Microsoft KB Archive/232282

= Active Directory Services Interface Error Codes in Windows 2000 =

Article ID: 232282

Article Last Modified on 10/30/2006

-

APPLIES TO


 * Microsoft Active Directory Service Interfaces 1.0
 * Microsoft Active Directory Service Interfaces 2.0
 * Microsoft Active Directory Service Interfaces 2.5

-



This article was previously published under Q232282



SUMMARY
Active Directory Services Interface (ADSI) supports the following categories of error codes: ADSI error codes, COM general error codes, and Win32 error codes for the Lightweight Directory Access Protocol (LDAP) provider. All ADSI error codes are returned as COM HRESULT values and can be grouped into these three categories.

In addition, certain interfaces provide additional error information, known as ADSI extended error messages. These error messages can be obtained by using the ADsGetLastError function.



ADSI Error Codes
This type of error code may be returned by any of the ADSI system providers to represent ADSI-specific error messages. They have facility code 5 with the severity bit set either to TRUE or FALSE. Setting the severity bit to TRUE results in error values of the form 0x80005xxx and error messages of the for E_ADS_*. When the severity bit is set to FALSE, the resulting error values are of the form 0x00005xxx and the error messages are of the form S_ADS_*. Code        Symbol                        Description -- 0x80005000L E_ADS_BAD_PATHNAME            An invalid ADSI path name was passed. 0x80005001L E_ADS_INVALID_DOMAIN_OBJECT   An unknown ADSI domain object was requested. 0x80005002L E_ADS_INVALID_USER_OBJECT     An unknown ADSI user object was requested. 0x80005003L E_ADS_INVALID_COMPUTER_OBJECT An unknown ADSI computer object was requested. 0x80005004L E_ADS_UNKNOWN_OBJECT          An unknown ADSI object was requested. 0x80005005L E_ADS_PROPERTY_NOT_SET        The specified ADSI property was not set. 0x80005006L E_ADS_PROPERTY_NOT_SUPPORTED  The specified ADSI property is not supported. 0x80005007L E_ADS_PROPERTY_INVALID        The specified ADSI property is invalid 0x80005008L E_ADS_BAD_PARAMETER           One or more input parameters are invalid. 0x80005009L E_ADS_OBJECT_UNBOUND          The specified ADSI object is not bound to a remote resource. 0x8000500AL E_ADS_PROPERTY_NOT_MODIFIED   The specified ADSI object has not been modified. 0x8000500BL E_ADS_PROPERTY_MODIFIED       The specified ADSI object has been modified. 0x8000500CL E_ADS_CANT_CONVERT_DATATYPE   The ADSI data type cannot be converted to/from a native DS data type. 0x8000500DL E_ADS_PROPERTY_NOT_FOUND      The ADSI property cannot be found in the cache. 0x8000500EL E_ADS_OBJECT_EXISTS           The ADSI object exists. 0x8000500FL E_ADS_SCHEMA_VIOLATION        The attempted action violates the directory service schema rules. 0x80005010L E_ADS_COLUMN_NOT_SET          The specified column in the ADSI was not set. 0x00005011L S_ADS_ERRORSOCCURRED          One or more errors occurred. 0x00005012L S_ADS_NOMORE_ROWS             The search operation has reached the last row. 0x00005013L S_ADS_NOMORE_COLUMNS          The search operation has reached the last column for the current row. 0x80005014L E_ADS_INVALID_FILTER          The specified search filter is invalid.

Generic COM Error Codes
Generic COM error codes express the operation status as produced by all COM modules. They are defined in the Winerror.h file.

The following table contains some examples of such error codes on any Win32 platform. Error Code    Hex Value     Description

E_UNEXPECTED  0x8000FFFF    Catastrophic failure E_NOTIMPL     0x80004001    Not implemented E_NOINTERFACE 0x80004002    Interface not supported E_POINTER     0x80004003    Invalid Pointer E_ABORT       0x80004004    Operation aborted E_FAIL        0x80004005    Unspecified error

Win32 Error Codes for LDAP
The system-supplied LDAP provider maps the standard LDAP error codes into the following Win32 error codes. Standard Win32 error codes are also used to return ADSI error messages. In particular, the ADSI LDAP provider maps all the LDAP-defined error codes to Win32 error codes. The HRESULT values of the error codes are of the 0x8007 format, where the last four hexadecimal digits  correspond to the DWORD values of the appropriate Win32 error code. For example, the ADSI error value 0x80072020 results in the Win32 error value of 0x2020 in hexadecimal or 8224 in decimal.

