Active Directory Services Interface Error Codes in Windows 2000

ID: Q232282

The information in this article applies to:
  • Microsoft Active Directory Service Interfaces, versions 1.0, 2.0, 2.5

SUMMARY

Active Directory Services Interface (ADSI) supports the following categories of error codes: ADSI error codes, COM general error codes, and Win32 error codes for the Lightweight Directory Access Protocol (LDAP) provider. All ADSI error codes are returned as COM HRESULT values and can be grouped into these three categories.

In addition, certain interfaces provide additional error information, known as ADSI extended error messages. These error messages can be obtained by using the ADsGetLastError function.


MORE INFORMATION

ADSI Error Codes

This type of error code may be returned by any of the ADSI system providers to represent ADSI-specific error messages. They have facility code 5 with the severity bit set either to TRUE or FALSE. Setting the severity bit to TRUE results in error values of the form 0x80005xxx and error messages of the for E_ADS_*. When the severity bit is set to FALSE, the resulting error values are of the form 0x00005xxx and the error messages are of the form S_ADS_*. 

Code         Symbol                        Description
------------------------------------------------------
0x80005000L  E_ADS_BAD_PATHNAME            An invalid ADSI path name was passed. 
0x80005001L  E_ADS_INVALID_DOMAIN_OBJECT   An unknown ADSI domain object was requested. 
0x80005002L  E_ADS_INVALID_USER_OBJECT     An unknown ADSI user object was requested. 
0x80005003L  E_ADS_INVALID_COMPUTER_OBJECT An unknown ADSI computer object was requested. 
0x80005004L  E_ADS_UNKNOWN_OBJECT          An unknown ADSI object was requested. 
0x80005005L  E_ADS_PROPERTY_NOT_SET        The specified ADSI property was not set. 
0x80005006L  E_ADS_PROPERTY_NOT_SUPPORTED  The specified ADSI property is not supported. 
0x80005007L  E_ADS_PROPERTY_INVALID        The specified ADSI property is invalid 
0x80005008L  E_ADS_BAD_PARAMETER           One or more input parameters are invalid. 
0x80005009L  E_ADS_OBJECT_UNBOUND          The specified ADSI object is not bound to a remote resource. 
0x8000500AL  E_ADS_PROPERTY_NOT_MODIFIED   The specified ADSI object has not been modified. 
0x8000500BL  E_ADS_PROPERTY_MODIFIED       The specified ADSI object has been modified. 
0x8000500CL  E_ADS_CANT_CONVERT_DATATYPE   The ADSI data type cannot be converted to/from a native DS data type. 
0x8000500DL  E_ADS_PROPERTY_NOT_FOUND      The ADSI property cannot be found in the cache. 
0x8000500EL  E_ADS_OBJECT_EXISTS           The ADSI object exists. 
0x8000500FL  E_ADS_SCHEMA_VIOLATION        The attempted action violates the directory service schema rules. 
0x80005010L  E_ADS_COLUMN_NOT_SET          The specified column in the ADSI was not set. 
0x00005011L  S_ADS_ERRORSOCCURRED          One or more errors occurred. 
0x00005012L  S_ADS_NOMORE_ROWS             The search operation has reached the last row. 
0x00005013L  S_ADS_NOMORE_COLUMNS          The search operation has reached the last column for the current row. 
0x80005014L  E_ADS_INVALID_FILTER          The specified search filter is invalid.

Generic COM Error Codes

Generic COM error codes express the operation status as produced by all COM modules. They are defined in the Winerror.h file.

The following table contains some examples of such error codes on any Win32 platform. 

Error Code     Hex Value     Description
----------------------------------------------------
E_UNEXPECTED   0x8000FFFF    Catastrophic failure
E_NOTIMPL      0x80004001    Not implemented
E_NOINTERFACE  0x80004002    Interface not supported
E_POINTER      0x80004003    Invalid Pointer
E_ABORT        0x80004004    Operation aborted
E_FAIL         0x80004005    Unspecified error

Win32 Error Codes for LDAP

The system-supplied LDAP provider maps the standard LDAP error codes into the following Win32 error codes. Standard Win32 error codes are also used to return ADSI error messages. In particular, the ADSI LDAP provider maps all the LDAP-defined error codes to Win32 error codes. The HRESULT values of the error codes are of the 0x8007XXXX format, where the last four hexadecimal digits (XXXX) correspond to the DWORD values of the appropriate Win32 error code. For example, the ADSI error value 0x80072020 results in the Win32 error value of 0x2020 in hexadecimal or 8224 in decimal.

