Symantec IGA

Hi,

i'm trying to relocate the AD account via the command that was provided in the connector guide to relocate the Active Directory account(im_connectors_enu.pdf). Below is the code:

etautil -d <eTADomain> -u <eTAUser> p <password> update 'eTADSContainerName=Users,eTADSDirectoryName

<directoryName>,eTNamespaceName=ActiveDirectory' eTADSAccount eTADSAccountName=<accountName> to eTRelocateAccounts=1

eTSyncPolicyDN='eTADSPolicyName=<policyName>,eTADSPolicyContainerName=Active Directory Policies,eTNamespaceName=CommonObjects,dc=<eTADomain>'

however, when i try to run the code, i obtained the error below:

d:\CA\Identity Manager\Provisioning Manager\bin>etautil.exe -d im -u admin -p

password update 'eTADSContainerName=GRPIT,eTADSDirectoryName=APLIFEISGREATUAT,eT

NamespaceName=ActiveDirectory' eTADSAccount eTADSAccountName=Nur Shila Hisham to

eTRelocateAccounts=1 eTSyncPolicyDN='eTADSPolicyName=AD_GELS,eTADSPolicyContain

erName=ActiveDirectory Policies,eTNamespaceName=CommonObjects,dc=im'

:ETA_E_1210, 'Hisham' is not a valid operator for keyword 'Shila' Tue Dec 09 08

:18:43 2014

And then when i changed the code by putting in the ' ' characters to the eTADSAccountName, i obtained another error:

d:\CA\Identity Manager\Provisioning Manager\bin>etautil.exe -d im -u admin -p

password update 'eTADSContainerName=GRPIT,eTADSDirectoryName=APLIFEISGREATUAT,eT

NamespaceName=ActiveDirectory' eTADSAccount eTADSAccountName='Nur Shila Hisham'

to eTRelocateAccounts=1 eTSyncPolicyDN='eTADSPolicyName=AD_GELS,eTADSPolicyConta

inerName=ActiveDirectory Policies,eTNamespaceName=CommonObjects,dc=im'

:ETA_E_0425<SAC>, Active Dir. Account 'Nur Shila Hisham' on 'APLIFEISGREATUAT' r

elocation from account template failed: Entry 'Nur Shila Hisham' does not exist

in the provisioning directory

:ETA_E_1337, ETAUTIL command failed  Tue Dec 09 08:22:08 2014

i would like to know, what triggered the errors above, and how can solve this?

thank you

Anyone able to assist Chia?

For this error:

ETA_E_1210, 'Hisham' is not a valid operator for keyword 'Shila

the spaces around the name are causing the issue. Etautil being a command line utility needs proper formatting.

It read this eTADSAccountName=Nur and expected the next word to be the keyword "to" bu the next word was Shila and Shila is not a keyword for etautil so it gave the error.

For the next error:

Entry 'Nur Shila Hisham' does not exist in the provisioning directory

Simply put you are using the full name of a user, and not the account name. Account names cannot have spaces in them.

Thanks,

Bill Patton

Hi William,

We are having the same error with a similar etautil command and I would like to clarify your point:

Simply put you are using the full name of a user, and not the account name. Account names cannot have spaces in them.

We also have spaces in what we believe is the "eTADSAccountName" of the user we are trying to update.

If we use the JXplorer to locate an account (mine for example) it shows:

We also have spaces in one of the Org Unit Names and the Directory Name, underlined below, which cause similar errors:

etautil -u admin -p password update 'eTADSOrgUnitName=Standard,eTADSOrgUnitName=Company Users,eTADSOrgUnitName=Users,eTADSOrgUnitName=Managed,eTADSDirectoryName=Active Directory,eTNamespaceName=ActiveDirectory,'eTADSAccount eTADSAccountName=Brett Mobsby to eTADSmail=brett.mobsby(a)company.com.au

Any help dealing with these spaces would be most appreciated.

Thanks,

Brett

Well, I am not sure how you could end up with an account name with spaces unless the endpoint itself was set that way in the beginning.

If that is the case than you have a long road ahead with formatting issues, but that is a conversation for another time.

My first question about your formatting is this part:

ActiveDirectory,'eTADSAccount

there should be a space:

ActiveDirectory,' eTADSAccount

Not sure if this is the result of copy and paste or not.

However with my experience with this command line utility, if this simple fix does not help, you will have to open a support case.

When you do provide a link to this post but please do fill out all information in the case description. When the support case is resolved we will come back here and post the results.

Thanks for your help William,

We did contact support and eventually got it working.

We added that missing space you mentioned and also took out the comma:

ActiveDirectory' eTADSAccount

As for the account name, we ended up using single quotes:

eTADSAccountName='Brett Mobsby'

The full command was:

etautil -u admin -p password update 'eTADSOrgUnitName=Standard,eTADSOrgUnitName=Company Users,eTADSOrgUnitName=Users,eTADSOrgUnitName=Managed,eTADSDirectoryName=Active Directory,eTNamespaceName=ActiveDirectory' eTADSAccount eTADSAccountName='Brett Mobsby' to eTADSmail=brett.mobsby(a)company.com.au

Apart from spaces in the account names, some users also had an ampersand (&) which came from appending their department to handle duplicates. This had to be escaped:

'Brett Mobsby - IM&T' became 'Brett Mobsby - IM^&T'

Regards,
Brett