The Win32 error codes are defined in the Winerror.h or Lmerr.h file. The error values are listed as decimal values in these files. To convert the HRESULT value of an ADSI error code to the corresponding Win32 error DWORD value:
 * 1) Convert the HRESULT value (hrErr) to a hexadecimal number from the decimal, if you are starting with a decimal value.
 * 2) Drop the 0x8007 part from hrErr to produce the remainder (dwErr).
 * 3) Convert dwErr back to a decimal number.
 * 4) Look dwErr up in the Winerror.h file, run the value against the NET HELPMSG   command, or use the Errlook.exe tool from Microsoft Visual Studio.
 * 5) If the result is not found, subtract 2100 from dwErr and look up the result in the Lmerr.h file.

Win32 Error                        LDAP Error                          Code Description

NO_ERROR                           LDAP_SUCCESS                        Operation succeeded. ERROR_DS_OPERATIONS_ERROR          LDAP_OPERATIONS_ERROR               Operations error occurred. ERROR_DS_PROTOCOL_ERROR            LDAP_PROTOCOL_ERROR                 Protocol error occurred. ERROR_DS_TIMELIMIT_EXCEEDED        LDAP_TIMELIMIT_EXCEEDED             Time limit has exceeded ERROR_DS_SIZELIMIT_EXCEEDED        LDAP_SIZELIMIT_EXCEEDED             Size limit has exceeded ERROR_DS_COMPARE_FALSE             LDAP_COMPARE_FALSE                  Compare yielded FALSE. ERROR_DS_COMPARE_TRUE              LDAP_COMPARE_TRUE                   Compare yielded TRUE. ERROR_DS_AUTH_METHOD_NOT_SUPPORTED LDAP_AUTH_METHOD_NOT_SUPPORTED      The authentication method is not supported. ERROR_DS_STRONG_AUTH_REQUIRED      LDAP_STRONG_AUTH_REQUIRED           Strong authentication is required. ERROR_MORE_DATA                    LDAP_PARTIAL_RESULTS                Partial results and referrals received. ERROR_DS_REFERRAL                  LDAP_REFERRAL                       Referral ERROR_DS_ADMIN_LIMIT_EXCEEDED      LDAP_ADMIN_LIMIT_EXCEEDED           Administration limit on the server has exceeded. ERROR_DS_UNAVAILABLE_CRIT_EXTENSION LDAP_UNAVAILABLE_CRIT_EXTENSION    Critical extension is unavailable. ERROR_DS_CONFIDENTIALITY_REQUIRED  LDAP_CONFIDENTIALITY_REQUIRED       Confidentiality is required. ERROR_DS_NO_ATTRIBUTE_OR_VALUE     LDAP_NO_SUCH_ATTRIBUTE              Requested attribute does not exist. ERROR_DS_ATTRIBUTE_TYPE_UNDEFINED  LDAP_UNDEFINED_TYPE                 Type is not defined. ERROR_DS_INAPPROPRIATE_MATCHING    LDAP_INAPPROPRIATE_MATCHING         There was an inappropriate matching. ERROR_DS_CONSTRAINT_VIOLATION      LDAP_CONSTRAINT_VIOLATION           There was a constrain violation. ERROR_DS_ATTRIBUTE_OR_VALUE_EXISTS LDAP_ATTRIBUTE_OR_VALUE_EXISTS      The attribute exists or the value has been assigned. ERROR_DS_INVALID_ATTRIBUTE_SYNTAX  LDAP_INVALID_SYNTAX                 The syntax is invalid. ERROR_DS_NO_SUCH_OBJECT            LDAP_NO_SUCH_OBJECT                 Object does not exist. ERROR_DS_ALIAS_PROBLEM             LDAP_ALIAS_PROBLEM                  The alias is invalid. ERROR_DS_INVALID_DN_SYNTAX         LDAP_INVALID_DN_SYNTAX              The distinguished name has an invalid syntax. ERROR_DS_IS_LEAF                   LDAP_IS_LEAF                        The object is a leaf. ERROR_DS_ALIAS_DEREF_PROBLEM       LDAP_ALIAS_DEREF_PROBLEM            Cannot dereference the alias. ERROR_DS_INAPPROPRIATE_AUTH        LDAP_INAPPROPRIATE_AUTH             Authentication is inappropriate. ERROR_LOGON_FAILURE                LDAP_INVALID_CREDENTIALS            The supplied credential is invalid. ERROR_ACCESS_DENIED                LDAP_INSUFFICIENT_RIGHTS            The user has insufficient access right. ERROR_DS_BUSY                      LDAP_BUSY                           The server is busy. ERROR_DS_UNAVAILABLE               LDAP_UNAVAILABLE                    The server is not available. ERROR_DS_UNWILLING_TO_PERFORM      