The Win32 error codes are defined in the Winerror.h or Lmerr.h file. The error values are listed as decimal values in these files. To convert the HRESULT value of an ADSI error code to the corresponding Win32 error DWORD value:
  1. Convert the HRESULT value (hrErr) to a hexadecimal number from the decimal, if you are starting with a decimal value.


  2. Drop the 0x8007 part from hrErr to produce the remainder (dwErr).


  3. Convert dwErr back to a decimal number.


  4. Look dwErr up in the Winerror.h file, run the value against the NET HELPMSG XXXX command, or use the Errlook.exe tool from Microsoft Visual Studio.


  5. If the result is not found, subtract 2100 from dwErr and look up the result in the Lmerr.h file.



Win32 Error                         LDAP Error                          Code Description
----------------------------------------------------------------------------------------
NO_ERROR                            LDAP_SUCCESS                        Operation succeeded. 
ERROR_DS_OPERATIONS_ERROR           LDAP_OPERATIONS_ERROR               Operations error occurred. 
ERROR_DS_PROTOCOL_ERROR             LDAP_PROTOCOL_ERROR                 Protocol error occurred. 
ERROR_DS_TIMELIMIT_EXCEEDED         LDAP_TIMELIMIT_EXCEEDED             Time limit has exceeded 
ERROR_DS_SIZELIMIT_EXCEEDED         LDAP_SIZELIMIT_EXCEEDED             Size limit has exceeded 
ERROR_DS_COMPARE_FALSE              LDAP_COMPARE_FALSE                  Compare yielded FALSE. 
ERROR_DS_COMPARE_TRUE               LDAP_COMPARE_TRUE                   Compare yielded TRUE. 
ERROR_DS_AUTH_METHOD_NOT_SUPPORTED  LDAP_AUTH_METHOD_NOT_SUPPORTED      The authentication method is not supported. 
ERROR_DS_STRONG_AUTH_REQUIRED       LDAP_STRONG_AUTH_REQUIRED           Strong authentication is required. 
ERROR_MORE_DATA                     LDAP_PARTIAL_RESULTS                Partial results and referrals received. 
ERROR_DS_REFERRAL                   LDAP_REFERRAL                       Referral  
ERROR_DS_ADMIN_LIMIT_EXCEEDED       LDAP_ADMIN_LIMIT_EXCEEDED           Administration limit on the server has exceeded. 
ERROR_DS_UNAVAILABLE_CRIT_EXTENSION LDAP_UNAVAILABLE_CRIT_EXTENSION     Critical extension is unavailable. 
ERROR_DS_CONFIDENTIALITY_REQUIRED   LDAP_CONFIDENTIALITY_REQUIRED       Confidentiality is required. 
ERROR_DS_NO_ATTRIBUTE_OR_VALUE      LDAP_NO_SUCH_ATTRIBUTE              Requested attribute does not exist. 
ERROR_DS_ATTRIBUTE_TYPE_UNDEFINED   LDAP_UNDEFINED_TYPE                 Type is not defined. 
ERROR_DS_INAPPROPRIATE_MATCHING     LDAP_INAPPROPRIATE_MATCHING         There was an inappropriate matching. 
ERROR_DS_CONSTRAINT_VIOLATION       LDAP_CONSTRAINT_VIOLATION           There was a constrain violation. 
ERROR_DS_ATTRIBUTE_OR_VALUE_EXISTS  LDAP_ATTRIBUTE_OR_VALUE_EXISTS      The attribute exists or the value has been assigned. 
ERROR_DS_INVALID_ATTRIBUTE_SYNTAX   LDAP_INVALID_SYNTAX                 The syntax is invalid. 
ERROR_DS_NO_SUCH_OBJECT             LDAP_NO_SUCH_OBJECT                 Object does not exist. 
ERROR_DS_ALIAS_PROBLEM              LDAP_ALIAS_PROBLEM                  The alias is invalid.  
ERROR_DS_INVALID_DN_SYNTAX          LDAP_INVALID_DN_SYNTAX              The distinguished name has an invalid syntax. 
ERROR_DS_IS_LEAF                    LDAP_IS_LEAF                        The object is a leaf. 
ERROR_DS_ALIAS_DEREF_PROBLEM        LDAP_ALIAS_DEREF_PROBLEM            Can not dereference the alias. 
ERROR_DS_INAPPROPRIATE_AUTH         LDAP_INAPPROPRIATE_AUTH             Authentication is inappropriate. 
ERROR_LOGON_FAILURE                 LDAP_INVALID_CREDENTIALS            The supplied credential is invalid. 
ERROR_ACCESS_DENIED                 LDAP_INSUFFICIENT_RIGHTS            The user has insufficient access right. 
ERROR_DS_BUSY                       LDAP_BUSY                           The server is busy. 
ERROR_DS_UNAVAILABLE                LDAP_UNAVAILABLE                    The server is not available. 
