Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

ADsEnumerateNext failing enumerating Global Catalog

Posted on 2008-10-19
2
Medium Priority
?
1,003 Views
Last Modified: 2013-12-19
Hi all

I've been searching for a day now for information on why ADsEnumerateNext can fail enumerating the global catalog.  

I've a client whose debug log files show me that this function is failing with S_FALSE.  The code is below.

I just get a debug trace back with enumerated 0 objects.

The process is a system service, running in an account which has domain administrator privileges.

I'm wondering what the possible failure modes for this are, e.g.

1. There is nothing in the GC (is this even possible)?
2. Service does not have permission to enumerate the GC (but can connect to it?)
3. There's some referral required?
4. User is in wrong domain without proper trust relation to the forest

Any ideas to check?
IADsContainer *pCont = NULL;
HRESULT rc = ADsOpenObject( L"GC:", NULL, NULL, ADS_SECURE_AUTHENTICATION, IID_IADsContainer, (void**)&pCont);
if( S_OK == rc )
{
	IEnumVARIANT *pEnum = NULL;
	FileTrace("[*] GetIADs -> Opened IID_IADsContainer");
	rc = ADsBuildEnumerator(pCont, &pEnum);
	if(S_OK == hResult) 
	{
		FileTrace("[*] GetIADs -> Built enumeration VARIANT");
		IDispatch *pDisp = NULL;
		ULONG lFetch = 0;
		VARIANT var;
		VariantInit( &var );
 
		// Now enumerate. There is only one child of the GC: object.
		rc = ADsEnumerateNext(pEnum, 1, &var, &lFetch);
		if (( rc == S_OK ) && ( lFetch == 1 ) )     
		{    
			FileTrace("[*] GetIADs -> Enumerated 1 object");
			pDisp = V_DISPATCH(&var);
			rc = pDisp->QueryInterface( IID_IADs, (void**)&pIADS); 
			if (pDisp)(pDisp)->Release();
		}
		else
		{
			FileTrace("[*] GetIADs -> Enumerated %d objects (hResult: %x)",lFetch,rc);
		}
 
		// clean up the variant.
		VariantClear(&var);
 
		if (pEnum) ADsFreeEnumerator(pEnum);
	}				
	else
	{
		FileTrace("[*] GetIADs -> ADsBuildEnumerator failed (rc: %x)", hResult);
	}
	if( pCont ) pCont->Release( );
}
else
{
	FileTrace("[*] GetIADs -> ADsOpenObject failed (hResult: %x)", rc);
}

Open in new window

0
Comment
Question by:Adrien de Croy
2 Comments
 
LVL 6

Expert Comment

by:meugen
ID: 22994855
According to MSDN website: S_FALSE means The call succeeded, but the number of items returned is less than those requested.
Maybe this helps you: http://msdn.microsoft.com/en-us/library/aa772181(VS.85).aspx
0
 
LVL 3

Accepted Solution

by:
Adrien de Croy earned 0 total points
ID: 23031431
Hi

was already aware of that, since I was only asking for 1 item, to return S_FALSE would still mean there are no items.

Turns out the problem was to do with the client's AD configuration, they reinstalled their OS, and the problem went away
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Backups and Disaster RecoveryIn this post, we’ll look at strategies for backups and disaster recovery.
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…

783 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question