[ActiveDir] ldap error during search. Paging related?
I'm running this query - C:\WinAdminToolsadfind -b dc=mydomain,dc=com -f ((objectcategory=computer)(whencreated=2005111200.0z)) I get this error- ldap_get_next_page_s: [myDC.mydomain.com] Error 0x35 (53) - Unwilling To Perform Is this related to paging? Am i going over the 1000 object limit or am i screwing up the query? Thanks
RE: [ActiveDir] ldap error during search. Paging related?
Try it with a capital "Z" adfind -b dc=mydomain,dc=com -f "((objectcategory=computer)(whencreated=2005111200.0Z))" From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom KernSent: Friday, February 10, 2006 1:53 PMTo: activedirectorySubject: [ActiveDir] ldap error during search. Paging related? I'm running this query - C:\WinAdminToolsadfind -b dc=mydomain,dc=com -f "((objectcategory=computer)(whencreated=2005111200.0z))" I get this error- ldap_get_next_page_s: [myDC.mydomain.com] Error 0x35 (53) - Unwilling To Perform Is this related to paging? Am i going over the 1000 object limit or am i screwing up the query? Thanks
RE: [ActiveDir] ldap error during search. Paging related?
Try this adfind -b dc=mydomain,dc=com -f "((objectcategory=computer)(whencreated=2005111200.0Z))" Note that generalized time isn't a standard string, it has a fixed format and the number of positions in the number and the TZ specifier are included in that fixed format. -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom KernSent: Friday, February 10, 2006 3:53 PMTo: activedirectorySubject: [ActiveDir] ldap error during search. Paging related? I'm running this query - C:\WinAdminToolsadfind -b dc=mydomain,dc=com -f "((objectcategory=computer)(whencreated=2005111200.0z))" I get this error- ldap_get_next_page_s: [myDC.mydomain.com] Error 0x35 (53) - Unwilling To Perform Is this related to paging? Am i going over the 1000 object limit or am i screwing up the query? Thanks
Re: [ActiveDir] ldap error during search. Paging related?
Aha!! That worked. Thanks a lot. Sorry to waste your time. Thats was really stooopid on my part. Thanks again On 2/10/06, Coleman, Hunter [EMAIL PROTECTED] wrote: Try it with a capital Z adfind -b dc=mydomain,dc=com -f ((objectcategory=computer)(whencreated=2005111200.0Z)) From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Tom KernSent: Friday, February 10, 2006 1:53 PMTo: activedirectorySubject: [ActiveDir] ldap error during search. Paging related? I'm running this query - C:\WinAdminToolsadfind -b dc=mydomain,dc=com -f ((objectcategory=computer)(whencreated=2005111200.0z)) I get this error- ldap_get_next_page_s: [myDC.mydomain.com] Error 0x35 (53) - Unwilling To Perform Is this related to paging? Am i going over the 1000 object limit or am i screwing up the query? Thanks
[ActiveDir] LDAP Error
Okay you guys. On one of my DC I keep getting an LDAP error when I run netdiag /test:LDAP. I get the error "[FATAL] Cannot do negotiate authenticated ldap_bin to 'dc.domain.edu': Invalid Credentials" The domain account and password was recently changed. In the System Log: Event Type: Warning Event Source: Kerberos Event Category: None Event ID: 14 Date: 2/7/2006 Time: 11:50:58 AM User: N/A Computer: DC Description: There were password errors using the Credential Manager. To remedy, launch the Stored User Names and Passwords control panel applet, and reenter the password for the credential domain\adminaccount. (adminaccount is old admin) __ Where is the "Stored User Names and Passwords" applet? -Z.V. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] LDAP Error
Found it... Problem solved.. Za Vue wrote: Okay you guys. On one of my DC I keep getting an LDAP error when I run netdiag /test:LDAP. I get the error "[FATAL] Cannot do negotiate authenticated ldap_bin to 'dc.domain.edu': Invalid Credentials" The domain account and password was recently changed. In the System Log: Event Type: Warning Event Source: Kerberos Event Category: None Event ID: 14 Date: 2/7/2006 Time: 11:50:58 AM User: N/A Computer: DC Description: There were password errors using the Credential Manager. To remedy, launch the Stored User Names and Passwords control panel applet, and reenter the password for the credential domain\adminaccount. (adminaccount is old admin) __ Where is the "Stored User Names and Passwords" applet? -Z.V. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] LDAP error - that's OK
