Component for Microsoft Active Directory 6.1 can’t import multiple objects with the same names from an AD domain. This causes a key-uniqueness violation and will result in the entire NSE being rejected.
Process: aexsvc.exe (1672) Module: AltirisNativeHelper.dll Source: Altiris.DirectoryServices.NSDirectoryItems.DirectoryImportTask.DoDirectoryImportTask Description: While DoDirectoryImportTask for import rule e8b44aef-2046-424a-bc27-2957451242bd System.ArgumentException caught in DoDirectoryImportTask. Reason: Item has already been added. Key in dictionary: <Name of object> Key being added: <Name of object> ( Unhandled exception. Type=System.ArgumentException Msg=Item has already been added. Key in dictionary: <Name of object> Key being added: <Name of object> Src=mscorlib StackTrace= at Altiris.DirectoryServices.NSDirectoryItems.DirectoryImportTask.DoDirectoryImportTask(String taskid, String importXml, Boolean bUpdateImport) )
Two CN's or objects with the same name exist in active directory.
For Example: There is a user named 'Fred' who also has a machine named 'Fred' or a Security Group named 'London' in one Organizational unit and another group called 'London in a different Organizational unit.
Technically this is not allowed by microsoft but is allowed when importing data from other sources such as People Soft or if the Active Directory Schema has been expanded/redefined.
Altiris follows rule of requiring a unique name for each object imported.
This is now considered a defect.
Below are two possible workarounds or solutions to this issue.
Rename one of the objects (user, computer etc.) so that there are not two with the same name.
Use an LDAP filter to exclude problematic AD objects if they are known or once they have been discovered. The LDAP filter can be added in the console in the following location. Configuration tab> Server Settings> Notification Server Infrastructure> Microsoft Active Directory Import> select the rule that is experiencing the problem and click the 'All Users' or 'All computers' depending on the resource type being imported.
Note! The name of the object can often be seen when looking at the Trace logs for the import rule that is failing. The last item being imported in the trace logs is the item that could be searched in Active Directory to verify if there is two objects with the same name. See article 1992 for instructions to enable trace logging.
This should be resolved in a future release
In order to import resources from security groups where duplicate security group names may exist, see KB 34488
Microsoft Active Directory import component
ID: SYD 34784
sydd2 (Altiris - Sydney) database
Imported Document ID: TECH14694
Subscribing will provide email updates when this Article is updated. Login is required.