Discussion:
Unable to modify attributes on AD using LDAP
(too old to reply)
Athrivarada
2006-02-03 15:38:35 UTC
Permalink
Hi,
I am using ldap and c++ to modify attributes on objects in the "User"
container in the AD. There are a few attributes that I am not able to modify
using the ldap_modify_s to modify the attributes. For some of the attributes
I know that they are not modifiable depending on the SYSTEMFLAGS attributes.

Here is the list of attributes that are not modifiable with SYSTEMFLAGS are
as follows.

CN - Server Error [000020B1: UpdErr: DSID-030F0A48, problem 6004
(CANT_ON_RDN), data 0]

instanceType - Server Error [000020B1: AtrErr: DSID-030F0C1A, #1: 0:
000020B1: DSID-030F0C1A, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att
20001 (instanceType)

objectClass - Server Error [00002040: SvcErr: DSID-030F0AA0, problem 5003
(WILL_NOT_PERFORM), data 0]

name - Server Error [000020B1: UpdErr: DSID-030F0A48, problem 6004
(CANT_ON_RDN), data 0]

badPwdCount - Server Error [0000209A: SvcErr: DSID-031A0DD5, problem 5003
(WILL_NOT_PERFORM), data 0]

logonCount - Server Error [0000209A: SvcErr: DSID-031A0DD5, problem 5003
(WILL_NOT_PERFORM), data 0]

sAMAccountType - Server Error [0000209A: SvcErr: DSID-031A0DD5, problem 5003
(WILL_NOT_PERFORM), data 0]

objectCategory - Server Error [00002077: SvcErr: DSID-030F0A7B, problem 5003
(WILL_NOT_PERFORM), data 0]



Any help on this will be greatly appreciated.

-Sandeep
Joe Kaplan (MVP - ADSI)
2006-02-03 16:48:28 UTC
Permalink
Yes, you cannot modify those.

CN is changed via ldap_rename_ext_s since it is the RDN naming attribute for
the user class. The rest are not for you to touch. They are managed by the
DSA.

Joe K.
Post by Athrivarada
Hi,
I am using ldap and c++ to modify attributes on objects in the "User"
container in the AD. There are a few attributes that I am not able to modify
using the ldap_modify_s to modify the attributes. For some of the attributes
I know that they are not modifiable depending on the SYSTEMFLAGS attributes.
Here is the list of attributes that are not modifiable with SYSTEMFLAGS are
as follows.
CN - Server Error [000020B1: UpdErr: DSID-030F0A48, problem 6004
(CANT_ON_RDN), data 0]
000020B1: DSID-030F0C1A, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att
20001 (instanceType)
objectClass - Server Error [00002040: SvcErr: DSID-030F0AA0, problem 5003
(WILL_NOT_PERFORM), data 0]
name - Server Error [000020B1: UpdErr: DSID-030F0A48, problem 6004
(CANT_ON_RDN), data 0]
badPwdCount - Server Error [0000209A: SvcErr: DSID-031A0DD5, problem 5003
(WILL_NOT_PERFORM), data 0]
logonCount - Server Error [0000209A: SvcErr: DSID-031A0DD5, problem 5003
(WILL_NOT_PERFORM), data 0]
sAMAccountType - Server Error [0000209A: SvcErr: DSID-031A0DD5, problem 5003
(WILL_NOT_PERFORM), data 0]
objectCategory - Server Error [00002077: SvcErr: DSID-030F0A7B, problem 5003
(WILL_NOT_PERFORM), data 0]
Any help on this will be greatly appreciated.
-Sandeep
Athrivarada
2006-02-06 04:38:38 UTC
Permalink
Thanks a lot Joe for the quick reply.

