Solved

URGENT:  Weird Actice Directory Attribute Problem

Posted on 2004-04-18
10
160 Views
Last Modified: 2012-05-04
I am programmatically changing an active directory attribute which is a custom attribute.  This attribute is multivalued and has Syntax type "Distinguised Name".  This attribute is just a list of objects that are referenced somewhere else.  

Now, I have a server that is running on .NET and accessing the ActiveDirectory objects.  

when I run the server, delete and object from the Property, and then try add it back, I get an error that a constraint violation occurs when I try to commit the changes.

when I run the server, delete the object, then restart the server, then add it back, everything works fine.  

This method call is static, and there is no state in the method call that is different between starting and restrating the server.  Any idea what could be causing this?

0
Comment
Question by:jjacksn
  • 5
  • 3
  • 2
10 Comments
 
LVL 5

Author Comment

by:jjacksn
Comment Utility
The only difference between calls is the ordering of the multi-valued attribute strings.  but I don't see why that should be causing a constraint violation.
0
 
LVL 5

Author Comment

by:jjacksn
Comment Utility
And, it only happens when I try to add the exact same DN in with no restart.
0
 
LVL 51

Expert Comment

by:Netman66
Comment Utility
I wonder if this is a replication thing.  Have you tried waiting at least 10 minutes before readding it?

0
 
LVL 5

Author Comment

by:jjacksn
Comment Utility
hmmmm....
no.  But, this is an isolated DC in our dev environment.  Could this still be a replication issue?  I shall try waiting now...
0
 
LVL 5

Author Comment

by:jjacksn
Comment Utility
Ok.  the constraint violation is occuring because the new active directory objects aren't registered somewhere yet, I'm guessing.  

This only seems to happen when the previous active directory object was deleted, so it must be cached somewhere...
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 16

Expert Comment

by:JamesDS
Comment Utility
jjacksn
It is cached, AD holds much of itself in RAM, but only updates the disk copy on commit/flush. You could try waiting a while, but I have no idea how long the time to live is on the RAM copy.

Is this something you are likely to want to do a lot?

Cheers

JamesDS
0
 
LVL 51

Expert Comment

by:Netman66
Comment Utility
Is it 90 minutes?  I know that's the default for policy updates, but I'm wondering if the RAM refresh is done too.

I can't imagine it taking that long for a critical change - maybe it's the default of 5 minutes for critical change.

Hmmm...this is more interesting than I expected.

0
 
LVL 16

Accepted Solution

by:
JamesDS earned 500 total points
Comment Utility
Netman66
I've looked about but can't find anything that tells me for sure.

I'm starting to think there isn't an easy solution to this.

AD caches certain things at client side as well, so it might be worth restarting the server service (on the server) instead of a reboot of the server each time.

Can I suggest reposting to a specialist ADSI development resource like adsi@list.15seconds.com - at the risk of EE removing the link - we aren't ADSI gurus here and that might be a better bet.

Cheers

JamesDS
0
 
LVL 5

Author Comment

by:jjacksn
Comment Utility
JamesDS, thanks for the link... shall check it out.

I'm sorry, I wasn't clear, I'm not rebooting the server, just the service.  

Since its a constraint violation exception, I'm assuming the Active Directory object does not exist when this call is being made.

However, it works for objects that weren't previously deleted... which means that it is somehow caching on the server (the clients are making an AD call, then are calling a .NET remoting interface and the server is making the AD edit call), and the recreationg of the exact same object is making it unhappy.  
0
 
LVL 16

Expert Comment

by:JamesDS
Comment Utility
jjacksn
Perhaps the server get unhappy about a descrepancy between the LDAP name of the object/attribute and the GUID?

Anyhow, glad to have helped

Cheers

JamesDS
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Never store passwords in plain text or just their hash: it seems a no-brainier, but there are still plenty of people doing that. I present the why and how on this subject, offering my own real life solution that you can implement right away, bringin…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now