PMADMIN Adds ACEs to Existing ACLs During Broker Connection to LDAP Server

ID: Q243816

The information in this article applies to:
  • Microsoft Site Server version 3.0

SYMPTOMS

When you use the Pmadmin.vbs script to connect an Active User Object (AUO) instance to an existing LDAP instance, duplicate Access Control Entries (ACEs) may be added to the object's Access Control Lists (ACLs).

ACEs should only be added during the creation of the LDAP database; subsequently connecting a broker to an existing LDAP instance should NOT add additional ACEs.

NOTE: AUO instance is also referred to as broker. This problem only occurs when the Pmadmin.vbs script is used to connect a broker to an LDAP instance, and not when this task is accomplished through the MMC.


RESOLUTION

To resolve this problem, obtain the latest service pack for Site Server 3.0. For additional information, please see the following article in the Microsoft Knowledge Base:

Q219292 How to Obtain the Latest Site Server 3.0 Service Pack


WORKAROUND

To work around this problem, use the MMC instead of the Pmadmin.vbs script to connect a broker to an existing LDAP instance.


STATUS

Microsoft has confirmed this to be a problem in Microsoft Site Server version 3.0.

Additional query words: ss3 iis 4.0 Pmadmin.vbs Pmadmin security hack

Keywords : ss3sp3fix
Version : winnt:3.0
Platform : winnt
Issue type : kbbug


Last Reviewed: December 3, 1999
© 2000 Microsoft Corporation. All rights reserved. Terms of Use.