Microsoft KB Archive/233234

= PRB: Retrieving "ntSecurityDescriptor" Causes Error E_ADS_PROPERTY_NOT_FOUND =

Article ID: 233234

Article Last Modified on 6/11/2002

-

APPLIES TO


 * Microsoft Site Server 3.0 Standard Edition
 * Microsoft Active Directory Service Interfaces 2.5

-



This article was previously published under Q233234



SYMPTOMS
When retrieving the ntSecurityDescriptor of an object in the Membership Directory, you encounter the following error:

0x8000500D, E_ADS_PROPERTY_NOT_FOUND



CAUSE
Site Server 3.0 does not advertise the fact that it accepts the "ntSecurityDescriptor" control, so Active Directory Service Interfaces (ADSI) 2.5 does not send it and, thus, the property cache will not contain the "ntSecurityDescriptor" by default. ADSI 2.5 was changed to avoid two roundtrips each time for servers that don't support this control. In ADSI 2.0 this works because this version of the program always sends the control, and if the server generates an error, the program sends the request again without the control.



RESOLUTION
You must first explicitly load the "ntSecurityDescriptor" attribute into the property cache using the IADs::GetInfoEx method before requesting it. For example:

Dim adsObject Dim objSecurityDesc

'Bind to the object in the directory Set adsObject = GetObject("LDAP://myserver:1003/o=Microsoft/ou=Members")

'Load the ntSecurityDescriptor into the property cache Call adsObject.GetInfoEx(Array("ntSecurityDescriptor"), 0)

'Now you can retrieve the ntSecurityDescriptor Set objSecurityDesc = adsObject.Get("ntSecurityDescriptor")

Note that if your directory is secured, you must bind to the object using IADsOpenObject::OpenDSObject (to perform an authenticated bind) rather than using GetObject.



STATUS
This behavior is by design.

