUs under the main top-level OU ? There is an option button for whether you want to process just the object or sub-objects, and this would affect things if you are not aware of it.

    It might also help turning on the logging option to make sure that its processing the OU at all.
    Kevin Stanush
    SystemTools Software Inc.

    Comment


    • #3
      Re: Exporting User Objects

      The users are in sub-OUs so I have selected "All Directory Level (subtrees)" in the Exporter configuration file.

      I have "File Logging Options" turned on for both Successful Operations and Failed Operations. The log file it produces is completely empty.

      Any other ideals?


      <div class="ubbcode-block"><div class="ubbcode-header">Quote:</div><div class="ubbcode-body">Originally posted by kstanush:
      <span style="font-weight: bold">Are the users in the OUs themselves, or in sub-OUs under the main top-level OU ? There is an option button for whether you want to process just the object or sub-objects, and this would affect things if you are not aware of it.

      It might also help turning on the logging option to make sure that its processing the OU at all.</span></div></div>

      Comment


      • #4
        Re: Exporting User Objects

        I setup an export with several OUs, some with users at a level under the OU path that I added. I was mistaken that the log file would have any output. But the right window will show each main object being exported on a separate line. This will show that its getting into the export routine for the OU. Verify that you are seeing that.

        If Exporter Pro is unable to open the AD object (ie if the path is invalid or for lack of security), then an error will be displayed. But if the active process does not have access to the object under the OU, Active Directory will just hide them from the application.
        Kevin Stanush
        SystemTools Software Inc.

        Comment


        • #5
          Re: Exporting User Objects

          Yes, the Right Window does show the DOMAIN NAME being exported....it ends with "Completed Successful", however it is still skipping OU's where User Objects exist. It just started doing this week.

          I have the configuration file pointing to:
          LDAP://<domainname> to capture ALL user objects in the domain no matter which OU they reside in. Are you suggesting I change this to include the full path to each OU?

          If yes, can you show me an example of how this looks in the configuration file?

          Comment


          • #6
            Re: Exporting User Objects

            I thought from your original posting that you had OU objects instead of a domain. A domain export uses a sub-tree search of the entire domain, but this is done through one query to AD; Exporter Pro does not have any control over which OUs are retrieved. There have not been any changes to Exporter PRo, so if this just started, then when it skips an OU, immediately check to see what the security is on the OU. Hyena's traverse containers option on the OU toolbar in Hyena can also be used to verify if this same behavior happens interactively.

            I cannot think of anything else to check other than security on the affected OUs. You can also try to enter an OU object manually into Exporter Pro to see if it reproduces the behavior as well.
            Kevin Stanush
            SystemTools Software Inc.

            Comment


            • #7
              Re: Exporting User Objects

              How do I set this option?

              "Hyena's traverse containers option on the OU toolbar in Hyena can also be used to verify if this same behavior happens interactively."

              Comment


              • #8
                Re: Exporting User Objects

                Click on the Containers /OUs object under your domain. At the bottom of the screen, there will be another toolbar to control which types of objects to retrieve for OUs. By default, Hyena retrieves everything. Click the Red 'up' arrow to disable everything, then click the Users button down, then click the first toolbar button, which enables sub-OUs traversal. Now, when you double-click on the Containers /OUs object again, Hyena will go through all OUs and sub-ous and just retrieve users. If you want, you can also do this just for an OU. In a large domain, this can take some time if you do it for the entire domain.
                Kevin Stanush
                SystemTools Software Inc.

                Comment


                • #9
                  Re: Exporting User Objects

                  I followed your instructions and fully understand this OU tool bar now. Thank you.

                  The sad news is > the list (in the right window) is still missing all user objects within certain Sub-OU's. I have permissions to all the OU's. Thinking that my permissions are somehow insufficient, I engaged a person with Domain Admin authority to try the very same exercise I'm trying....sadly it produced the same results. The action to view all user objects and to traverse all contains skipped several embedded OU's. The full list when it used to work) is only 33,000 objects. Is there a limitation?

