I have the problem on move user from one to another OU in active
directory.
My policy to move user as show below.

<rule>
<description>Move User (Modify Option)</description>
<conditions>
<and>
<if-class-name mode="nocase" op="equal">User</if-class-name>
<if-association op="available"/>
<if-operation mode="case" op="equal">modify</if-operation>
</and>
</conditions>
<actions>
<do-move-dest-object class-name="User">
<arg-dn>
<token-src-dn convert="true" length="1" start="-1"/>
<token-text xml:space="preserve">,ou=</token-text>
<token-local-variable name="Changing-Department-var"/>
<token-text xml:space="preserve">,</token-text>
<token-global-variable name="drv.user.container"/>
</arg-dn>
</do-move-dest-object>
<do-break/>
</actions>
</rule>
<rule>
<description>Move User (Move Option)</description>
<conditions>
<and>
<if-class-name mode="nocase" op="equal">User</if-class-name>
<if-association op="available"/>
<if-operation mode="case" op="equal">move</if-operation>
</and>
</conditions>
<actions>
<do-move-dest-object class-name="User">
<arg-dn>
<token-src-dn convert="true" length="1" start="-1"/>
<token-text xml:space="preserve">,ou=</token-text>
<token-local-variable name="Changing-Department-var"/>
<token-text xml:space="preserve">,</token-text>
<token-global-variable name="drv.user.container"/>
</arg-dn>
</do-move-dest-object>
<do-break/>
</actions>
</rule>
</policy>

Trace from DSTrace show they select the correct rule and do move to
correct OU as show.

09:19:16 9C105BA0 Drvrs: #Active Directory# ST:Applying policy:
sub-ctp-Move User to Target OU.
14:27:42 9C105BA0 Drvrs: #Active Directory# ST: Applying to modify #1.
21:34:23 9C105BA0 Drvrs: #Active Directory# ST: Evaluating selection
criteria for rule 'Move User (Modify Option)'.
07:00:00 9C105BA0 Drvrs: #Active Directory# ST: (if-class-name equal
"User") = TRUE.
07:00:00 9C105BA0 Drvrs: #Active Directory# ST: (if-association
available) = TRUE.
07:00:00 9C105BA0 Drvrs: #Active Directory# ST: (if-operation equal
"modify") = TRUE.
07:00:00 9C105BA0 Drvrs: #Active Directory# ST: Rule selected.
07:00:00 9C105BA0 Drvrs: #Active Directory# ST: Applying rule 'Move
User (Modify Option)'.
10:38:08 9C105BA0 Drvrs: #Active Directory# ST: Action:
do-move-dest-object(class-name="User",when="after",arg-dn(token-src-dn(convert="true",length="1",start="-1")+",ou="+token-local-variable("Changing-Department-var")+","+token-global-variable("drv.user.container"))).
16:07:10 9C105BA0 Drvrs: #Active Directory# ST:
arg-dn(token-src-dn(convert="true",length="1",start="-1")+",ou="+token-local-variable("Changing-Department-var")+","+token-global-variable("drv.user.container"))
07:00:00 9C105BA0 Drvrs: #Active Directory# ST:
token-src-dn(convert="true",length="1",start="-1")
10:38:08 9C105BA0 Drvrs: #Active Directory# ST: Token Value:
"CN=MYID2003".
14:27:42 9C105BA0 Drvrs: #Active Directory# ST: token-text(",ou=")
07:00:00 9C105BA0 Drvrs: #Active Directory# ST:
token-local-variable("Changing-Department-var")
07:00:00 9C105BA0 Drvrs: #Active Directory# ST: Token Value: "Head
Office".
07:00:00 9C105BA0 Drvrs: #Active Directory# ST: token-text(",")
07:00:00 9C105BA0 Drvrs: #Active Directory# ST:
token-global-variable("drv.user.container")
07:00:00 9C105BA0 Drvrs: #Active Directory# ST: Token Value:
"DC=DIScorp,DC=Local".
19:34:44 9C105BA0 Drvrs: #Active Directory# ST: Arg Value:
"CN=MYID2003,ou=Head Office,DC=DIScorp,DC=Local".
07:00:00 9C105BA0 Drvrs: #Active Directory# ST: Action: do-break().
20:09:21 9C105BA0 Drvrs: #Active Directory# ST:Policy returned:
07:00:01 9BAC7BA0 Drvrs: Delimited Text ST:Subscriber processing
instance for \DEMO-TREE\discorp\WORKFORCE\PERMANENT\Sale and Marketing
Department\MYID2003.
07:00:00 9BAC7BA0 Drvrs: Delimited Text ST:Submitting unknown event to
subscriber shim.
11:21:05 9BAC7BA0 Drvrs: Delimited Text ST:No command transformation
policies.
07:00:00 9BAC7BA0 Drvrs: Delimited Text ST:Filtering out
notification-only attributes.
14:27:42 9BAC7BA0 Drvrs: Delimited Text ST:Fixing up association
references.
07:00:00 9BAC7BA0 Drvrs: Delimited Text ST:Applying schema mapping
policies to output.
07:00:00 9BAC7BA0 Drvrs: Delimited Text ST:Applying policy:
smp-MappingRule.
07:00:00 9BAC7BA0 Drvrs: Delimited Text ST: Mapping attr-name 'Given
Name' to 'FIRST NAME'.
07:00:00 9BAC7BA0 Drvrs: Delimited Text ST: Mapping attr-name 'Surname'
to 'LAST NAME'.
07:00:00 9BAC7BA0 Drvrs: Delimited Text ST: Mapping attr-name 'Title'
to 'TITLE'.
14:27:42 9BAC7BA0 Drvrs: Delimited Text ST: Mapping class-name 'User'
to 'User'.
07:00:00 9BAC7BA0 Drvrs: Delimited Text ST:Applying output
transformation policies.
07:00:00 9BAC7BA0 Drvrs: Delimited Text ST:Applying XSLT policy:
sub-ots-OutputTransformSS.
21:07:58 9C105BA0 Drvrs: #Active Directory# ST:
<nds dtdversion="3.5" ndsversion="8.x">
<source>
<product version="3.6.0.4294">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<modify cached-time="20081204220701.129Z" class-name="User"
event-id="stormbreaker3#20081204220701#1#1"
qualified-src-dn="O=discorp\OU=WORKFORCE\OU=PERMANENT\OU=Sale and
Marketing Department\CN=MYID2003"
src-dn="\DEMO-TREE\discorp\WORKFORCE\PERMANENT\Sale and Marketing
Department\MYID2003" src-entry-id="38227" timestamp="1228428421#2">
<association
state="associated">9d4fcc8eca769b48b8ab21a531981f6 a</association>
<modify-attr attr-name="L">
<remove-value>
<value timestamp="1228427352#2" type="string">02</value>
</remove-value>
<add-value>
<value timestamp="1228428421#2" type="string">01</value>
</add-value>
</modify-attr>
</modify>
<move class-name="User" event-id="stormbreaker3#20081204220701#1#1"
qualified-src-dn="O=discorp\OU=WORKFORCE\OU=PERMANENT\OU=Sale and
Marketing Department\CN=MYID2003"
src-dn="\DEMO-TREE\discorp\WORKFORCE\PERMANENT\Sale and Marketing
Department\MYID2003" src-entry-id="38227">
<association>9d4fcc8eca769b48b8ab21a531981f6a</association>
<parent dest-dn="CN=MYID2003,ou=Head Office,DC=DIScorp,DC=Local"/>
</move>
</input>
</nds>

