It is in the create code. The OS that it must assign SIDs to users, computers, etc. It may be hardcoded to the existence of that attribute as a mandatory attribute for the class or it could just be for certain fixed clases. I have never tested it by creating another class with objectSID as a required attribute.
The Security Descriptor item is for all creates. Any objct that doesn't have a security descriptor specified in the ldap_add will automatically have the defaultSD inserted from the schema for the appropriate class. joe -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Francis Ouellet Sent: Friday, August 05, 2005 10:43 AM To: [email protected] Subject: RE: [ActiveDir] Server_Info='00000523: SysErr: DSID-031A0FB2, problem 22 (Invalid argument), data 0. Thanks for the FYI joe, much appreciated. What is the process that slaps on the defaultsid and ntsecuritydescriptor? Is this a validation that AD does when an object is created since it can't rely on the schema? Thanks, Francis -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: August 4, 2005 7:30 PM To: [email protected] Subject: RE: [ActiveDir] Server_Info='00000523: SysErr: DSID-031A0FB2, problem 22 (Invalid argument), data 0. FYI If nTSecurityDescriptor isn't specified, the system will insert the defaultSD from the schema for the objectclass. objectSid can't be specified, the system will set it to what it wants to set it to. The issue is definitely with the sAMAccountName attribute. I admit the first two can be a bit confusing. Even though the schema says something is mandatory, AD may not actually require you to specify it. This makes the schema less than a perfect source of info for AD for determining what you need for new objects as well as what you can and can't do. Other examples are length of sAMAccountName and the fact that even though the schema says description is multivalued, it actually is single values on certain SAM objects. There are other examples. It means your programs have to have special hard coded routines for certain pieces or you have to maintain in your head certain special rules for special things. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Francis Ouellet Sent: Thursday, August 04, 2005 12:55 PM To: [email protected] Subject: RE: [ActiveDir] Server_Info='00000523: SysErr: DSID-031A0FB2, problem 22 (Invalid argument), data 0. I'm not a pro but could it be related to mandatory attributes missing? I'm thinking maybe "nTSecurityDescriptor" and "objectSid". Although I could be way off if AD actually populates those attributes when the object is created ;) Just thinking out loud here.... -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mayuresh Kshirsagar Sent: August 4, 2005 1:41 PM To: [email protected] Subject: [ActiveDir] Server_Info='00000523: SysErr: DSID-031A0FB2, problem 22 (Invalid argument), data 0. Hi All, I am using a meta directory to push mailbox users into active directory. I am stuck with the following: The adding of user entries to AD fails with the above error. The kind of entry that the meta directory is trying to add is as follows: ADD 'cn=ZZZGGG,OU=test,DC=gepurbsres01,DC=net' dn: cn=ZZZGGG,OU=test,DC=gepurbsres01,DC=net objectClass: person objectClass: organizationalPerson objectClass: user userAccountControl: 544 DisplayName: ZZZGGG, ANGUS cn: ZZZGGG, ANGUS givenName: ANGUS sn: ZZZGGG sAMAccountName: ZZZGGG, ANGUS-Test ADD Result Server_Info='00000523: SysErr: DSID-031A0FB2, problem 22 (Invalid argument), data 0.' Any clue as to how can I solve this problem? Thanks and Regards, Mayuresh. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
