I have a problem where users are created using a template in eDir that has group memberships to be added. When a new user is created, the user add fails in AD with an unwilling to perform error. I've checked the forums and related TIDs about solving this, but none of them work.
The error is seen if a new user is created without the template and then added to the group in eDir as a separate action, but the AD driver will throw the error and then in a second transaction add the member anyway. The trace shows that the first event is trying to modify the memberof attribute which will always fail anyway, the second event is using member and succeeds. The template created user doesn't proceed into the second transaction using the member attribute, because by this time the user does not exist in AD.
The way I've found around this is to stop the groupmembership attribute synching through the subscriber channel on the AD driver filter. I can't remember having this issue before. There are some groups that exist in eDir that don't in AD, but shouldn't that just throw a warning rather than an error?
Could it be anything to do with using Designer 4.0.2 to manipulate 361 drivers?
What's the best way to add a trace file?
I'm using 3.6.1 with latest patches, the same with the remote loader.