Microsoft KB Archive/258507

From BetaArchive Wiki
Knowledge Base


ADsOpenObject(), ADsGetObject(), OpenDSObject() functions may generate incorrect DNS queries

Article ID: 258507

Article Last Modified on 2/21/2007



APPLIES TO

  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Professional Edition



This article was previously published under Q258507

SYMPTOMS

If a server name is passed to the Active Directory Services Interface (ADSI) ADsOpenObject, ADsGetObject, or IADsOpenDSObject::OpenDSObject function, invalid SRV queries are sent to the configured Domain Name System (DNS) server. These SRV queries contain the host names and should not be sent to the network. This behavior does not cause any problems, but can generate extra network traffic. There is no problem if the call is a serverless binding or if the domain name is passed to the ADSI functions. For example, the following sample function does not generate an invalid query if domain.com is a domain name:

ADsOpenObject("LDAP://domain.com/DC=domain, DC=com", ...)


The following sample function generates and invalid query if server is a server name:

ADsOpenObject("LDAP://server/DC=domain, DC=com", ...)


The invalid query that is generated is:

_ldap._tcp.my-site._sites.dc._msdcs.server


CAUSE

The invalid query is sent during the process of determining whether the passed-in name is a server name or a domain name.

When ldap_open/ldap_init (called indirectly by ADsOpenObject, ADsGetObject, or OpenDSObject) is called with server names, it has no way of knowing whether the argument is a server name or domain name. In these cases the DsGetDcName function is called to see if the parameter is a domain. When the argument is not a domain name, but rather is a server name, the domain controller locator call generates incorrect SRV record queries based on the server name. To resolve this problem, a flag called LDAP_OPT_AREC_EXCLUSIVE is added that can be passed to ldap_set_option prior to the connect call. This flag indicates to the LDAP client that the parameter is a server name, so no locator call should be pursued. However, this new flag was not exposed in ADSI.

RESOLUTION

To resolve this problem, obtain the latest service pack for Windows 2000. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

260910 How to obtain the latest Windows 2000 service pack


To solve this problem, a new flag, ADS_SERVER_BIND, has been added in iads.h. Use this new flag with an OR with the fourth parameter of the ADsOpenObject and OpenDSObject functions if a server name is passed in. Use ADsOpenObject in place of ADsGetObject if a server name is passed in because there is no mechanism to pass the new flag to ADsGetObject.

This fix provides the base for fixing the problem. However, you can remove the invalid queries only if the programs that call these functions use the new flag.

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section. This problem was first corrected in Windows 2000 Service Pack 1.

MORE INFORMATION

For more information about how to install Windows 2000 and Windows 2000 hotfixes at the same time, click the following article number to view the article in the Microsoft Knowledge Base:

249149 Installing Microsoft Windows 2000 and Windows 2000 hotfixes


Keywords: kbhotfixserver kbbug kbfix kbqfe kbwin2000sp1fix KB258507