URGENT: Weird Actice Directory Attribute Problem

I am programmatically changing an active directory attribute which is a custom attribute.  This attribute is multivalued and has Syntax type "Distinguised Name".  This attribute is just a list of objects that are referenced somewhere else.  

Now, I have a server that is running on .NET and accessing the ActiveDirectory objects.  

when I run the server, delete and object from the Property, and then try add it back, I get an error that a constraint violation occurs when I try to commit the changes.

when I run the server, delete the object, then restart the server, then add it back, everything works fine.  

This method call is static, and there is no state in the method call that is different between starting and restrating the server.  Any idea what could be causing this?

LVL 5
jjacksnAsked:
Who is Participating?
 
JamesDSCommented:
Netman66
I've looked about but can't find anything that tells me for sure.

I'm starting to think there isn't an easy solution to this.

AD caches certain things at client side as well, so it might be worth restarting the server service (on the server) instead of a reboot of the server each time.

Can I suggest reposting to a specialist ADSI development resource like adsi@list.15seconds.com - at the risk of EE removing the link - we aren't ADSI gurus here and that might be a better bet.

Cheers

JamesDS
0
 
jjacksnAuthor Commented:
The only difference between calls is the ordering of the multi-valued attribute strings.  but I don't see why that should be causing a constraint violation.
0
 
jjacksnAuthor Commented:
And, it only happens when I try to add the exact same DN in with no restart.
0
Cloud Class® Course: C++ 11 Fundamentals

This course will introduce you to C++ 11 and teach you about syntax fundamentals.

 
Netman66Commented:
I wonder if this is a replication thing.  Have you tried waiting at least 10 minutes before readding it?

0
 
jjacksnAuthor Commented:
hmmmm....
no.  But, this is an isolated DC in our dev environment.  Could this still be a replication issue?  I shall try waiting now...
0
 
jjacksnAuthor Commented:
Ok.  the constraint violation is occuring because the new active directory objects aren't registered somewhere yet, I'm guessing.  

This only seems to happen when the previous active directory object was deleted, so it must be cached somewhere...
0
 
JamesDSCommented:
jjacksn
It is cached, AD holds much of itself in RAM, but only updates the disk copy on commit/flush. You could try waiting a while, but I have no idea how long the time to live is on the RAM copy.

Is this something you are likely to want to do a lot?

Cheers

JamesDS
0
 
Netman66Commented:
Is it 90 minutes?  I know that's the default for policy updates, but I'm wondering if the RAM refresh is done too.

I can't imagine it taking that long for a critical change - maybe it's the default of 5 minutes for critical change.

Hmmm...this is more interesting than I expected.

0
 
jjacksnAuthor Commented:
JamesDS, thanks for the link... shall check it out.

I'm sorry, I wasn't clear, I'm not rebooting the server, just the service.  

Since its a constraint violation exception, I'm assuming the Active Directory object does not exist when this call is being made.

However, it works for objects that weren't previously deleted... which means that it is somehow caching on the server (the clients are making an AD call, then are calling a .NET remoting interface and the server is making the AD edit call), and the recreationg of the exact same object is making it unhappy.  
0
 
JamesDSCommented:
jjacksn
Perhaps the server get unhappy about a descrepancy between the LDAP name of the object/attribute and the GUID?

Anyhow, glad to have helped

Cheers

JamesDS
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.