                  Is it possible there is a bug with Hyena's ability to "traverse all containers"?

                  Comment


                  • #10
                    Re: Exporting User Objects

                    I think the 'bug' might be either a limitation or bug in AD, unless we are missing something. Being able to reproduce the problem in Hyena helps a lot as trying to track down a problem when you have a GUI is much easier.

                    Since you know the OU that is being skipped, try first viewing the contents of the OU directly. Assuming that works, go up a level, and using the Traverse Containers button, see if it finds the users then.

                    This might be limitation in AD on the number of objects that can be retrieved in one query. Hyena sets a "paging" feature in AD so that unlimited numbers of objects can be retrieved, but perhaps AD has another limitation. You do have a large number of user objects, but nothing that should present a problem to AD (in theory).

                    Let me know too how many OU levels this particular container is that is being skipped. I can contact Microsoft to see if there is either a level limit or some other limit that we are getting into. So, in summary, I need:

                    - The approximate number of users you have total (if they were all found in all OUs)
                    - The levels that the container/OU is down in your tree to see if that might be a problem.

                    fyi, when you use the Traverse Containers option in Hyena, Hyena only sets a flag to tell AD to do a subtree search of the container. When doing the entire domain, the 'container' is essentially the top of the directory. Hyena then gets back the information from AD without any knowledge of which level it came from. In other words, Hyena is not having to navigate the directory tree itself, but instead lets AD do the navigating.

                    Finally, I am assuming that these are standard user objects, not InetOrgPersons or some other 'flavor' of users.

                    Thanks for your help.
                    Kevin Stanush
                    SystemTools Software Inc.

                    Comment


                    • #11
                      Re: Exporting User Objects

                      Yes, I can view all user objects directly in the OU's (that have users) via both Hyena and AD Users & Computers.

                      Yes, I can go up a level (where no users are) and it finds the users in the sub-ou below...exact same number of objects as above.

                      The OU structure is simple. 4 levels deep at the most:

                      1st - domain.com root (no users here)
                      2nd - DT OU (no users here)
                      3rd - Accts OU (no users here)
                      4th - Admin OU (users skipped)
                      - Cont OU (users skipped)
                      - Ple OU (users skipped)

                      2nd - Non DT OU (no users here)
                      3rd - Accts OU (no users here)
                      4th - Admn OU (users not skipped)
                      - HIS OU (users not skipped)
                      - SVC OU (users not skipped)

                      2nd - EXC OU (no users here)
                      3rd - Conts OU (users not skipped)
                      - RESR OU (users not skipped)

                      Total number of user objects is around 33,000.

                      Yes, these are standard user objects. We have other flavors, but I'm not interested in those.

                      Thanks for your help!

                      Comment


                      • #12
                        Re: Exporting User Objects

                        Interesting. I'll contact Microsoft to see if they have any ideas...
                        Kevin Stanush
                        SystemTools Software Inc.

                        Comment


                        • #13
                          Re: Exporting User Objects

                          Out of curiosity, if you double-click on the All Users object under your domain, do you get all of your users ? This too performs a sub-tree search, but uses slightly different settings than an OU search.
                          Kevin Stanush
                          SystemTools Software Inc.

                          Comment


                          • #14
                            Re: Exporting User Objects

                            Yes, as a matter of fact, all the user objects appear in the right window (after about 5-6 minutes).

                            Are we getting closer?

                            Comment


                            • #15
                              Re: Exporting User Objects

                              No, not really, as that complicates things. The filter string is the only item that is different, and that should not matter. Everything else is the same. There could be a connection limit on the server, but that would be wierd.

                              I also found this article from another support case we had:
                              http://support.microsoft.com/default...;EN-US;Q243281

                              This fixed a particular problem, and it is a change that nearly anyone with a large domain should do. I would recommend making this registry change and see if it changes anything. Microsoft will get back to me tomorrow.

                              Thanks
                              Kevin Stanush
                              SystemTools Software Inc.

                              Comment

                              Working...
                              X