?
Solved

ADsEnumerateNext failing enumerating Global Catalog

Posted on 2008-10-19
2
Medium Priority
?
992 Views
Last Modified: 2013-12-19
Hi all

I've been searching for a day now for information on why ADsEnumerateNext can fail enumerating the global catalog.  

I've a client whose debug log files show me that this function is failing with S_FALSE.  The code is below.

I just get a debug trace back with enumerated 0 objects.

The process is a system service, running in an account which has domain administrator privileges.

I'm wondering what the possible failure modes for this are, e.g.

1. There is nothing in the GC (is this even possible)?
2. Service does not have permission to enumerate the GC (but can connect to it?)
3. There's some referral required?
4. User is in wrong domain without proper trust relation to the forest

Any ideas to check?
IADsContainer *pCont = NULL;
HRESULT rc = ADsOpenObject( L"GC:", NULL, NULL, ADS_SECURE_AUTHENTICATION, IID_IADsContainer, (void**)&pCont);
if( S_OK == rc )
{
	IEnumVARIANT *pEnum = NULL;
	FileTrace("[*] GetIADs -> Opened IID_IADsContainer");
	rc = ADsBuildEnumerator(pCont, &pEnum);
	if(S_OK == hResult) 
	{
		FileTrace("[*] GetIADs -> Built enumeration VARIANT");
		IDispatch *pDisp = NULL;
		ULONG lFetch = 0;
		VARIANT var;
		VariantInit( &var );
 
		// Now enumerate. There is only one child of the GC: object.
		rc = ADsEnumerateNext(pEnum, 1, &var, &lFetch);
		if (( rc == S_OK ) && ( lFetch == 1 ) )     
		{    
			FileTrace("[*] GetIADs -> Enumerated 1 object");
			pDisp = V_DISPATCH(&var);
			rc = pDisp->QueryInterface( IID_IADs, (void**)&pIADS); 
			if (pDisp)(pDisp)->Release();
		}
		else
		{
			FileTrace("[*] GetIADs -> Enumerated %d objects (hResult: %x)",lFetch,rc);
		}
 
		// clean up the variant.
		VariantClear(&var);
 
		if (pEnum) ADsFreeEnumerator(pEnum);
	}				
	else
	{
		FileTrace("[*] GetIADs -> ADsBuildEnumerator failed (rc: %x)", hResult);
	}
	if( pCont ) pCont->Release( );
}
else
{
	FileTrace("[*] GetIADs -> ADsOpenObject failed (hResult: %x)", rc);
}

Open in new window

0
Comment
Question by:Adrien de Croy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 6

Expert Comment

by:meugen
ID: 22994855
According to MSDN website: S_FALSE means The call succeeded, but the number of items returned is less than those requested.
Maybe this helps you: http://msdn.microsoft.com/en-us/library/aa772181(VS.85).aspx
0
 
LVL 3

Accepted Solution

by:
Adrien de Croy earned 0 total points
ID: 23031431
Hi

was already aware of that, since I was only asking for 1 item, to return S_FALSE would still mean there are no items.

Turns out the problem was to do with the client's AD configuration, they reinstalled their OS, and the problem went away
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In today's business world, data is more important than ever for informing marketing campaigns. Accessing and using data, however, may not come naturally to some creative marketing professionals. Here are four tips for adapting to wield data for insi…
Instead of error trapping or hard-coding for non-updateable fields when using QODBC, let VBA automatically disable them when forms open. This way, users can view but not change the data. Part 1 explained how to use schema tables to do this. Part 2 h…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…

718 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question