HowTo specify OU in Set-NaCifs

skellner · ‎2012-07-09

I try to do a cifs setup in a WFA workflow with this cmdlet. If I have to specify the OU during the cifs setup the cmdlet fails with could not create active directory account. Error 32: No such object. On the cli in Data Ontap the OU is specified "OU=Fileserver, OU=Server, OU=VRZ". However, this syntax doesn't work with the power shell cmdlet. Any hints are highly appreciated.

Thanks in advance

Stefan

timothyn · ‎2012-07-10

Are you using the "-OrganizationalUnit" parameter? Please list the syntax you are using and full output.

skellner · ‎2012-07-10

Yes, it's the -OrganizationalUnit parameter. The command looks like this

########################

# Set the Cifs Server Organizational Unit. Only Valid for Active Directory environments

if($OrganizationalUnit)

{

$ouSet = " under the Organizational Unit: " + $OrganizationalUnit

}

# Set the Cifs Server Active Directory Site. Only Valid for Active Directory environments

if($AD_Site)

{

$siteSet = " in the Site: " + $AD_Site

}

# Execute the Cifs Setup

if($CifsAuthType -eq "true")

{

Get-WFALogger -Info -message $("Connecting to the Active Directory Domain: " + $DomainName + $siteSet + " " + $ouSet + " as ServerName: " + $CifsServer)

Set-NaCifs -CifsServer $CifsServer -AuthType ad -SecurityStyle $SecurityType -Domain $DomainName -User $DomainUser -Password $DomainPass -OrganizationalUnit $OrganizationalUnit -Site $AD_Site

}

The string that is passed as $OrganizationalUnit is specified as "OU=Fileserver, OU=Server, OU=VRZ"

I only have the output from wfa. I assume that it's the error from the Set-NaCifs call but I'm not sure. It says Unknown error. Check your input and try again.

Thanks

Stefan

timothyn · ‎2012-07-11

I'm not very experienced with Active Directory, but do you need to specify the container? You might add "CN=Computers" into your OU string. I'm not sure if ONTAP will automatically infer the container if it isn't present.

skellner · ‎2012-07-12

Where do I have to add cn=computers. I assume at the end so the string would look like "OU=Filerserver, OU=Server, OU=VRZ, CN=Computers", right?

timothyn · ‎2012-07-12

Yes I believe that's right. Please give it a shot and report back. Thanks!

kleemola · ‎2013-05-07

Any resolution to this? I am having the same issue. "Unknown Error. Check your input and try again". The OU specified work fine at the "cifs setup" cli.

skellner · ‎2013-05-07

Unfortunately not. However, I have an assumpion what the problem is. I think it doesn't have to do with the OU itself. When you do a cifs setup on the cli and you logged in to the domain you are getting an error message. You can't get the list of joinable ou from the domain. I think this is where the error message "unknown error" comes from. Maybe this error isn't handled by the api call so that the command fails with this error. But I'm not sure on this. I tried to find out why my user account is not authenticated to get the list of joinable ous but didn't find something. Could be a GPO, an access right or whatever. In the customer environment I'm getting the error in the production domain. In a test domain the list of joinable ous is displayed on the cli and therefore the cifs setup cmdlet also works.

Maybe someone of the development teams of the api and the powershell toolkit can have a look at this.