Overview#

When using Microsoft Active Directory and LDAP WILL_NOT_PERFORM LDAP Result Codes could maybe returned.

LDAP CodeHEXSvcErrProblemReference
0530x0000052DDSID-031A0FC05003ERROR_PASSWORD_RESTRICTION
51C1308INVALID_PRIMARY_GROUPThis security ID may not be assigned as the primary groupof an object
51D1309NO_IMPERSONATION_TOKENAn attempt has been made to operate on an impersonation token by a thread that is not currently impersonating a client
51E1310CANT_DISABLE_MANDATORYThe group may not be disabled
51F1311NO_LOGON_SERVERSThere are currently no logon servers available to service the logon request
5201312NO_SUCH_LOGON_SESSIONAspecifieDlogon session does not exist. It may already havEbeen terminated
5211313NO_SUCH_PRIVILEGEAspecifieDprivilegEdoes not exist
5221314PRIVILEGE_NOT_HELDArequireDprivilegEis not helDby thEclient
5231315INVALID_ACCOUNT_NAMEThEnamEprovideDis not Aproperly formeDaccount name
5241316USER_EXISTSThe specified user already exists
5251317NO_SUCH_USERThEspecifieDuser does not exist
5261318GROUP_EXISTSThEspecifieDgroup already exists
5271319NO_SUCH_GROUPThEspecifieDgroup does not exist
5281320MEMBER_IN_GROUPEither thEspecifieDuser account is already Amember oFthEspecifieDgroup, or thEspecifieDgroup cannot bEdeleteDbecausEit contains Amember
5291321MEMBER_NOT_IN_GROUPThEspecifieDuser account is not Amember oFthEspecifieDgroup account
52A1322LAST_ADMINThElast remaining administration account cannot bEdisableDor deleted
52B1323WRONG_PASSWORDUnablEto updatEthEpassword. ThEvaluEprovideDas thEcurrent passworDis incorrect
52C1324ILL_FORMED_PASSWORDUnablEto updatEthEpassword. ThEvaluEprovideDfor thEnew passworDcontains values that arEnot alloweDin passwords
52D1325PASSWORD_RESTRICTIONUnablEto updatEthEpassword. ThEvaluEprovideDfor thEnew passworDdoes not meet thElength, complexity, or history requirement oFthEdomain
52E1326LOGON_FAILURELogon failureunknown user namEor baDpassword
52F1327ACCOUNT_RESTRICTIONLogon failureuser account restriction. PossiblEreasons arEblank passwords not allowed, logon hour restrictions, or Apolicy restriction has been enforced
5301328INVALID_LOGON_HOURSLogon failureaccount logon timErestriction violation
5311329INVALID_WORKSTATIONLogon failureuser not alloweDto log on to this computer
5321330PASSWORD_EXPIREDLogon failurethEspecifieDaccount passworDhas expired
5331331ACCOUNT_DISABLEDLogon failureaccount currently disabled
5341332NONE_MAPPEDNo mapping between account names anDsecurity IDs was done
5351333TOO_MANY_LUIDS_REQUESTEDToo many local user identifiers (LUIDs) werErequesteDat onEtime
5361334LUIDS_EXHAUSTEDNo morElocal user identifiers (LUIDs) arEavailable
5371335INVALID_SUB_AUTHORITYThEsubauthority part oFAsecurity IDis invaliDfor this particular use
5381336INVALID_ACLThEaccess control list (ACL) structurEis invalid
5391337INVALID_SIDThEsecurity IDstructurEis invalid
53A1338INVALID_SECURITY_DESCRThEsecurity descriptor structurEis invalid
"Unable to update the password. The value provided for the new password does not meet the length, complexity, or history requirements of the domain." - this often happens when trying to enable a user who has an empty password|https://support.quest.com/SUPPORT/index?page=solution&id=SOL30430

LDAP error 0x35. Unwilling To Perform (0000052D: SvcErr: DSID-031A0FC0, problem 5003 (WILL_NOT_PERFORM), data 0). 0x0000052D ERROR_PASSWORD_RESTRICTION "Unable to update the password. The value provided for the new password does not meet the length, complexity, or history requirements of the domain." - this often happens when trying to enable a user who has an empty password please see https://support.quest.com/SUPPORT/index?page=solution&id=SOL30430

LDAP error 0x35. Unwilling To Perform (00002185: SvcErr: DSID-031B0E21, problem 5003 (WILL_NOT_PERFORM), data -1946157056) 0x00002183 ERROR_DS_MODIFYDN_DISALLOWED_BY_ INSTANCE_TYPE "Rename or move operations on naming context heads or read-only objects are not allowed"

LDAP error 0x35.Unwilling To Perform (00002145: SvcErr: DSID-031A0FC0, problem 5003 (WILL_NOT_PERFORM), data 0). 0x00002145 ERROR_DS_GLOBAL_CANT_HAVE_UNIVERSAL_ MEMBER "A global group cannot have a universal group as a member" - could be caused by skipping grouptype attribute, this is not recommended, synchronized group scope should be same between source and target domains.

LDAP error 0x35. Unwilling To Perform (00002077: SvcErr: DSID-031903AF, problem 5003 (WILL_NOT_PERFORM), data 0). 0x00002077 ERROR_DS_ILLEGAL_MOD_OPERATION "Illegal modify operation. Some aspect of the modification is not permitted." - most often caused by DSA trying to modify msDS-Cached-Membership-Time-Stamp, msDS-Cached-Membership and msDS-Site-Affinity attributes, you can safely skip those please see https://support.quest.com/SUPPORT/index?page=solution&id=SOL15649

More Information#

There might be more information for this subject on one of the following: ...nobody

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-7) was last changed on 04-Aug-2016 12:39 by jim