LDAP error 68, LDAP_ALREADY_EXISTS

Cannot migrate users from eDirectory to Active Directory when users already exist in both directories.

1) Modify all users Full Name attribute in eDirectory to match the cn in Active Directory.

2) Modify the cn in Active Directory to display the Full Name value.

3) If it is desired to have the logon name to be populated to the cn in Active Directory, then do the following:

Modify your driver to allow the schema mapping to match the CN in eDirectory to the cn attribute in Active Directory.
Change the Matching rules to look at the cn attribute instead of the Full Name attribute.
Change the Command Transform policy | "Add: User - change dest-dn to Full Name" rule | to use the CN instead of Full Name.

The default AD driver matches the Full Name attribute in eDirectory to the cn attribute in Active Directory.
Active Directory was populated with the users logon name rather than with the full name of the user.


As all customer's environments are different. Make sure you heavily test any changes you make to your driver. Make sure an export of the driver is taken prior to any changes being made so that the driver can be restored to it's original configuration.

Formerly known as TID# 10097761