[ActiveDir] LDAP and Win2003 Question

[Elena Mananova \(DSL AK\)]

Hi   In the current system we used to have business layer (accessing user details in LDAP) and LDAP running on two servers, both of which were Windows 2000. Recently we have migrated business layer server to Windows 2003 machine. Now we have problem. We can’t access data of some of the users.   The business layer code retrieving user details is written in VB and as follows:   Dim oDS As IADs     Dim sDN As String     dim moUsers As IADsContainer         sDN = "LDAP://ldapserver:389/ou=users,o=abc,c=nz"         Set oDS = GetObject("LDAP:")     Set moUsers = oDS.OpenDSObject(sDN, "cn=admin,o=abc,c=nz", "Password", 0)         Set oDS = Nothing         Dim oPList As IADsPropertyList     Dim oUser As User         Set oPList = moUsers.GetObject("inetOrgPerson", "cn=myUserName")     If oPList Is Nothing Then         RaiseError     Else         Set oUser = New User         oUser.Initialise oPList                 Set GetUser = oUser         Set oUser = Nothing     End If   When viewing user details in LDAP (we are using JXplorer tool) there is a minor difference between the way the users’ data is displayed for those users that we can retrieve details for and those that we can’t. Besides the standard object classes (top, person, organizationalPerson and inetOrgPerson) we also have custom classes. These are abcOrgPerson, abcOrgPerson2 and nxAccountInfo. The users that we can retrieve data for have these classes displayed in the following order: nxAccountInfo abcOrgPerson2 abcOrgPerson inetOrgPerson top person organizationalPerson For the “non-working” users this order is: inetOrgPerson nxAccountInfo abcOrgPerson2 abcOrgPerson top person organizationalPerson   I have tried to manually change the class order but it did work. I am not quite sure why the order is different. The line of code that fails is     Set oPList = moUsers.GetObject("inetOrgPerson", "cn=myUserName") If I change “inetOrgPerson” parameter to “abcOrgPerson2” then the “non-working” users’ details can be retrieved but not the “working” users’ details. So it seems that the class order matters for Windows 2003 (LDAP is still sitting on Wind2000 machine however). This same scenario runs without problems from the Win2000 business layer machine.   If anyone can share any advice or ideas it will be highly appreciated. I have not had much experience with Active Directories and it’s a mystery for me.   Thanks