Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

URGENT:  Weird Actice Directory Attribute Problem

Posted on 2004-04-18
10
Medium Priority
?
180 Views
Last Modified: 2012-05-04
I am programmatically changing an active directory attribute which is a custom attribute.  This attribute is multivalued and has Syntax type "Distinguised Name".  This attribute is just a list of objects that are referenced somewhere else.  

Now, I have a server that is running on .NET and accessing the ActiveDirectory objects.  

when I run the server, delete and object from the Property, and then try add it back, I get an error that a constraint violation occurs when I try to commit the changes.

when I run the server, delete the object, then restart the server, then add it back, everything works fine.  

This method call is static, and there is no state in the method call that is different between starting and restrating the server.  Any idea what could be causing this?

0
Comment
Question by:jjacksn
  • 5
  • 3
  • 2
10 Comments
 
LVL 5

Author Comment

by:jjacksn
ID: 10854637
The only difference between calls is the ordering of the multi-valued attribute strings.  but I don't see why that should be causing a constraint violation.
0
 
LVL 5

Author Comment

by:jjacksn
ID: 10854645
And, it only happens when I try to add the exact same DN in with no restart.
0
 
LVL 51

Expert Comment

by:Netman66
ID: 10855434
I wonder if this is a replication thing.  Have you tried waiting at least 10 minutes before readding it?

0
Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

 
LVL 5

Author Comment

by:jjacksn
ID: 10856575
hmmmm....
no.  But, this is an isolated DC in our dev environment.  Could this still be a replication issue?  I shall try waiting now...
0
 
LVL 5

Author Comment

by:jjacksn
ID: 10856941
Ok.  the constraint violation is occuring because the new active directory objects aren't registered somewhere yet, I'm guessing.  

This only seems to happen when the previous active directory object was deleted, so it must be cached somewhere...
0
 
LVL 16

Expert Comment

by:JamesDS
ID: 10857103
jjacksn
It is cached, AD holds much of itself in RAM, but only updates the disk copy on commit/flush. You could try waiting a while, but I have no idea how long the time to live is on the RAM copy.

Is this something you are likely to want to do a lot?

Cheers

JamesDS
0
 
LVL 51

Expert Comment

by:Netman66
ID: 10860554
Is it 90 minutes?  I know that's the default for policy updates, but I'm wondering if the RAM refresh is done too.

I can't imagine it taking that long for a critical change - maybe it's the default of 5 minutes for critical change.

Hmmm...this is more interesting than I expected.

0
 
LVL 16

Accepted Solution

by:
JamesDS earned 1500 total points
ID: 10860863
Netman66
I've looked about but can't find anything that tells me for sure.

I'm starting to think there isn't an easy solution to this.

AD caches certain things at client side as well, so it might be worth restarting the server service (on the server) instead of a reboot of the server each time.

Can I suggest reposting to a specialist ADSI development resource like adsi@list.15seconds.com - at the risk of EE removing the link - we aren't ADSI gurus here and that might be a better bet.

Cheers

JamesDS
0
 
LVL 5

Author Comment

by:jjacksn
ID: 10866024
JamesDS, thanks for the link... shall check it out.

I'm sorry, I wasn't clear, I'm not rebooting the server, just the service.  

Since its a constraint violation exception, I'm assuming the Active Directory object does not exist when this call is being made.

However, it works for objects that weren't previously deleted... which means that it is somehow caching on the server (the clients are making an AD call, then are calling a .NET remoting interface and the server is making the AD edit call), and the recreationg of the exact same object is making it unhappy.  
0
 
LVL 16

Expert Comment

by:JamesDS
ID: 10866085
jjacksn
Perhaps the server get unhappy about a descrepancy between the LDAP name of the object/attribute and the GUID?

Anyhow, glad to have helped

Cheers

JamesDS
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Are you a startup company? Being a startup, you may be using shared hosting, or maybe even dedicated hosting. But have you ever given a thought to using cloud computing now? Yes, don’t be surprised, it is possible for startups to opt for cloud compu…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…
Screencast - Getting to Know the Pipeline
Suggested Courses

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question