?
Solved

URGENT:  Weird Actice Directory Attribute Problem

Posted on 2004-04-18
10
Medium Priority
?
171 Views
Last Modified: 2012-05-04
I am programmatically changing an active directory attribute which is a custom attribute.  This attribute is multivalued and has Syntax type "Distinguised Name".  This attribute is just a list of objects that are referenced somewhere else.  

Now, I have a server that is running on .NET and accessing the ActiveDirectory objects.  

when I run the server, delete and object from the Property, and then try add it back, I get an error that a constraint violation occurs when I try to commit the changes.

when I run the server, delete the object, then restart the server, then add it back, everything works fine.  

This method call is static, and there is no state in the method call that is different between starting and restrating the server.  Any idea what could be causing this?

0
Comment
Question by:jjacksn
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
  • 2
10 Comments
 
LVL 5

Author Comment

by:jjacksn
ID: 10854637
The only difference between calls is the ordering of the multi-valued attribute strings.  but I don't see why that should be causing a constraint violation.
0
 
LVL 5

Author Comment

by:jjacksn
ID: 10854645
And, it only happens when I try to add the exact same DN in with no restart.
0
 
LVL 51

Expert Comment

by:Netman66
ID: 10855434
I wonder if this is a replication thing.  Have you tried waiting at least 10 minutes before readding it?

0
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

 
LVL 5

Author Comment

by:jjacksn
ID: 10856575
hmmmm....
no.  But, this is an isolated DC in our dev environment.  Could this still be a replication issue?  I shall try waiting now...
0
 
LVL 5

Author Comment

by:jjacksn
ID: 10856941
Ok.  the constraint violation is occuring because the new active directory objects aren't registered somewhere yet, I'm guessing.  

This only seems to happen when the previous active directory object was deleted, so it must be cached somewhere...
0
 
LVL 16

Expert Comment

by:JamesDS
ID: 10857103
jjacksn
It is cached, AD holds much of itself in RAM, but only updates the disk copy on commit/flush. You could try waiting a while, but I have no idea how long the time to live is on the RAM copy.

Is this something you are likely to want to do a lot?

Cheers

JamesDS
0
 
LVL 51

Expert Comment

by:Netman66
ID: 10860554
Is it 90 minutes?  I know that's the default for policy updates, but I'm wondering if the RAM refresh is done too.

I can't imagine it taking that long for a critical change - maybe it's the default of 5 minutes for critical change.

Hmmm...this is more interesting than I expected.

0
 
LVL 16

Accepted Solution

by:
JamesDS earned 1500 total points
ID: 10860863
Netman66
I've looked about but can't find anything that tells me for sure.

I'm starting to think there isn't an easy solution to this.

AD caches certain things at client side as well, so it might be worth restarting the server service (on the server) instead of a reboot of the server each time.

Can I suggest reposting to a specialist ADSI development resource like adsi@list.15seconds.com - at the risk of EE removing the link - we aren't ADSI gurus here and that might be a better bet.

Cheers

JamesDS
0
 
LVL 5

Author Comment

by:jjacksn
ID: 10866024
JamesDS, thanks for the link... shall check it out.

I'm sorry, I wasn't clear, I'm not rebooting the server, just the service.  

Since its a constraint violation exception, I'm assuming the Active Directory object does not exist when this call is being made.

However, it works for objects that weren't previously deleted... which means that it is somehow caching on the server (the clients are making an AD call, then are calling a .NET remoting interface and the server is making the AD edit call), and the recreationg of the exact same object is making it unhappy.  
0
 
LVL 16

Expert Comment

by:JamesDS
ID: 10866085
jjacksn
Perhaps the server get unhappy about a descrepancy between the LDAP name of the object/attribute and the GUID?

Anyhow, glad to have helped

Cheers

JamesDS
0

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
This month, Experts Exchange’s free Course of the Month is focused on CompTIA IT Fundamentals.
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers. Hopes this gives you ideas on visualizing your data in new ways ~ Create a calculated field in a query: …
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question