-Sandeep
Post by Joe Kaplan (MVP - ADSI)
Yes, you cannot modify those.
CN is changed via ldap_rename_ext_s since it is the RDN naming attribute for
the user class. The rest are not for you to touch. They are managed by the
DSA.
Joe K.
Post by Athrivarada
Hi,
I am using ldap and c++ to modify attributes on objects in the "User"
container in the AD. There are a few attributes that I am not able to modify
using the ldap_modify_s to modify the attributes. For some of the attributes
I know that they are not modifiable depending on the SYSTEMFLAGS attributes.
Here is the list of attributes that are not modifiable with SYSTEMFLAGS are
as follows.
CN - Server Error [000020B1: UpdErr: DSID-030F0A48, problem 6004
(CANT_ON_RDN), data 0]
000020B1: DSID-030F0C1A, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att
20001 (instanceType)
objectClass - Server Error [00002040: SvcErr: DSID-030F0AA0, problem 5003
(WILL_NOT_PERFORM), data 0]
name - Server Error [000020B1: UpdErr: DSID-030F0A48, problem 6004
(CANT_ON_RDN), data 0]
badPwdCount - Server Error [0000209A: SvcErr: DSID-031A0DD5, problem 5003
(WILL_NOT_PERFORM), data 0]
logonCount - Server Error [0000209A: SvcErr: DSID-031A0DD5, problem 5003
(WILL_NOT_PERFORM), data 0]
sAMAccountType - Server Error [0000209A: SvcErr: DSID-031A0DD5, problem 5003
(WILL_NOT_PERFORM), data 0]
objectCategory - Server Error [00002077: SvcErr: DSID-030F0A7B, problem 5003
(WILL_NOT_PERFORM), data 0]
Any help on this will be greatly appreciated.
-Sandeep
Joe Richards [MVP]
2006-02-04 20:26:10 UTC
Permalink
As JoeK said, you are trying to change things you aren't allowed to change.

CN is *usually* the RDN of an object so you change that with an object rename,
not a mod. The name attribute is an alias of the RDN so the same goes for that.

Not sure why you would want to touch the instanceType attribute but that is
entirely owned by the DSA.

The objectclass attribute can be modified but only in very specific ways. You
can't for instance set an entirely new value, you can add/remove aux classes
from it or inetorgperson.

The objectcategory can't be touched, that is set at objectcreation and never
changes.

The other attributes are SAM owned attributes and again you can't touch them.

--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm
Post by Athrivarada
Hi,
I am using ldap and c++ to modify attributes on objects in the "User"
container in the AD. There are a few attributes that I am not able to modify
using the ldap_modify_s to modify the attributes. For some of the attributes
I know that they are not modifiable depending on the SYSTEMFLAGS attributes.
Here is the list of attributes that are not modifiable with SYSTEMFLAGS are
as follows.
CN - Server Error [000020B1: UpdErr: DSID-030F0A48, problem 6004
(CANT_ON_RDN), data 0]
000020B1: DSID-030F0C1A, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att
20001 (instanceType)
objectClass - Server Error [00002040: SvcErr: DSID-030F0AA0, problem 5003
(WILL_NOT_PERFORM), data 0]
name - Server Error [000020B1: UpdErr: DSID-030F0A48, problem 6004
(CANT_ON_RDN), data 0]
badPwdCount - Server Error [0000209A: SvcErr: DSID-031A0DD5, problem 5003
(WILL_NOT_PERFORM), data 0]
logonCount - Server Error [0000209A: SvcErr: DSID-031A0DD5, problem 5003
(WILL_NOT_PERFORM), data 0]
sAMAccountType - Server Error [0000209A: SvcErr: DSID-031A0DD5, problem 5003
(WILL_NOT_PERFORM), data 0]
objectCategory - Server Error [00002077: SvcErr: DSID-030F0A7B, problem 5003
(WILL_NOT_PERFORM), data 0]
Any help on this will be greatly appreciated.
-Sandeep
Athrivarada
2006-02-06 04:41:02 UTC
Permalink
Thank you very much. That was informational. That is why I want to set the
instanceType. So those attributes cannot be modified.
-Sandeep
Post by Joe Richards [MVP]
As JoeK said, you are trying to change things you aren't allowed to change.
CN is *usually* the RDN of an object so you change that with an object rename,
not a mod. The name attribute is an alias of the RDN so the same goes for that.
Not sure why you would want to touch the instanceType attribute but that is
entirely owned by the DSA.
The objectclass attribute can be modified but only in very specific ways. You
can't for instance set an entirely new value, you can add/remove aux classes
from it or inetorgperson.
The objectcategory can't be touched, that is set at objectcreation and never
changes.
The other attributes are SAM owned attributes and again you can't touch them.
--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net
---O'Reilly Active Directory Third Edition now available---
http://www.joeware.net/win/ad3e.htm
Post by Athrivarada
Hi,
I am using ldap and c++ to modify attributes on objects in the "User"
container in the AD. There are a few attributes that I am not able to modify
using the ldap_modify_s to modify the attributes. For some of the attributes
I know that they are not modifiable depending on the SYSTEMFLAGS attributes.
Here is the list of attributes that are not modifiable with SYSTEMFLAGS are
as follows.
CN - Server Error [000020B1: UpdErr: DSID-030F0A48, problem 6004
(CANT_ON_RDN), data 0]
000020B1: DSID-030F0C1A, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att
20001 (instanceType)
objectClass - Server Error [00002040: SvcErr: DSID-030F0AA0, problem 5003
(WILL_NOT_PERFORM), data 0]
name - Server Error [000020B1: UpdErr: DSID-030F0A48, problem 6004
(CANT_ON_RDN), data 0]
badPwdCount - Server Error [0000209A: SvcErr: DSID-031A0DD5, problem 5003
(WILL_NOT_PERFORM), data 0]
logonCount - Server Error [0000209A: SvcErr: DSID-031A0DD5, problem 5003
(WILL_NOT_PERFORM), data 0]
sAMAccountType - Server Error [0000209A: SvcErr: DSID-031A0DD5, problem 5003
(WILL_NOT_PERFORM), data 0]
objectCategory - Server Error [00002077: SvcErr: DSID-030F0A7B, problem 5003
(WILL_NOT_PERFORM), data 0]
Any help on this will be greatly appreciated.
-Sandeep
Joe Richards [MVP]
2006-02-10 06:51:11 UTC
Permalink
Oh you probably mean the read only flag? That is only set on GC partitions.

