Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. You receive the "Exported-change-not-reimported" error message when you configure a newly created user as a disabled user in Microsoft Identity Integration Server 2003

You receive the "Exported-change-not-reimported" error message when you configure a newly created user as a disabled user in Microsoft Identity Integration Server 2003

Symptoms

When you export a new user account to the Active Directory directory service by using the Active Directory Management Agent (ADMA), and then you import changes to the Microsoft Identity Integration Server 2003 metaverse, you may receive the following status information:
Completed-warnings
Additionally, information that is similar to the following appears:
Exported-change-not-reimported1 Error(s)
CN=firstname lastname,OU=organizational unit,DC=example,DC=comuserAccountControl: exported: 512 imported: 546

↑ Back to the top

Cause

This issue may occur when you configure a newly created user as a disabled user by setting the constant value 514 in the userAccountControl attribute of the user account. This issue occurs because the user account object is waiting for confirmation that the constant value was set correctly in Active Directory. The object expects to import the same value that the object sent to Active Directory. However, because the value that is returned is 546 instead of 514, you receive the "Exported-change-not-reimported" error message.

↑ Back to the top

More Information

The userAccountControl attribute is a special attribute. Active Directory assigns certain default values to this attribute when a new user is created. The values that are assigned depend on the user configuration that is created. By default, Active Directory disables a new user account unless a password is set for that account. In the scenario that is described in the "Symptoms" section of this article, you create a typical user account by assigning the following constant value to the userAccountControl attribute of that user account:
ConstantHexadecimal valueDecimal value
ADS_UF_NORMAL_ACCOUNT0x200512
If you set this account to be a disabled user account, Active Directory automatically adds the "No password is required" ADS_PASSWD_NOTREQD constant to the userAccountControl attribute of this user account. The resultant value is 546 decimal, as illustrated by the entries in the following table:
ConstantHexadecimal valueDecimal value
ADS_UF_NORMAL_ACCOUNT0x200512
ADS_UF_ACCOUNTDISABLE0x00022
ADS_PASSWD_NOTREQD0x002032


To avoid this issue, Microsoft recommends that you set the constant value to 546 instead of to 514 for a disabled account. Both values disable the user account. If you use the 546 value, you do not receive the "Exported-change-not-reimported" error message because the imported value and the exported value match.

↑ Back to the top

References

For additional information about the userAccountControl attribute, see the "Enabling or Disabling a User Account in Active Directory" topic in the Microsoft Identity Integration Server 2003 Developer Reference.

For additional information about the user account control constants, visit the following Microsoft Web site, and then search for the topic "ADS_USER_FLAG_ENUM":
http://msdn.microsoft.com/library

↑ Back to the top

Keywords: kb, kbprb, kbbug, kbnofix, kbentirenet

↑ Back to the top

Article Info
Article ID : 823781
Revision : 8
Created on : 8/20/2020
Published on : 8/20/2020
Exists online : False
Views : 103