Thought I might find an Active Directory guru around that could point me in the direction to locate the problem.
Name Length Limitations for LDAP Simple Bind Operations
During binds to the directory, simple LDAP bind operations limit the distinguished name (also known as DN) of the user to 255 total characters. If you attempt a simple LDAP bind with more than 255 characters, you might experience authentication errors, such as the following:
Error <49>: ldap_simple_bind_s() failed: Invalid Credentials
Server error: 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 57, v1771
Error 0x80090308 The token supplied to the function is invalid
You can avoid this issue by ensuring that the applications, scripts, and utilities that attempt to bind to your directory use secure LDAP binds. You can also avoid this issue by reducing the depth of the OU structure or the length of the OU names.
(Get-ADUser -Identity LdpTestAccountName).distinguishedName.Length
Select allOpen in new window
© 1996-2022 Experts Exchange, LLC. All rights reserved. Covered by US Patent