--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm
Post by Athrivarada
Thank you very much. That was informational. That is why I want to set the
instanceType. So those attributes cannot be modified.
-Sandeep
Post by Joe Richards [MVP]
As JoeK said, you are trying to change things you aren't allowed to change.
CN is *usually* the RDN of an object so you change that with an object rename,
not a mod. The name attribute is an alias of the RDN so the same goes for that.
Not sure why you would want to touch the instanceType attribute but that is
entirely owned by the DSA.
The objectclass attribute can be modified but only in very specific ways. You
can't for instance set an entirely new value, you can add/remove aux classes
from it or inetorgperson.
The objectcategory can't be touched, that is set at objectcreation and never
changes.
The other attributes are SAM owned attributes and again you can't touch them.
--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net
---O'Reilly Active Directory Third Edition now available---
http://www.joeware.net/win/ad3e.htm
Post by Athrivarada
Hi,
I am using ldap and c++ to modify attributes on objects in the "User"
container in the AD. There are a few attributes that I am not able to modify
using the ldap_modify_s to modify the attributes. For some of the attributes
I know that they are not modifiable depending on the SYSTEMFLAGS attributes.
Here is the list of attributes that are not modifiable with SYSTEMFLAGS are
as follows.
CN - Server Error [000020B1: UpdErr: DSID-030F0A48, problem 6004
(CANT_ON_RDN), data 0]
000020B1: DSID-030F0C1A, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att
20001 (instanceType)
objectClass - Server Error [00002040: SvcErr: DSID-030F0AA0, problem 5003
(WILL_NOT_PERFORM), data 0]
name - Server Error [000020B1: UpdErr: DSID-030F0A48, problem 6004
(CANT_ON_RDN), data 0]
badPwdCount - Server Error [0000209A: SvcErr: DSID-031A0DD5, problem 5003
(WILL_NOT_PERFORM), data 0]
logonCount - Server Error [0000209A: SvcErr: DSID-031A0DD5, problem 5003
(WILL_NOT_PERFORM), data 0]
sAMAccountType - Server Error [0000209A: SvcErr: DSID-031A0DD5, problem 5003
(WILL_NOT_PERFORM), data 0]
objectCategory - Server Error [00002077: SvcErr: DSID-030F0A7B, problem 5003
(WILL_NOT_PERFORM), data 0]
Any help on this will be greatly appreciated.
-Sandeep
Continue reading on narkive:
Loading...