PRB: Retrieving "ntSecurityDescriptor" Causes Error E_ADS_PROPERTY_NOT_FOUND

ID: Q233234

The information in this article applies to:

Microsoft Site Server version 3.0
Microsoft Active Directory Service Interfaces, version 2.5

SYMPTOMS

When retrieving the ntSecurityDescriptor of an object in the Membership Directory, you encounter the following error:

0x8000500D, E_ADS_PROPERTY_NOT_FOUND

CAUSE

Site Server 3.0 does not advertise the fact that it accepts the "ntSecurityDescriptor" control, so Active Directory Service Interfaces (ADSI) 2.5 does not send it and, thus, the property cache will not contain the "ntSecurityDescriptor" by default. ADSI 2.5 was changed to avoid two roundtrips each time for servers that don't support this control. In ADSI 2.0 this works because this version of the program always sends the control, and if the server generates an error, the program sends the request again without the control.

RESOLUTION

You must first explicitly load the "ntSecurityDescriptor" attribute into the property cache using the IADs::GetInfoEx() method before requesting it. For example:


Dim adsObject
Dim objSecurityDesc

'Bind to the object in the directory
Set adsObject = GetObject("LDAP://myserver:1003/o=Microsoft/ou=Members")

'Load the ntSecurityDescriptor into the property cache
Call adsObject.GetInfoEx(Array("ntSecurityDescriptor"), 0)

'Now you can retrieve the ntSecurityDescriptor
Set objSecurityDesc = adsObject.Get("ntSecurityDescriptor")

Note that if your directory is secured, you must bind to the object using IADsOpenObject::OpenDSObject() (to perform an authenticated bind) rather than using GetObject().

STATUS

This behavior is by design.

REFERENCES

For additional information, click the article number below to view the article in the Microsoft Knowledge Base:

Q224924 MDM Does Not Display Object ACEs after Install of ADSI 2.5

Additional query words: 8000500D

Keywords : kbADSI prodsitesrv3
Version : winnt:2.5,3.0
Platform : winnt
Issue type : kbprb