I have a VC++ application that calls DsGetDcName() to determine the sites
(and domains) of servers in the network. I have found that DsGetDcName()
fails rather often, and the reason(s) is not obvious. The typical error code
is RPC_S_SERVER_UNAVAILABLE, although RPC_E_ACCESS_DENIED is popular, as
well. Often simply retrying the call will result in success (even for "access
denied"), but usually it does not.

I'm passing a NETBIOS name as the first parameter and requesting a DNS-style
name by setting flag DS_RETURN_DNS_NAME. If the initial call fails with
ERROR_NO_SUCH_DOMAIN, I set the DS_FORCE_REDISCOVERY flag and repeat the
call. If the call fails for any other reason, I wait a bit (200 ms, I
believe), and repeat the call. Ten strikes and you're out.

What can cause DsGetDcName() to fail (excluding the obvious situation where
the server is down or otherwise not accessible)?

Thanks,

-Nick

Hi,

I have recently become aware of the introduction of the
msDS-User-Account-Control-Computed attribute in Win2003 Active Directory. I
realise that it like the earlier UserAccountControl still has some
shortcomings but it was my understanding that the
msDS-User-Account-Control-Computed attribute was now reliable at indicating
UF_LOCKOUT. If this is incorrect, that is all I need confirmed by someone.

Up till now I have used the WinNT provider to access the lockout from the
UserFlags. Now, I need to upgrade to use the newer LDAP attribute
msDS-User-Account-Control-Computed if it in fact works. From articles I have
read it is a simple as getting the user object then getting the attribute,
whilst using [ ] around the name to overcome the problem with "-" in the
name.

Set X = ds.OpenDSObject(rs(0), cServerAccountName,
cServerAccountPassword, 0)

intUserAccountControl = X.[msDS-User-Account-Control-Computed]

Unfortunately, this gives me no value. Can anyone suggest where I should
look.

Hello,
I'm trying to generate a list of groups/OU's to which a user belongs
through ADSI and am having problems. My AD looks like

DC=FOO,DC=COM
---OU=OrgUnit1
-------CN=GlobalSecurityGroup1
------------------member=CN=User1,OU=OrgUnit1,DC=FOO,DC=COM
------------------member=CN=User2,OU=OrgUnit1,DC=FOO,DC=COM
------------------member=CN=User3,OU=OrgUnit1,DC=FOO,DC=COM
-------CN=User1
-------CN=User2
-------CN=User3
-------CN=BuiltIn
-------CN=Users

So I have a top level OU which contains 3 users, User1,User2 and User3. The
OU also contains GlobalSecurityGroup1 which has three members, User1,User2
and User3.

How can I use ADSI to generate a list of OUs/Groups to which User2 belongs?
I'd like to get a result set of GlobalSecurityGroup1 and OrgUnit1?

We have just upgraded to Windows 2003 R2 Sp2 AD from Windows 2000 SP4 AD.

One of our asp application that used to be able to bind using LDAP to one of
our Domain Controllers presented a ComException 0x80072020 error using the
bind string of "LDAP://newserver.domain.com" if I change the xml web config
file back to use a Windows 2000 server in the bind action the application
works fine.

I have removed LDAP signing reuqirements etc but I would like to know how to
resolve the bind problem with Windows 2003 R2 domain contrllers before I
upgrade the remaining Windows 2000 servers.

As a sidenote - the application uses the end users credentials and not
anonymous.