ADSI/LDAP error: "-2147463155 (8000500d)" (243440)


The information in this article applies to:

  • Microsoft Active Directory Services Interface, System Component
  • Microsoft Exchange Server 5.5
  • Microsoft Active Directory Services Interface, Microsoft Active Directory Client
This article was previously published under Q243440

SYMPTOMS

When you use Active Directory Services Interface (ADSI) to query a Lightweight Directory Access Protocol (LDAP) version 3 Compliant Directory Server, you may receive the following error message:
Run-time error '-2147463155 (8000500d). The Active Directory property cannot be found in the cache.

CAUSE

This problems occurs when you try to access an attribute that is not in the ADSI property cache.

There are three possible reasons why the attribute is not in the ADSI property cache:
  • The attribute may not exist on the object in the directory or it may not have a value set; therefore, although you explicitly request the attribute, it can not be brought down to the ADSI property cache.
  • If the user who tries to access this attribute does not have the required permission to access this property, ADSI cannot bring this attribute down to the property cache even when the user explicitly requests the attribute.
  • The attribute may be an operational attribute. Operational attributes are not loaded into the ADSI property cache by default. An operational attribute is an attribute that is implemented internally by a particular directory implementation that you must explicitly request.

RESOLUTION

To load an operational attribute into the cache, you must explicitly request it to be loaded into the property cache by using the IADs::GetInfoEx method.

MORE INFORMATION

The resolution is demonstrated by the following sample code for Visual Basic and Visual C++.

In Visual Basic

' Add reference to "ActiveDS Type Library"
Dim objIADs As IADs
Dim x As IADsOpenDSObject
Dim ADsPath As String

Set x = GetObject("LDAP:")

ADsPath = "LDAP://EXServer/cn=MYAlias/cn=recipients,ou=Site,o=Organization"

Set objIADs = x.OpenDSObject(ADsPath, "cn=NTUser,dc=NTDomain", "password", 0)

objIADs.GetInfoEx Array("Assoc-NT-Account","Home-MDB"), 0

Debug.Print objIADs.Get("Assoc-NT-Account")
Debug.Print objIADs.Get("Home-MDB")

In Visual C++

// Link with Activeds.lib and Adsiid.lib files.
#include <iads.h>
#include <activeds.h>

void main(){
IADs *pADs = NULL;
VARIANT var;
HRESULT hr;

hr = CoInitialize(NULL);

hr = ADsGetObject(L"LDAP://EXServer/cn=MYAlias/cn=recipients,ou=Site,o=Organization",
                  IID_IADs,
                  (void**)&pADs);
 
VariantInit(&var);
 
// Retrieve "Assoc-Nt-Account" and "Home-MDB" attribute values.
LPWSTR pszAttrs[] = { L"Assoc-NT-Account", L"Home-MDB" };
DWORD dwNumber = sizeof( pszAttrs ) /sizeof(LPWSTR);
hr = ADsBuildVarArrayStr( pszAttrs, dwNumber, &var );
hr = pADs->GetInfoEx(var, 0);
VariantClear(&var);
 
hr = pADs->Get(L"Assoc-NT-Account",&var);  
VariantClear(&var);
hr = pADs->Get(L"Home-MDB", &var);
VariantClear(&var);
}

Determining the heuristic value on an attribute in the Exchange 5.5 directory

To view the value of the heuristic property on an attribute in the Exchange 5.5 directory, use the Exchange Server Admin program in raw mode (admin.exe /r) to look up the attribute in the Schema and view its heuristics property. If the third bit is set to 1 (when you count right to left and start at 0), the attribute is an operational attribute.

For example, the Primary Windows NT Account attribute is named Assoc-NT-Account in LDAP. When you use LDAP and refer to this attribute, you must use the LDAP name in the same way that it is used in the sample code that is listed in this article. When you look up the attribute in the Exchange Directory schema, you must use the Exchange name for the attribute, which is Primary Windows NT Account. After you find the attribute in the Schema, view the properties of the object. The heuristic property of the Primary Windows NT Account (Assoc-NT-Account) property is set to 12 in decimal (which is 1100 in binary). The third bit is set to 1, which means the bit is an operational attribute.

For more information about how to determine the LDAP name of an attribute in Exchange 5.5, click the following article number to view the article in the Microsoft Knowledge Base:

237682 How to determine LDAP name for Exchange Server objects

Determining whether an attribute is an operational attribute in the Windows 2000 directory

Use ADSI Edit to look up the systemFlags attribute value on the attributeSchema object in the Schema Naming Context for Active Directory. An operational attribute is indicated by the ADS_SYSTEMFLAG_ATTR_IS_CONSTRUCTED flag that is set on this attribute.

For more information, see the following MSDN Help topic:

ADS_SYSTEMFLAG_ENUM
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adsi/adsi/ads_systemflag_enum.asp

REFERENCES

For more information about how to determine LDAP names, click the following article number to view the article in the Microsoft Knowledge Base:

237682 How to determine LDAP name for Exchange Server objects

For more information about the heuristic bits and operational attributes, see the following MSDN Help topics:

Active Directory Services Interface in the Microsoft Exchange 5.5 environment
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnactdir/html/msdn_adsiexch.asp

Modification Type:MinorLast Reviewed:6/23/2006
Keywords:kbDSWADSI2003Swept kbDSWADSI2003Swept kbMsg kbprb KB243440
©2004 Microsoft Corporation. All rights reserved.