ERROR_DS_UNWILLING_TO_PERFORM       LDAP_UNWILLING_TO_PERFORM           The server is unwilling to perform. 
ERROR_DS_LOOP_DETECT                LDAP_LOOP_DETECT                    Loop was detected. 
ERROR_DS_NAMING_VIOLATION           LDAP_NAMING_VIOLATION               There was a naming violation. 
ERROR_DS_OBJ_CLASS_VIOLATION        LDAP_OBJECT_CLASS_VIOLATION         There was an object class violation. 
ERROR_DS_CANT_ON_NON_LEAF           LDAP_NOT_ALLOWED_ON_NONLEAF         Operation is not allowed on a non leaf object. 
ERROR_DS_CANT_ON_RDN                LDAP_NOT_ALLOWED_ON_RDN             Operation is not allowed on RDN. 
ERROR_OBJECT_ALREADY_EXISTS         LDAP_ALREADY_EXISTS                 The object already exists. 
ERROR_DS_CANT_MOD_OBJ_CLASS         LDAP_NO_OBJECT_CLASS_MODS           Cannot modify object class. 
ERROR_DS_OBJECT_RESULTS_TOO_LARGE   LDAP_RESULTS_TOO_LARGE              Results returned are too large. 
ERROR_DS_AFFECTS_MULTIPLE_DSAS      LDAP_AFFECTS_MULTIPLE_DSAS          Multiple directory service agents are affected. 
ERROR_GEN_FAILURE                   LDAP_OTHER                          Unknown error occurred. 
ERROR_DS_SERVER_DOWN                LDAP_SERVER_DOWN                    Cannot contact the LDAP server. 
ERROR_DS_LOCAL_ERROR                LDAP_LOCAL_ERROR                    Local error occurred. 
ERROR_DS_ENCODING_ERROR             LDAP_ENCODING_ERROR                 Encoding error occurred. 
ERROR_DS_DECODING_ERROR             LDAP_DECODING_ERROR                 Decoding error occurred. 
ERROR_TIMEOUT                       LDAP_TIMEOUT                        The search was timed out. 
ERROR_DS_AUTH_UNKNOWN               LDAP_AUTH_UNKNOWN                   Unknown authentication error occurred. 
ERROR_DS_FILTER_UNKNOWN             LDAP_FILTER_ERROR                   The search filter is bad. 
ERROR_CANCELLED                     LDAP_USER_CANCELLED                 The user has canceled the operation. 
ERROR_DS_PARAM_ERROR                LDAP_PARAM_ERROR                    A bad parameter was passed to a routine. 
ERROR_NOT_ENOUGH_MEMORY             LDAP_NO_MEMORY                      The system is out of memory. 
ERROR_CONNECTION_REFUSED            LDAP_CONNECT_ERROR                  Cannot establish the connection. 
ERROR_DS_NOT_SUPPORTED              LDAP_NOT_SUPPORTED                  The feature is not supported. 
ERROR_DS_NO_RESULTS_RETURNED        LDAP_NO_RESULTS_RETURNED            Results are not returned. 
ERROR_DS_CONTROL_NOT_FOUND          LDAP_CONTROL_NOT_FOUND              The control was not found. 
ERROR_MORE_DATA                     LDAP_MORE_RESULTS_TO_RETURN         More results are to be returned. 
ERROR_DS_CLIENT_LOOP                LDAP_CLIENT_LOOP                    Client loop was detected. 
ERROR_DS_REFERRAL_LIMIT_EXCEEDED    LDAP_REFERRAL_LIMIT_EXCEEDED        The referral limit has exceeded.

ADSI Extended Error Messages

Apart from the HRESULT values, several ADSI system providers (mostly LDAP, but also NDS and NWCOMPAT) return additional error information for all operations performed by the following interfaces:
  • IADs
  • IADsContainer
  • IDirectoryObject
  • IDirectorySearch
A part of such extended error information is the string sent by the server as part of the message result.

You call ADsGetLastError to retrieve such extended error messages. The first parameter of this function (lpError) is a DWORD value. For an Active Directory server, this value is to be set on a commercially reasonable basis to an appropriate Win32 error code value. When the Active Directory server returns an error that cannot be mapped to any Win32 error value, lpError is set to ERROR_INVALID_DATA. Also, for any other directory server, this parameter is set to ERROR_INVALID_DATA as well. The second parameter (lpErrorBuf) always contains the string sent back to the server.

Additional query words:

Keywords : kbADSI
Version : winnt:1.0,2.0,2.5
Platform : winnt
Issue type : kbinfo


Last Reviewed: December 30, 1999
© 2000 Microsoft Corporation. All rights reserved. Terms of Use.