Modify distinguishedname

[Dave]

I'm trying to modify a group of users distinguishedname
attribute. I've tried using ldfide.exe and the
modifyusers.vbs from the resource kit.

ldfide gives me the following error:

"Add error on line 1: Constraint Violation
The server side error is "The attribute cannot be modified
because it is owned by the system."
0 entries modified successfully.
An error has occurred in the program"

modifyusers.vbs gives me this:

"Getting domain
LDAP://OU=Users,OU=org,DC=ms,DC=company,DC=com...
5:26:45 PM modifying attributes of user cn=james\, bob
distinguishedname = James.Bob
Error 0X8007202F occurred in modifying attributes of user
cn=james\, Bob"

Is distinguishedname the only property that can't be
changed without using the AD GUI? Any other ways to try
to do this would be greatly appreciated.

Thanks,
Dave

 

[Matjaz Ladava [MVP]]

You can not change distinguishedname attribute because system composes this
value from cn attubute + other values, and you also can not change cn
attribute. What you can use is MoveHere method. For example to rename a
group

Set objOU=GetObject("LDAP://ou=ouname,dc=domain,dc=com")
objOU.MoveHere("LDAP://cn=groupname,ou=ouname,dc=domain,dc=com","cn=newgroup
name")


--
Regards

Matjaz Ladava, MCSE (NT4 & 2000), Windows MVP
(e-mail address removed)
http://ladava.com

 

[Joe Richards [MVP]]

You can't change the attribute directly. You have to rename the object.

With ldifde you would do a changetype:modrdn.

With adsi you would do a movehere.

With ldap api you would ldap_modrdn (or ones of its derivatives).

 

[Dave]

Joe,
Thanks. Once I got the LDF file filled with the correct
info., it worked like a charm.
Dave