Active Directory Management Agent Does Not Allow Distinguished Name Logon Credentials (269195)


The information in this article applies to:

  • Microsoft Metadirectory Services 2.2
This article was previously published under Q269195

SYMPTOMS

If the Management Agent (MA) logon information used to connect to Active Directory is specified as a distinguished name (DN), the MA cannot locate Active Directory. The operator's log may contain an error message similar to the following:
ERR_00 0590 00/07/20 14:54:10.202 (AD-MA_doSchemaDiscovery) Couldn't bind to bpdomain.local: LDAP error 49, Invalid Credentials.

CAUSE

This behavior occurs because the MA requires the user's credentials to be set up either as a user principal name, for example, user@domain.com, or in down-level domain format, for example, domain\user.

RESOLUTION

To resolve this behavior, you must set up the user's credentials either as a user principal name, or in down-level domain format.

STATUS

This behavior is by design.
Modification Type:MajorLast Reviewed:10/3/2003
Keywords:kbprb KB269195
©2003 Microsoft Corporation. All rights reserved.