but nothing move in Active directory and have error messege as follow

<output>
<status level="success" event-id="Active
Directory##11f90bf9773##0"/>
<status level="error" type="driver-general" event-id="Active
Directory##11f90bf9773##0_opData0">
<ldap-err ldap-rc="68" ldap-rc-name="LDAP_ALREADY_EXISTS">
<client-err ldap-rc="68" ldap-rc-name="LDAP_ALREADY_EXISTS">Already
Exists</client-err>
<server-err>00000562: UpdErr: DSID-031A0F4F, problem 6005
(ENTRY_EXISTS), data 0
</server-err>
<server-err-ex win32-rc="1378"/>
</ldap-err>
</status>
<status level="error" type="driver-general" event-id="Active
Directory##11f90bf9773##0_opData1">
<ldap-err ldap-rc="68" ldap-rc-name="LDAP_ALREADY_EXISTS">
<client-err ldap-rc="68" ldap-rc-name="LDAP_ALREADY_EXISTS">Already
Exists</client-err>
<server-err>00000562: UpdErr: DSID-031A0F4F, problem 6005
(ENTRY_EXISTS), data 0
</server-err>
<server-err-ex win32-rc="1378"/>
</ldap-err>
</status>
<status level="error" type="driver-general" event-id="Active
Directory##11f90bf9773##0_opData2">
<message>rename failed.</message>
<ldap-err ldap-rc="80" ldap-rc-name="LDAP_OTHER">
<client-err ldap-rc="80"
ldap-rc-name="LDAP_OTHER">Other</client-err>
<server-err>00002089: UpdErr: DSID-031B0C94, problem 5012
(DIR_ERROR), data 2
</server-err>
<server-err-ex win32-rc="8329"/>
</ldap-err>
</status>
</output>


--
ACACEO
------------------------------------------------------------------------
ACACEO's Profile: http://forums.novell.com/member.php?userid=6472
View this thread: http://forums.novell.com/showthread.php?t=361639