Hello, I found the solution of my pb. Endeed, in order to install PCNS with this command-line: Pcnscfg.exe addtarget /n:crimiis /a:crimiis.mydomain.fr /s:ENTSSO/crimiis.mydomain.fr /fi:Utilisa. du domaine /fe:Admins du domaine /f:3 /i:0 /d:false, the user must belong to domain admins, that what i did before succesfully. BUT, since one week, while deleting this object with Pcnscfg.exe DELETETARGET /N:mytargetserver due to pb with passord sync, and recreating with my previous command, I had this error : Error adding the target 0x800700EA - ERROR_MORE_DATA In fact with the Pcnscfg.exe addtarget, a sub-container (Password Change Notification Service) is created in System container in AD domain partition. In this subcontainer, the target object needed for passord sync is normally appeared after Pcnscfg.exe addtarget.. But, it was not my case :-( So I launch the command with the system account privilege (at /interactive command) in my DC in order to see if the target is created. And YEEESS!! So my pb is due more to a loss of privilege of my admin account rather than a ldap error protocol -- strange But, i don't know why before it functions well with my admin account, and now it does not function anymore BUT only with local system privilege. The only thing that could explain this, is a reinstall complete of all the DCs (due to hardware failure) that was performed 2 weeks ago So if someone could point me to some possible reasons why this loss happened, he would be nice ;-) Anyway, I hope that could help someone here ;-) Cheers, Yann -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de TIROA YANN Envoyé : jeudi 2 juin 2005 18:54 À : ActiveDir@mail.activedir.org Objet : RE: [ActiveDir] LDAP error Yes, thank you for your output. I will install the fix now. I will let U know if it's successfull. Cheers, Yann -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de Mark Parris Envoyé : jeudi 2 juin 2005 17:09 À : ActiveDir@mail.activedir.org Objet : Re: [ActiveDir] LDAP error Are you running the hotfixes as described in 842531 ? Mark -Original Message- From: TIROA YANN [EMAIL PROTECTED] Date: Thu, 2 Jun 2005 16:52:27 To:ActiveDir@mail.activedir.org Subject: [ActiveDir] LDAP error Hello everybody :-)) I don't know if it's the right place, but i think i could have good resolution for my pb in this discussion :-) We use MIIS 2003 (Microsoft Identity Integration Server 2003 ) in order to synchronize Active directory 2003 with openLdap. I install Password Change Notification Service (PCNS) in all my DCs. This is for synchronizing the user passords from AD to OpenLdap. EX: a user changes his password (by ctrl+Alt+Del) on his worsktation, the change password is then sent to a DC of the forest. A service (Password Change Notification Service) which is installed on every DCs receives the password and forward it to MIIS which is responsible to forward this to the same user in OpenLdap. The documentation is in attachement is here http://www.microsoft.com/downloads/details.aspx?FamilyId=15032653-D78E-4 D9D-9E48-6CF0AE0C369Cdisplaylang=en And the concerning document is named MIIS_2003_Password_Synchronization_Step_by_Step.doc. When I try to Install the Password Change Notification Service (PCNS) on one of my DC by : Pcnscfg.exe addtarget /n:crimiis /a:crimiis.mydomain.fr /s:ENTSSO/crimiis.mydomain.fr /fi:Utilisa. du domaine /fe:Admins du domaine /f:3 /i:0 /d:false Error adding the target 0x800700EA - ERROR_MORE_DATA ;-(( I think it is more a probleme with LDAP request to AD. After searching in the net i see this error in http://216.239.59.104/search?q=cache:sy69TW0wJIsJ:msdn.microsoft.com/lib rary/en-us/adsi/adsi/win32_error_codes_for_adsi_2_0.asp+0x800700EA+LDAP hl=fr ERROR_MORE_DATA = Partial results and referrals received that means that my DCs seems not to be able to forward request by client to other DC in other words, the referrals seems not working Any help will be greatly appreciated because we are near to put all in production next week :-( PS: i forward the same question to Yahoo! Groups MMSUG the MIIS discussion groups, and i wait for an answer, but if someone here could help me ..; :-) Thank U very much. Cheers, Yann List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive
[ActiveDir] LDAP error
Hello everybody :-)) I don't know if it's the right place, but i think i could have good resolution for my pb in this discussion :-) We use MIIS 2003 (Microsoft Identity Integration Server 2003 ) in order to synchronize Active directory 2003 with openLdap. I install Password Change Notification Service (PCNS) in all my DCs. This is for synchronizing the user passords from AD to OpenLdap. EX: a user changes his password (by ctrl+Alt+Del) on his worsktation, the change password is then sent to a DC of the forest. A service (Password Change Notification Service) which is installed on every DCs receives the password and forward it to MIIS which is responsible to forward this to the same user in OpenLdap. The documentation is in attachement is here http://www.microsoft.com/downloads/details.aspx?FamilyId=15032653-D78E-4 D9D-9E48-6CF0AE0C369Cdisplaylang=en And the concerning document is named MIIS_2003_Password_Synchronization_Step_by_Step.doc. When I try to Install the Password Change Notification Service (PCNS) on one of my DC by : Pcnscfg.exe addtarget /n:crimiis /a:crimiis.mydomain.fr /s:ENTSSO/crimiis.mydomain.fr /fi:Utilisa. du domaine /fe:Admins du domaine /f:3 /i:0 /d:false Error adding the target 0x800700EA - ERROR_MORE_DATA ;-(( I think it is more a probleme with LDAP request to AD. After searching in the net i see this error in http://216.239.59.104/search?q=cache:sy69TW0wJIsJ:msdn.microsoft.com/lib rary/en-us/adsi/adsi/win32_error_codes_for_adsi_2_0.asp+0x800700EA+LDAP hl=fr ERROR_MORE_DATA = Partial results and referrals received that means that my DCs seems not to be able to forward request by client to other DC in other words, the referrals seems not working Any help will be greatly appreciated because we are near to put all in production next week :-( PS: i forward the same question to Yahoo! Groups MMSUG the MIIS discussion groups, and i wait for an answer, but if someone here could help me ..; :-) Thank U very much. Cheers, Yann List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] LDAP error
