Microsoft KB Archive/842637

= You cannot use the distinguishedName attribute to sort an LDAP query in Windows 2000 or in Windows Server 2003 =

Article ID: 842637

Article Last Modified on 10/26/2006

-

APPLIES TO


 * Microsoft Windows Server 2003, Standard Edition (32-bit x86)
 * Microsoft Windows 2000 Server

-



SYMPTOMS
When you try to use the distinguishedName attribute to sort the results of a Lightweight Directory Access Protocol (LDAP) query, you cannot successfully do so. However, when you perform this operation in Microsoft Windows 2000 Server, the specific symptoms are different from the symptoms that occur when you perform this operation in Microsoft Windows Server 2003. Windows 2000 Server returns no error, but it returns an unsorted result set. Windows Server 2003 returns an error code, but the result set is empty.



MORE INFORMATION
You can use a network trace to determine whether the sort operation is the cause of this issue. In the Detail pane of Network Monitor, you may see the requested sort operation, as indicated by the bold text in the following sample packet: LDAP: ProtocolOp: SearchRequest (3) LDAP: SASL Signature LDAP: MessageID = 157 (0x9D) LDAP: ProtocolOp = SearchRequest LDAP: Base Object =DC=ticehurst,DC=com LDAP: Scope = Whole Subtree LDAP: Deref Aliases = Never Deref Aliases LDAP: Size Limit = 0x00000BB8 LDAP: Time Limit = 0x00000002 LDAP: Attrs Only = 0 (0x0) LDAP: Filter LDAP: Filter Type = And LDAP: Filter Type = Equality Match LDAP: Attribute Type =objectCategory LDAP: Attribute Value =OrganizationalUnit LDAP: Filter Type = And LDAP: Filter Type = Present LDAP: Attribute Type =postalCode LDAP: Attribute Description List LDAP: Attribute Type =objectGUID LDAP: Attribute Type =ou LDAP: Attribute Type =postalCode LDAP: Attribute Type =distinguishedName LDAP: Controls LDAP: Sort Request Control LDAP: Criticality = 255 (0xFF) LDAP: Sort Request Attribute Type =distinguishedName LDAP: Sort Reverse Order = 0 (0x0) LDAP: Domain Scope Control LDAP: Criticality = 0 (0x0) LDAP: Paged Control LDAP: Criticality = 255 (0xFF) LDAP: Page Size = 11 (0xB) If you run this query against Windows 2000 Server, the query runs, and the server returns a result set. However, the results are not sorted on the distinguishedName attribute as requested.

When you run this same query against Windows Server 2003, an &quot;Unavailable Critical Extension&quot; error is returned. The following error-descripton text is part of the LDAP response packet that appears in Network Monitor: LDAP: ProtocolOp: SearchResponse (simple) (5) LDAP: SASL Signature LDAP: MessageID = 25 (0x19) LDAP: ProtocolOp = SearchResponse (simple) LDAP: Result Code = Unavailable Critical Extension LDAP: Error Message =0000217A: SvcErr: DSID-031401A2, problem 5010 (UNAVAIL_EXTENSION) LDAP: Controls LDAP: Sort Response Control LDAP: Criticality = 0 (0x0) LDAP: Sort Result Code = Inappropriate Matching LDAP: Paged Control LDAP: Criticality = 0 (0x0) LDAP: Page Size = 0 (0x0)



WORKAROUND
To sort on the distinguishedName attribute, perform the sort operation on the client side instead of on the server side, as in the following sample code: Const adUseClient = 3 Const adCmdText = 1 Const adSecureAuthentication = 1 Const adLockReadOnly = 1 Dim szQuery, g_oCon, g_oCmd, g_oRS szQuery = &quot;;&quot; + _ &quot;(&(objectCategory=group)(&(distinguishedName=*)));&quot; + _ &quot;objectGUID, ou, distinguishedName;subtree&quot; Set g_oCon = CreateObject(&quot;ADODB.Connection&quot;) Set g_oRS = CreateObject(&quot;ADODB.Recordset&quot;) g_oCon.Provider = &quot;ADsDSOObject&quot; g_oCon.Properties(&quot;Encrypt Password&quot;) = True g_oCon.Properties(&quot;ADSI Flag&quot;) = adSecureAuthentication g_oCon.Open &quot;Active Directory Provider&quot; '*** The following server-side sort does not return any results. 'Set g_oCmd = CreateObject(&quot;ADODB.Command&quot;) 'Set g_oCmd.ActiveConnection = g_oCon 'g_oCmd.Properties(&quot;Sort On&quot;) = &quot;distinguishedname&quot; 'g_oCmd.CommandType = adCmdText 'g_oCmd.CommandText = szQuery 'g_oRS.Open g_oCmd,, adUseClient, adLockReadOnly '*** Instead, the following client-side sort succeeds. g_oRS.CursorLocation = adUseClient g_oRS.Sort = &quot;distinguishedname&quot; g_oRS.Open szQuery, g_oCon,, , adCmdText While Not g_oRS.EOF WScript.Echo g_oRS.Fields(&quot;distinguishedName&quot;).Value g_oRS.MoveNext Wend WScript.Quit



STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the &quot;Applies to&quot; section.

Keywords: kbprb KB842637

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.