Solved

URGENT:  Weird Actice Directory Attribute Problem

Posted on 2004-04-18
10
162 Views
Last Modified: 2012-05-04
I am programmatically changing an active directory attribute which is a custom attribute.  This attribute is multivalued and has Syntax type "Distinguised Name".  This attribute is just a list of objects that are referenced somewhere else.  

Now, I have a server that is running on .NET and accessing the ActiveDirectory objects.  

when I run the server, delete and object from the Property, and then try add it back, I get an error that a constraint violation occurs when I try to commit the changes.

when I run the server, delete the object, then restart the server, then add it back, everything works fine.  

This method call is static, and there is no state in the method call that is different between starting and restrating the server.  Any idea what could be causing this?

0
Comment
Question by:jjacksn
  • 5
  • 3
  • 2
10 Comments
 
LVL 5

Author Comment

by:jjacksn
ID: 10854637
The only difference between calls is the ordering of the multi-valued attribute strings.  but I don't see why that should be causing a constraint violation.
0
 
LVL 5

Author Comment

by:jjacksn
ID: 10854645
And, it only happens when I try to add the exact same DN in with no restart.
0
 
LVL 51

Expert Comment

by:Netman66
ID: 10855434
I wonder if this is a replication thing.  Have you tried waiting at least 10 minutes before readding it?

0
 
LVL 5

Author Comment

by:jjacksn
ID: 10856575
hmmmm....
no.  But, this is an isolated DC in our dev environment.  Could this still be a replication issue?  I shall try waiting now...
0
 
LVL 5

Author Comment

by:jjacksn
ID: 10856941
Ok.  the constraint violation is occuring because the new active directory objects aren't registered somewhere yet, I'm guessing.  

This only seems to happen when the previous active directory object was deleted, so it must be cached somewhere...
0
Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 
LVL 16

Expert Comment

by:JamesDS
ID: 10857103
jjacksn
It is cached, AD holds much of itself in RAM, but only updates the disk copy on commit/flush. You could try waiting a while, but I have no idea how long the time to live is on the RAM copy.

Is this something you are likely to want to do a lot?

Cheers

JamesDS
0
 
LVL 51

Expert Comment

by:Netman66
ID: 10860554
Is it 90 minutes?  I know that's the default for policy updates, but I'm wondering if the RAM refresh is done too.

I can't imagine it taking that long for a critical change - maybe it's the default of 5 minutes for critical change.

Hmmm...this is more interesting than I expected.

0
 
LVL 16

Accepted Solution

by:
JamesDS earned 500 total points
ID: 10860863
Netman66
I've looked about but can't find anything that tells me for sure.

I'm starting to think there isn't an easy solution to this.

AD caches certain things at client side as well, so it might be worth restarting the server service (on the server) instead of a reboot of the server each time.

Can I suggest reposting to a specialist ADSI development resource like adsi@list.15seconds.com - at the risk of EE removing the link - we aren't ADSI gurus here and that might be a better bet.

Cheers

JamesDS
0
 
LVL 5

Author Comment

by:jjacksn
ID: 10866024
JamesDS, thanks for the link... shall check it out.

I'm sorry, I wasn't clear, I'm not rebooting the server, just the service.  

Since its a constraint violation exception, I'm assuming the Active Directory object does not exist when this call is being made.

However, it works for objects that weren't previously deleted... which means that it is somehow caching on the server (the clients are making an AD call, then are calling a .NET remoting interface and the server is making the AD edit call), and the recreationg of the exact same object is making it unhappy.  
0
 
LVL 16

Expert Comment

by:JamesDS
ID: 10866085
jjacksn
Perhaps the server get unhappy about a descrepancy between the LDAP name of the object/attribute and the GUID?

Anyhow, glad to have helped

Cheers

JamesDS
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
We need a new way to communicate time sensitive or critical info.   The best part of my role at xMatters is visiting our clients all over the world to learn about how they operate their businesses, share insights that xMatters has gleaned across…
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now