"65 = 'Object Class Violation' for Operation on Objects" Error When You Use ADMA to Manage Objects (322268)


The information in this article applies to:

  • Microsoft Metadirectory Services 2.2
  • Microsoft Metadirectory Services 2.2 SP1
This article was previously published under Q322268

SYMPTOMS

When you use the Active Directory Management Agent (ADMA) to manage objects in an AD forest, the following error is reported in the Dslib.log file:
ERR_00 05d8 02/04/05 10:11:15.100 (AD-MA_dataFlowFromMdToAd) AD returned 65 = 'Object Class Violation' for operation on object CN=Doe\, JOHN,OU=Primary Group,DC=dstest,DC=com

CAUSE

This problem occurs because an attribute that is specified in an ADD request or MODIFY request is not being associated with the current object class. For example, in the default AD schema, attempts to add the EmployeeNumber attribute to an object of class user result in this error. However, attempts to add the EmployeeID attribute are successful.

RESOLUTION

To modify the object class user to accept EmployeeNumber as a valid attribute, use the Active Directory Schema snap-in.

To do this, follow these steps.

NOTE: You can also use the same technique to modify any other attribute-object class pair.

NOTE: Both the currently logged in user and the Schema master domain controller must be able to modify the schema.

Install the Active Directory Schema Snap-in

  1. Log on as an administrator.
  2. Insert the Windows 2000 Server CD into your CD drive, and then click Browse this CD.
  3. Double-click the I386 folder, double-click Adminpak, and then follow the instructions that are displayed in the Windows 2000 Administration Tools Setup Wizard.
  4. Click Start, click Run, type mmc /a, and then click OK.
  5. Click Add/Remove Snap-in on the Console menu, and then click Add.
  6. Under Snap-in, double-click Active Directory Schema, and then click Close.
  7. If you have no more snap-ins to add to the console, click OK.
  8. To save this console, click Save on the Console menu.
  9. Type Schema Manager in the File name box, and then click Save.

Modify the Schema

  1. Log on to Active Directory as a member of the Schema Admins group.
  2. Start the Schema snap-in: click Start, point to Programs, and then click Administrative Tools.
  3. On the Tree tab in the left window, expand the Active Directory Schema node.
  4. Open the Classes node.
  5. Scroll down the (alphabetically sorted) list to user.
  6. Right-click the user object, and then click Properties on the shortcut menu.
  7. Click Attributes tab.
  8. Verify that EmployeeNumber is not listed in the Optional window.
  9. Click the Add button.
  10. Scroll down the list to EmployeeNumber.
  11. Click OK, click Apply, and then click OK to close the Add Attribute dialog box.
  12. Scroll to the top of the left window.
  13. Right-click the Active Directory Schema object, and then click Reload the Schema on the shortcut menu.
  14. Quit the Schema snap-in.

    NOTE: There may be a 30-minute delay between the time that you modify the schema and when the changes you have applied become effective.
Modification Type:MajorLast Reviewed:8/14/2006
Keywords:kbprb KB322268
©2004 Microsoft Corporation. All rights reserved.