Overview#
When using Microsoft Active Directory and LDAP WILL_NOT_PERFORM LDAP Result Codes could maybe returned.| LDAP Code | hex | SvcErr | Problem | Reference | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 053 | 0x0000052D | DSID-031A0FC0 | 5003 | ERROR_PASSWORD_RESTRICTION | |||||||||||
| 51C | 1308 | INVALID_PRIMARY_GROUP | This security ID may not be assigned as the primary groupof an object | ||||||||||||
| 51D | 1309 | NO_IMPERSONATION_TOKEN | An attempt has been made to operate on an impersonation token by a thread that is not currently impersonating a client | ||||||||||||
| 51E | 1310 | CANT_DISABLE_MANDATORY | The group may not be disabled | ||||||||||||
| 51F | 1311 | NO_LOGON_SERVERS | There are currently no logon servers available to service the logon request | ||||||||||||
| 520 | 1312 | NO_SUCH_LOGON_SESSION | A | specifieD | logon session does not exist. It may already havE | been terminated | |||||||||
| 521 | 1313 | NO_SUCH_PRIVILEGE | A | specifieD | privilegE | does not exist | |||||||||
| 522 | 1314 | PRIVILEGE_NOT_HELD | A | requireD | privilegE | is not helD | by thE | client | |||||||
| 523 | 1315 | INVALID_ACCOUNT_NAME | ThE | namE | provideD | is not A | properly formeD | account name | |||||||
| 524 | 1316 | USER_EXISTS | The specified user already exists | ||||||||||||
| 525 | 1317 | NO_SUCH_USER | ThE | specifieD | user does not exist | ||||||||||
| 526 | 1318 | GROUP_EXISTS | ThE | specifieD | group already exists | ||||||||||
| 527 | 1319 | NO_SUCH_GROUP | ThE | specifieD | group does not exist | ||||||||||
| 528 | 1320 | MEMBER_IN_GROUP | Either thE | specifieD | user account is already A | member oF | thE | specifieD | group, or thE | specifieD | group cannot bE | deleteD | becausE | it contains A | member |
| 529 | 1321 | MEMBER_NOT_IN_GROUP | ThE | specifieD | user account is not A | member oF | thE | specifieD | group account | ||||||
| 52A | 1322 | LAST_ADMIN | ThE | last remaining administration account cannot bE | disableD | or deleted | |||||||||
| 52B | 1323 | WRONG_PASSWORD | UnablE | to updatE | thE | password. ThE | valuE | provideD | as thE | current passworD | is incorrect | ||||
| 52C | 1324 | ILL_FORMED_PASSWORD | UnablE | to updatE | thE | password. ThE | valuE | provideD | for thE | new passworD | contains values that arE | not alloweD | in passwords | ||
| 52D | 1325 | PASSWORD_RESTRICTION | UnablE | to updatE | thE | password. ThE | valuE | provideD | for thE | new passworD | does not meet thE | length, complexity, or history requirement oF | thE | domain | |
| 52E | 1326 | LOGON_FAILURE | Logon failure | unknown user namE | or baD | password | |||||||||
| 52F | 1327 | ACCOUNT_RESTRICTION | Logon failure | user account restriction. PossiblE | reasons arE | blank passwords not allowed, logon hour restrictions, or A | policy restriction has been enforced | ||||||||
| 530 | 1328 | INVALID_LOGON_HOURS | Logon failure | account logon timE | restriction violation | ||||||||||
| 531 | 1329 | INVALID_WORKSTATION | Logon failure | user not alloweD | to log on to this computer | ||||||||||
| 532 | 1330 | PASSWORD_EXPIRED | Logon failure | thE | specifieD | account passworD | has expired | ||||||||
| 533 | 1331 | ACCOUNT_DISABLED | Logon failure | account currently disabled | |||||||||||
| 534 | 1332 | NONE_MAPPED | No mapping between account names anD | security IDs was done | |||||||||||
| 535 | 1333 | TOO_MANY_LUIDS_REQUESTED | Too many local user identifiers (LUIDs) werE | requesteD | at onE | time | |||||||||
| 536 | 1334 | LUIDS_EXHAUSTED | No morE | local user identifiers (LUIDs) arE | available | ||||||||||
| 537 | 1335 | INVALID_SUB_AUTHORITY | ThE | subauthority part oF | A | security ID | is invaliD | for this particular use | |||||||
| 538 | 1336 | INVALID_ACL | ThE | access control list (ACL) structurE | is invalid | ||||||||||
| 539 | 1337 | INVALID_SID | ThE | security ID | structurE | is invalid | |||||||||
| 53A | 1338 | INVALID_SECURITY_DESCR | ThE | security descriptor structurE | is invalid |
LDAP error 0x35. Unwilling To Perform (0000052D: SvcErr: DSID-031A0FC0, problem 5003 (WILL_NOT_PERFORM), data 0). 0x0000052D ERROR_PASSWORD_RESTRICTION "Unable to update the password. The value provided for the new password does not meet the length, complexity, or history requirements of the domain." - this often happens when trying to enable a user who has an empty password please see https://support.quest.com/SUPPORT/index?page=solution&id=SOL30430
LDAP error 0x35. Unwilling To Perform (00002185: SvcErr: DSID-031B0E21, problem 5003 (WILL_NOT_PERFORM), data -1946157056) 0x00002183 ERROR_DS_MODIFYDN_DISALLOWED_BY_ INSTANCE_TYPE "Rename or move operations on naming context heads or read-only objects are not allowed"
LDAP error 0x35.Unwilling To Perform (00002145: SvcErr: DSID-031A0FC0, problem 5003 (WILL_NOT_PERFORM), data 0). 0x00002145 ERROR_DS_GLOBAL_CANT_HAVE_UNIVERSAL_ MEMBER "A global group cannot have a universal group as a member" - could be caused by skipping grouptype attribute, this is not recommended, synchronized group scope should be same between source and target domains.
LDAP error 0x35. Unwilling To Perform (00002077: SvcErr: DSID-031903AF, problem 5003 (WILL_NOT_PERFORM), data 0). 0x00002077 ERROR_DS_ILLEGAL_MOD_OPERATION "Illegal modify operation. Some aspect of the modification is not permitted." - most often caused by DSA trying to modify msDS-Cached-Membership-Time-Stamp, msDS-Cached-Membership and msDS-Site-Affinity attributes, you can safely skip those please see https://support.quest.com/SUPPORT/index?page=solution&id=SOL15649
More Information#
There might be more information for this subject on one of the following: ...nobody- [#1] - http://blog.securism.com/2009/01/summarizing-pki-certificate-validation/
- based on 2013-04-10