This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
WILL_NOT_PERFORM...nobody
WILL_NOT_PERFORM

Version management

Difference between version and

At line 1 added 57 lines
!!! Overview
When using [Microsoft Active Directory] and LDAP [{$pagename}] [LDAP Result Codes] could maybe returned.
||LDAP Code||[hex]||SvcErr||Problem||Reference
|053|0x0000052D|DSID-031A0FC0|5003|[ERROR_PASSWORD_RESTRICTION]
|51C|1308|[INVALID_PRIMARY_GROUP]|This security ID may not be assigned as the primary groupof an object
|51D|1309|[NO_IMPERSONATION_TOKEN]|An attempt has been made to operate on an [impersonation] token by a thread that is not currently impersonating a client
|51E|1310|CANT_DISABLE_MANDATORY|The group may not be disabled
|51F|1311|NO_LOGON_SERVERS|There are currently no logon servers available to service the logon request
|520|1312|NO_SUCH_LOGON_SESSION|A|specifieD|logon session does not exist. It may already havE|been terminated
|521|1313|NO_SUCH_PRIVILEGE|A|specifieD|privilegE|does not exist
|522|1314|PRIVILEGE_NOT_HELD|A|requireD|privilegE|is not helD|by thE|client
|523|1315|INVALID_ACCOUNT_NAME|ThE|namE|provideD|is not A|properly formeD|account name
|524|1316|USER_EXISTS|The specified user already exists
|525|1317|NO_SUCH_USER|ThE|specifieD|user does not exist
|526|1318|GROUP_EXISTS|ThE|specifieD|group already exists
|527|1319|NO_SUCH_GROUP|ThE|specifieD|group does not exist
|528|1320|MEMBER_IN_GROUP|Either thE|specifieD|user account is already A|member oF|thE|specifieD|group, or thE|specifieD|group cannot bE|deleteD|becausE|it contains A|member
|529|1321|MEMBER_NOT_IN_GROUP|ThE|specifieD|user account is not A|member oF|thE|specifieD|group account
|52A|1322|LAST_ADMIN|ThE|last remaining administration account cannot bE|disableD|or deleted
|52B|1323|WRONG_PASSWORD|UnablE|to updatE|thE|password. ThE|valuE|provideD|as thE|current passworD|is incorrect
|52C|1324|ILL_FORMED_PASSWORD|UnablE|to updatE|thE|password. ThE|valuE|provideD|for thE|new passworD|contains values that arE|not alloweD|in passwords
|52D|1325|PASSWORD_RESTRICTION|UnablE|to updatE|thE|password. ThE|valuE|provideD|for thE|new passworD|does not meet thE|length, complexity, or history requirement oF|thE|domain
|52E|1326|LOGON_FAILURE|Logon failure|unknown user namE|or baD|password
|52F|1327|ACCOUNT_RESTRICTION|Logon failure|user account restriction. PossiblE|reasons arE|blank passwords not allowed, logon hour restrictions, or A|policy restriction has been enforced
|530|1328|INVALID_LOGON_HOURS|Logon failure|account logon timE|restriction violation
|531|1329|INVALID_WORKSTATION|Logon failure|user not alloweD|to log on to this computer
|532|1330|PASSWORD_EXPIRED|Logon failure|thE|specifieD|account passworD|has expired
|533|1331|ACCOUNT_DISABLED|Logon failure|account currently disabled
|534|1332|NONE_MAPPED|No mapping between account names anD|security IDs was done
|535|1333|TOO_MANY_LUIDS_REQUESTED|Too many local user identifiers (LUIDs) werE|requesteD|at onE|time
|536|1334|LUIDS_EXHAUSTED|No morE|local user identifiers (LUIDs) arE|available
|537|1335|INVALID_SUB_AUTHORITY|ThE|subauthority part oF|A|security ID|is invaliD|for this particular use
|538|1336|INVALID_ACL|ThE|access control list (ACL) structurE|is invalid
|539|1337|INVALID_SID|ThE|security ID|structurE|is invalid
|53A|1338|INVALID_SECURITY_DESCR|ThE|security descriptor structurE|is invalid
"Unable to update the password. The value provided for the new password does not meet the length, complexity, or history requirements of the domain." - this often happens when trying to enable a user who has an empty password|https://support.quest.com/SUPPORT/index?page=solution&id=SOL30430
LDAP error 0x35. Unwilling To Perform (0000052D: SvcErr: DSID-031A0FC0, problem 5003 (WILL_NOT_PERFORM), data 0).
0x0000052D ERROR_PASSWORD_RESTRICTION "Unable to update the password. The value provided for the new password does not meet the length, complexity, or history requirements of the domain." - this often happens when trying to enable a user who has an empty password
please see https://support.quest.com/SUPPORT/index?page=solution&id=SOL30430
LDAP error 0x35. Unwilling To Perform (00002185: SvcErr: DSID-031B0E21, problem 5003 (WILL_NOT_PERFORM), data -1946157056)
0x00002183 ERROR_DS_MODIFYDN_DISALLOWED_BY_ INSTANCE_TYPE "Rename or move operations on naming context heads or read-only objects are not allowed"
LDAP error 0x35.Unwilling To Perform (00002145: SvcErr: DSID-031A0FC0, problem 5003 (WILL_NOT_PERFORM), data 0).
0x00002145 ERROR_DS_GLOBAL_CANT_HAVE_UNIVERSAL_ MEMBER "A global group cannot have a universal group as a member" - could be caused by skipping grouptype attribute, this is not recommended, synchronized group scope should be same between source and target domains.
LDAP error 0x35. Unwilling To Perform (00002077: SvcErr: DSID-031903AF, problem 5003 (WILL_NOT_PERFORM), data 0).
0x00002077 ERROR_DS_ILLEGAL_MOD_OPERATION "Illegal modify operation. Some aspect of the modification is not permitted." - most often caused by DSA trying to modify msDS-Cached-Membership-Time-Stamp, msDS-Cached-Membership and msDS-Site-Affinity attributes, you can safely skip those
please see https://support.quest.com/SUPPORT/index?page=solution&id=SOL15649
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [http://blog.securism.com/2009/01/summarizing-pki-certificate-validation/|http://blog.securism.com/2009/01/summarizing-pki-certificate-validation/|target='_blank'] - based on 2013-04-10
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop