Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

ADSI/LDAP error: "-2147463155 (8000500d)"


View products that this article applies to.

Symptoms

When you use Active Directory Services Interface (ADSI) to query a Lightweight Directory Access Protocol (LDAP) version 3 Compliant Directory Server, you may receive the following error message:
Run-time error '-2147463155 (8000500d). The Active Directory property cannot be found in the cache.

↑ Back to the top


Cause

This problems occurs when you try to access an attribute that is not in the ADSI property cache.

There are three possible reasons why the attribute is not in the ADSI property cache:
  • The attribute may not exist on the object in the directory or it may not have a value set; therefore, although you explicitly request the attribute, it can not be brought down to the ADSI property cache.
  • If the user who tries to access this attribute does not have the required permission to access this property, ADSI cannot bring this attribute down to the property cache even when the user explicitly requests the attribute.
  • The attribute may be an operational attribute. Operational attributes are not loaded into the ADSI property cache by default. An operational attribute is an attribute that is implemented internally by a particular directory implementation that you must explicitly request.

↑ Back to the top


Resolution

To load an operational attribute into the cache, you must explicitly request it to be loaded into the property cache by using the IADs::GetInfoEx method.

↑ Back to the top


More information

The resolution is demonstrated by the following sample code for Visual Basic and Visual C++.

In Visual Basic

' Add reference to "ActiveDS Type Library"
Dim objIADs As IADs
Dim x As IADsOpenDSObject
Dim ADsPath As String

Set x = GetObject("LDAP:")

ADsPath = "LDAP://EXServer/cn=MYAlias/cn=recipients,ou=Site,o=Organization"

Set objIADs = x.OpenDSObject(ADsPath, "cn=NTUser,dc=NTDomain", "password", 0)

objIADs.GetInfoEx Array("Assoc-NT-Account","Home-MDB"), 0

Debug.Print objIADs.Get("Assoc-NT-Account")
Debug.Print objIADs.Get("Home-MDB")
				

In Visual C++

// Link with Activeds.lib and Adsiid.lib files.
#include <iads.h>
#include <activeds.h>

void main(){
IADs *pADs = NULL;
VARIANT var;
HRESULT hr;

hr = CoInitialize(NULL);

hr = ADsGetObject(L"LDAP://EXServer/cn=MYAlias/cn=recipients,ou=Site,o=Organization",
                  IID_IADs,
                  (void**)&pADs);
 
VariantInit(&var);
 
// Retrieve "Assoc-Nt-Account" and "Home-MDB" attribute values.
LPWSTR pszAttrs[] = { L"Assoc-NT-Account", L"Home-MDB" };
DWORD dwNumber = sizeof( pszAttrs ) /sizeof(LPWSTR);
hr = ADsBuildVarArrayStr( pszAttrs, dwNumber, &var );
hr = pADs->GetInfoEx(var, 0);
VariantClear(&var);
 
hr = pADs->Get(L"Assoc-NT-Account",&var);  
VariantClear(&var);
hr = pADs->Get(L"Home-MDB", &var);
VariantClear(&var);
}
				

Determining the heuristic value on an attribute in the Exchange 5.5 directory

To view the value of the heuristic property on an attribute in the Exchange 5.5 directory, use the Exchange Server Admin program in raw mode (admin.exe /r) to look up the attribute in the Schema and view its heuristics property. If the third bit is set to 1 (when you count right to left and start at 0), the attribute is an operational attribute.

For example, the Primary Windows NT Account attribute is named Assoc-NT-Account in LDAP. When you use LDAP and refer to this attribute, you must use the LDAP name in the same way that it is used in the sample code that is listed in this article. When you look up the attribute in the Exchange Directory schema, you must use the Exchange name for the attribute, which is Primary Windows NT Account. After you find the attribute in the Schema, view the properties of the object. The heuristic property of the Primary Windows NT Account (Assoc-NT-Account) property is set to 12 in decimal (which is 1100 in binary). The third bit is set to 1, which means the bit is an operational attribute.

For more information about how to determine the LDAP name of an attribute in Exchange 5.5, click the following article number to view the article in the Microsoft Knowledge Base:
237682 How to determine LDAP name for Exchange Server objects

Determining whether an attribute is an operational attribute in the Windows 2000 directory

Use ADSI Edit to look up the systemFlags attribute value on the attributeSchema object in the Schema Naming Context for Active Directory. An operational attribute is indicated by the ADS_SYSTEMFLAG_ATTR_IS_CONSTRUCTED flag that is set on this attribute.

For more information, see the following MSDN Help topic:

↑ Back to the top


References

For more information about how to determine LDAP names, click the following article number to view the article in the Microsoft Knowledge Base:
237682 How to determine LDAP name for Exchange Server objects
For more information about the heuristic bits and operational attributes, see the following MSDN Help topics:
Active Directory Services Interface in the Microsoft Exchange 5.5 environment
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnactdir/html/msdn_adsiexch.asp

↑ Back to the top


Properties

Retired KB Content Disclaimer
This article was written about products for which Microsoft no longer offers support. Therefore, this article is offered "as is" and will no longer be updated.

↑ Back to the top


Keywords: KB243440, kbprb, kbmsg, kbdswadsi2003swept, kbdswadsi2003swept

↑ Back to the top

Article Info
Article ID : 243440
Revision : 5
Created on : 6/23/2006
Published on : 6/23/2006
Exists online : False
Views : 823