I am unable to use a template to create accounts because; Access to the attribute is not permitted because the attribute is owned by the Security Accounts Manager. How do I fix this?
To resolve this problem, run the export function with a filter. If no filter was specified, or the export function cannot be re-run, then manually edit user account data to include only those fields that may be imported. This is an example filter that will export only required User Account data:
ldifde -f Exportuser.ldf -s <Server1> -d "dc=Export,dc=com" -p subtree
-r "(&(objectCategory=person)(objectClass=User)(givenname=*))"
-l "cn,givenName,objectclass,samAccountName"
This is another example filter that will export all User Account data except for the attributes that cannot be imported:
ldifde -f Exportuser.ldf -s <Server1> -d "dc=Export,dc=com" -p subtree -r
"(&(objectCategory=person)(objectClass=User)(givenname=*))" -o "badPasswordTime,badPwdCount,lastLogoff,lastLogon,logonCount,
memberOf,objectGUID,objectSid,primaryGroupID,pwdLastSet,sAMAccountType"
if u need more help on this. please visit on add ur id in the follower on the following site. and post ur question