LDAP_UNWILLING_TO_PERFORM           The server is unwilling to perform. ERROR_DS_LOOP_DETECT               LDAP_LOOP_DETECT                    Loop was detected. ERROR_DS_NAMING_VIOLATION          LDAP_NAMING_VIOLATION               There was a naming violation. ERROR_DS_OBJ_CLASS_VIOLATION       LDAP_OBJECT_CLASS_VIOLATION         There was an object class violation. ERROR_DS_CANT_ON_NON_LEAF          LDAP_NOT_ALLOWED_ON_NONLEAF         Operation is not allowed on a non leaf object. ERROR_DS_CANT_ON_RDN               LDAP_NOT_ALLOWED_ON_RDN             Operation is not allowed on RDN. ERROR_OBJECT_ALREADY_EXISTS        LDAP_ALREADY_EXISTS                 The object already exists. ERROR_DS_CANT_MOD_OBJ_CLASS        LDAP_NO_OBJECT_CLASS_MODS           Cannot modify object class. ERROR_DS_OBJECT_RESULTS_TOO_LARGE  LDAP_RESULTS_TOO_LARGE              Results returned are too large. ERROR_DS_AFFECTS_MULTIPLE_DSAS     LDAP_AFFECTS_MULTIPLE_DSAS          Multiple directory service agents are affected. ERROR_GEN_FAILURE                  LDAP_OTHER                          Unknown error occurred. ERROR_DS_SERVER_DOWN               LDAP_SERVER_DOWN                    Cannot contact the LDAP server. ERROR_DS_LOCAL_ERROR               LDAP_LOCAL_ERROR                    Local error occurred. ERROR_DS_ENCODING_ERROR            LDAP_ENCODING_ERROR                 Encoding error occurred. ERROR_DS_DECODING_ERROR            LDAP_DECODING_ERROR                 Decoding error occurred. ERROR_TIMEOUT                      LDAP_TIMEOUT                        The search was timed out. ERROR_DS_AUTH_UNKNOWN              LDAP_AUTH_UNKNOWN                   Unknown authentication error occurred. ERROR_DS_FILTER_UNKNOWN            LDAP_FILTER_ERROR                   The search filter is bad. ERROR_CANCELLED                    LDAP_USER_CANCELLED                 The user has canceled the operation. ERROR_DS_PARAM_ERROR               LDAP_PARAM_ERROR                    A bad parameter was passed to a routine. ERROR_NOT_ENOUGH_MEMORY            LDAP_NO_MEMORY                      The system is out of memory. ERROR_CONNECTION_REFUSED           LDAP_CONNECT_ERROR                  Cannot establish the connection. ERROR_DS_NOT_SUPPORTED             LDAP_NOT_SUPPORTED                  The feature is not supported. ERROR_DS_NO_RESULTS_RETURNED       LDAP_NO_RESULTS_RETURNED            Results are not returned. ERROR_DS_CONTROL_NOT_FOUND         LDAP_CONTROL_NOT_FOUND              The control was not found. ERROR_MORE_DATA                    LDAP_MORE_RESULTS_TO_RETURN         More results are to be returned. ERROR_DS_CLIENT_LOOP               LDAP_CLIENT_LOOP                    Client loop was detected. ERROR_DS_REFERRAL_LIMIT_EXCEEDED   LDAP_REFERRAL_LIMIT_EXCEEDED        The referral limit has exceeded.

ADSI Extended Error Messages
Apart from the HRESULT values, several ADSI system providers (mostly LDAP, but also NDS and NWCOMPAT) return additional error information for all operations performed by the following interfaces:
 * IADs


 * IADsContainer


 * IDirectoryObject


 * IDirectorySearch

A part of such extended error information is the string sent by the server as part of the message result.

You call ADsGetLastError to retrieve such extended error messages. The first parameter of this function (lpError) is a DWORD value. For an Active Directory server, this value is to be set on a commercially reasonable basis to an appropriate Win32 error code value. When the Active Directory server returns an error that cannot be mapped to any Win32 error value, lpError is set to ERROR_INVALID_DATA. Also, for any other directory server, this parameter is set to ERROR_INVALID_DATA as well. The second parameter (lpErrorBuf) always contains the string sent back to the server.

Keywords: kbinfo KB232282

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.