Re: Oh.... I'm just wondering who's seen this stumper...
- From: "Joe Kaplan \(MVP - ADSI\)" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Sun, 30 Jul 2006 09:51:39 -0500
I think most of us who have been following this thread don't think the issue
is with the difference in the permissioning, but something in the code. It
just doesn't make sense that the permissions would cause the problem.
However, without a network trace that shows the actual LDAP operations being
performed and the error being returned, no one really wants to speculate any
further.
The fact that things seem to work as expected with other tools, but not with
his code seems to be a key datapoint though.
I'll just throw in that there is one other thing that might help when
checking your permissions. AD supports a constructed attribute called
allowedAttributesEffective that returns the list of attributes that the
currently bound user has rights to modify on the object in the search
result. I'm guessing this will tell you that you have delegated the
permissions exactly as you think you have, but it is always a nice sanity
check, as the AD permissioning model is so complex it is easy to get
unexpected results.
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Joe_SMS" <jw_nagy@xxxxxxxxxxx> wrote in message
news:1154268255.572453.227290@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
I guess i'm wondering if I can rest assured that this is pretty much
something stupid his code is doing and not anything really to do with
permissions. I've pretty much told the world (at work) this... I just
don't have the nails for his coffin. :) Like I said, I can use his
account to read/write to any attribute he is... I've used 10 different
tools with that account to remotely add/delete values...
admod
adsiedit
ldp
aduc
adm mmc
adm web
vbscript
hyena
simplesync
ldifde
He refuses to even consider its his code. Maybe the way he's
binding....binding to one user, modifying another ? I tried NOT
binding and again, its the operation error. So until I can get him to
turn it on tomorrow and get the trace... and DSID...
.
- Follow-Ups:
- Re: Oh.... I'm just wondering who's seen this stumper...
- From: Joe Richards [MVP]
- Re: Oh.... I'm just wondering who's seen this stumper...
- References:
- Oh.... I'm just wondering who's seen this stumper...
- From: Joe_SMS
- Re: Oh.... I'm just wondering who's seen this stumper...
- From: Joe Richards [MVP]
- Re: Oh.... I'm just wondering who's seen this stumper...
- From: Joe_SMS
- Re: Oh.... I'm just wondering who's seen this stumper...
- From: Joe Richards [MVP]
- Re: Oh.... I'm just wondering who's seen this stumper...
- From: Ace Fekay [MVP]
- Re: Oh.... I'm just wondering who's seen this stumper...
- From: Joe Richards [MVP]
- Re: Oh.... I'm just wondering who's seen this stumper...
- From: Joe_SMS
- Re: Oh.... I'm just wondering who's seen this stumper...
- From: Al Mulnick
- Re: Oh.... I'm just wondering who's seen this stumper...
- From: Joe_SMS
- Re: Oh.... I'm just wondering who's seen this stumper...
- From: Joe Richards [MVP]
- Re: Oh.... I'm just wondering who's seen this stumper...
- From: Joe_SMS
- Re: Oh.... I'm just wondering who's seen this stumper...
- From: Joe Richards [MVP]
- Re: Oh.... I'm just wondering who's seen this stumper...
- From: Joe_SMS
- Re: Oh.... I'm just wondering who's seen this stumper...
- From: Al Mulnick
- Re: Oh.... I'm just wondering who's seen this stumper...
- From: Joe_SMS
- Re: Oh.... I'm just wondering who's seen this stumper...
- From: Joe_SMS
- Oh.... I'm just wondering who's seen this stumper...
- Prev by Date: Re: Receiving access denied accessing 2000 domain controller
- Next by Date: Re: FRS in demoted DC
- Previous by thread: Re: Oh.... I'm just wondering who's seen this stumper...
- Next by thread: Re: Oh.... I'm just wondering who's seen this stumper...
- Index(es):
Relevant Pages
|