Are you running the hotfixes as described in 842531 ? Mark -Original Message- From: TIROA YANN [EMAIL PROTECTED] Date: Thu, 2 Jun 2005 16:52:27 To:ActiveDir@mail.activedir.org Subject: [ActiveDir] LDAP error Hello everybody :-)) I don't know if it's the right place, but i think i could have good resolution for my pb in this discussion :-) We use MIIS 2003 (Microsoft Identity Integration Server 2003 ) in order to synchronize Active directory 2003 with openLdap. I install Password Change Notification Service (PCNS) in all my DCs. This is for synchronizing the user passords from AD to OpenLdap. EX: a user changes his password (by ctrl+Alt+Del) on his worsktation, the change password is then sent to a DC of the forest. A service (Password Change Notification Service) which is installed on every DCs receives the password and forward it to MIIS which is responsible to forward this to the same user in OpenLdap. The documentation is in attachement is here http://www.microsoft.com/downloads/details.aspx?FamilyId=15032653-D78E-4 D9D-9E48-6CF0AE0C369Cdisplaylang=en And the concerning document is named MIIS_2003_Password_Synchronization_Step_by_Step.doc. When I try to Install the Password Change Notification Service (PCNS) on one of my DC by : Pcnscfg.exe addtarget /n:crimiis /a:crimiis.mydomain.fr /s:ENTSSO/crimiis.mydomain.fr /fi:Utilisa. du domaine /fe:Admins du domaine /f:3 /i:0 /d:false Error adding the target 0x800700EA - ERROR_MORE_DATA ;-(( I think it is more a probleme with LDAP request to AD. After searching in the net i see this error in http://216.239.59.104/search?q=cache:sy69TW0wJIsJ:msdn.microsoft.com/lib rary/en-us/adsi/adsi/win32_error_codes_for_adsi_2_0.asp+0x800700EA+LDAP hl=fr ERROR_MORE_DATA = Partial results and referrals received that means that my DCs seems not to be able to forward request by client to other DC in other words, the referrals seems not working Any help will be greatly appreciated because we are near to put all in production next week :-( PS: i forward the same question to Yahoo! Groups MMSUG the MIIS discussion groups, and i wait for an answer, but if someone here could help me ..; :-) Thank U very much. Cheers, Yann List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] LDAP error
Yes, thank you for your output. I will install the fix now. I will let U know if it's successfull. Cheers, Yann -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de Mark Parris Envoyé : jeudi 2 juin 2005 17:09 À : ActiveDir@mail.activedir.org Objet : Re: [ActiveDir] LDAP error Are you running the hotfixes as described in 842531 ? Mark -Original Message- From: TIROA YANN [EMAIL PROTECTED] Date: Thu, 2 Jun 2005 16:52:27 To:ActiveDir@mail.activedir.org Subject: [ActiveDir] LDAP error Hello everybody :-)) I don't know if it's the right place, but i think i could have good resolution for my pb in this discussion :-) We use MIIS 2003 (Microsoft Identity Integration Server 2003 ) in order to synchronize Active directory 2003 with openLdap. I install Password Change Notification Service (PCNS) in all my DCs. This is for synchronizing the user passords from AD to OpenLdap. EX: a user changes his password (by ctrl+Alt+Del) on his worsktation, the change password is then sent to a DC of the forest. A service (Password Change Notification Service) which is installed on every DCs receives the password and forward it to MIIS which is responsible to forward this to the same user in OpenLdap. The documentation is in attachement is here http://www.microsoft.com/downloads/details.aspx?FamilyId=15032653-D78E-4 D9D-9E48-6CF0AE0C369Cdisplaylang=en And the concerning document is named MIIS_2003_Password_Synchronization_Step_by_Step.doc. When I try to Install the Password Change Notification Service (PCNS) on one of my DC by : Pcnscfg.exe addtarget /n:crimiis /a:crimiis.mydomain.fr /s:ENTSSO/crimiis.mydomain.fr /fi:Utilisa. du domaine /fe:Admins du domaine /f:3 /i:0 /d:false Error adding the target 0x800700EA - ERROR_MORE_DATA ;-(( I think it is more a probleme with LDAP request to AD. After searching in the net i see this error in http://216.239.59.104/search?q=cache:sy69TW0wJIsJ:msdn.microsoft.com/lib rary/en-us/adsi/adsi/win32_error_codes_for_adsi_2_0.asp+0x800700EA+LDAP hl=fr ERROR_MORE_DATA = Partial results and referrals received that means that my DCs seems not to be able to forward request by client to other DC in other words, the referrals seems not working Any help will be greatly appreciated because we are near to put all in production next week :-( PS: i forward the same question to Yahoo! Groups MMSUG the MIIS discussion groups, and i wait for an answer, but if someone here could help me ..; :-) Thank U very much. Cheers, Yann List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/