write permission failed

[GoogleCodeExporter]

Hello,

Im getting 010/08/21 20:51:43:965]:Write permission for user syncAppUser set
[2010/08/21 20:51:44:012]:Error during the modification of the entry with dn= 
CN=199983,OU=1,OU=students,OU=...,DC=school,DC=local: Insufficient Rights
[2010/08/21 20:51:44:012]:Change failed for user "199983"

Any idea what i forget to do?

Original issue reported on code.google.com by gertjanp@gmail.com on 21 Aug 2010 at 8:55

[GoogleCodeExporter]

If this error occurs for all of your user than you forgot to add write 
privilege to the user used to connect to the LDAP serves (see Readme.txt), if 
it happens for only a few user than probably those user are part of some 
special group (like Administrator or so on) and you must add the right to write 
to that group.
By the way, the row [010/08/21 20:51:43:965]:Write permission for user 
syncAppUser set
 is NOT an error.

Original comment by ciak...@gmail.com on 22 Aug 2010 at 10:52

[GoogleCodeExporter]

Hello, im still wrestling with your tool, i have some more questions below and 
i hope you can help me.

Is it possible to put the readme in the wiki so ppl can comment on it an 
improve it?
I find the installation quite hard to complete.
The tool itself is very welcome if i get it working however, so im really 
looking forward to get it to work.

I assume i can use an adminstrator account to do this? why should i use a 
NON-admin account?
• User name and password of a non Administrator account on the active 
directory machine (syncAppUser)

I assume is set this priviledge on the OU where my users are in that are 
affected by the password change? Does is also take sub OU's? And what option do 
i set precisly?  now just tick full control on all objects for the specified 
account, because i dont know what specific object (name?) i have to give write 
permissions on.

• User name and password of an account with read privilege of the Active 
directory and write privilege of the custom field “hashedPassword” of the 
user entries. This privilege can be given sing the “Delegate controls” 
wizard of the Active Directory Users and Computers" mmc snapin

Does this API have to be installed on the DC or can i just use the files from 
the installer?
• Install Google Data API 
(http://code.google.com/p/google-gdata/downloads/list)

Copying to assembly only works from dosbox (maybe you can ad that to wiki)
• Copy the following files from the Google Data API installation folder to 
c:\windows\assembly:

Ths could be explained a bit more maybe?
• Modify the copy of the ini file with your data

readable by the sync account? or only the admin account i dont get it.
• Make it readable only by administrators account

i assume i can also just reset the users passwords as an administrator after 
server ahs rebooted? or does it only work when users themselve change the 
passwords?
• Activate the option "User must change password at next logon" for all the 
accounts to sync

Original comment by gertjanp@gmail.com on 22 Aug 2010 at 7:47

[GoogleCodeExporter]

[deleted comment]

[GoogleCodeExporter]

[deleted comment]

[GoogleCodeExporter]

I don't want to sound cocky, but some of your questions suggest that you should 
freshen up some basic windows server administration and how the google sync 
process works.

Unfortunately, making it working requires some on-the-site fine tuning 
operations that we can not provide :-)

Original comment by giorgio....@gmail.com on 30 Aug 2010 at 9:58

[GoogleCodeExporter]

Original comment by giorgio....@gmail.com on 30 Aug 2010 at 9:58

• Changed state: WontFix