Re: Scripted LDAP Searches
- From: "Joe Richards [MVP]" <humorexpress@xxxxxxxxxxx>
- Date: Wed, 17 Jan 2007 20:10:29 -0500
1a. Return set order of objects is not guaranteed unless you have submitted a sort control (and it was accepted) for a given attribute.
1b. Return set order of the attributes of an object is never guaranteed.
1c. Return set order of the values of a multivalued attribute is never guaranteed.
2. The fact that a GPO exists in sysvol has no bearing on being able to link it when it comes to implementation details. The gplink attribute is a simple unicode string and you can put any old crap you want in it, it isn't validated. Your issue sounds like it is in finding the OU and I expect something isn't working as you think it is. Seeing the code may assist with this. Getting a network trace and looking at it will probably tell you immediately what the issue is. My expectation is that some form of referral or something else is occurring that you don't know about.
--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net
---O'Reilly Active Directory Third Edition now available---
http://www.joeware.net/win/ad3e.htm
Keith wrote:
We have created a C# web application that creates an OU and sub-OUs per our standard structure, creates infrastructure groups for that OU, applies permissions to OU structure, and links GPOs that apply for that given domain\site....
We are seeing two things that i have questions about:
1) We search (LDAP) and add a domain level administrative group to a OU level group to give it rights to that OUs structure and objects. When running the application from our test server, and talking to the same domain controller in production (hard coded), the array order that is returned is different when running the application from production server. Why?
2) We search (LDAP) and link an existing GPO to one of our sub-OUs. When running the application from our test server, and talking to the same domain controller in production (hard coded), it finds the GPO and links successfully. When running the application from our production server it cannot find the GPO and function fails. They are talking to the same domain controller and we have confirmed that the GPO exists in SYSVOL on all the domain controllers (which should not matter since we hard coded the particular domain controller that we want to talk with)...thoughts???
- Follow-Ups:
- Re: Scripted LDAP Searches
- From: Darren Mar-Elia
- Re: Scripted LDAP Searches
- Prev by Date: Re: Bit of advice on current AD structure.
- Next by Date: Re: Hardware for new DCs
- Previous by thread: Re: Scripted LDAP Searches
- Next by thread: Re: Scripted LDAP Searches
- Index(es):
Relevant Pages
|
