Re: Scripted LDAP Searches
- From: "Darren Mar-Elia" <dmanonymous@xxxxxxxxxxxxx>
- Date: Wed, 17 Jan 2007 17:22:32 -0800
On #2, you might also want to consider using the GPMC COM objects instead of trying to manage the linking manually. It has a facility for searching for the GPO, and then linking it to a container, and even setting it to the highest priority in the list. That may be easier than trying to manually manage that.
Darren
--
Darren Mar-Elia
MS-MVP-Windows Server--Group Policy
http://www.gpoguy.com -- The Windows Group Policy Information Hub:
FAQs, Training Videos, Whitepapers and Utilities for all things Group
Policy-related
Speed Group Policy Troubleshooting with the NEW GPHealth Reporter tool at http://www.sdmsoftware.com/products.php
"Joe Richards [MVP]" <humorexpress@xxxxxxxxxxx> wrote in message news:u7Rju1pOHHA.3268@xxxxxxxxxxxxxxxxxxxxxxx
1a. Return set order of objects is not guaranteed unless you have submitted a sort control (and it was accepted) for a given attribute.
1b. Return set order of the attributes of an object is never guaranteed.
1c. Return set order of the values of a multivalued attribute is never guaranteed.
2. The fact that a GPO exists in sysvol has no bearing on being able to link it when it comes to implementation details. The gplink attribute is a simple unicode string and you can put any old crap you want in it, it isn't validated. Your issue sounds like it is in finding the OU and I expect something isn't working as you think it is. Seeing the code may assist with this. Getting a network trace and looking at it will probably tell you immediately what the issue is. My expectation is that some form of referral or something else is occurring that you don't know about.
--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net
---O'Reilly Active Directory Third Edition now available---
http://www.joeware.net/win/ad3e.htm
Keith wrote:We have created a C# web application that creates an OU and sub-OUs per our standard structure, creates infrastructure groups for that OU, applies permissions to OU structure, and links GPOs that apply for that given domain\site...
We are seeing two things that i have questions about:
1) We search (LDAP) and add a domain level administrative group to a OU level group to give it rights to that OUs structure and objects. When running the application from our test server, and talking to the same domain controller in production (hard coded), the array order that is returned is different when running the application from production server. Why?
2) We search (LDAP) and link an existing GPO to one of our sub-OUs. When running the application from our test server, and talking to the same domain controller in production (hard coded), it finds the GPO and links successfully. When running the application from our production server it cannot find the GPO and function fails. They are talking to the same domain controller and we have confirmed that the GPO exists in SYSVOL on all the domain controllers (which should not matter since we hard coded the particular domain controller that we want to talk with)...thoughts???
.
- References:
- Re: Scripted LDAP Searches
- From: Joe Richards [MVP]
- Re: Scripted LDAP Searches
- Prev by Date: Re: ADAM Proxy Bind re-direction - In reverse
- Next by Date: Re: Need Expert Opinions - VMware & Active Directory
- Previous by thread: Re: Scripted LDAP Searches
- Next by thread: Urgent replication not seeming to work
- Index(es):
Relevant Pages
|
