| Author |
Message |
Paul Liderman
Guest
|
 Posted:
Tue Jan 11, 2005 10:19 pm Post subject:
Cannot Add user proxy object |
|
|
I am trying to create a user proxy object that points to an NT 4.0 user
account. I am able to crate proxy objects for a number of NT 4.0 domains,
except for two or three domains and I cannot figure out what the problem is.
I am trying to add a couple of test objects form ADSIEdit and I keep getting
the following error, “The modification was not permitted for security
reasons.” I enabled logging on the ADAM server, and am I able to see the
following two event log entries, but unfortunately they don’t tell me much.
1. Event_ID: 1138 - Internal event: Function ldap_add entered.
2. Event_ID: 1535 - Internal event: The LDAP server returned an error.
Additional Data
Error value:
000020E7: SvcErr: DSID-0315297C, problem 5003 (WILL_NOT_PERFORM), data 1788
This is somewhat of a unique ADAM SSO deployment; I have a Windows 2003
Domain with a number of two-way TRUSTS to NT 4.0 domains. My ADAM servers
are part of the AD domain, and the ADAM instance is running as a domain
account. I am able to create proxy objects pointing to most of the domains,
except for two domains.
All the TRUSTS have been verified.
Any ideas on how I can further troubleshoot this issues?
Thanks.
Paul Liderman |
|
| Back to top |
|
 |
Lee Flight
Guest
|
| Posted:
Tue Jan 11, 2005 11:48 pm Post subject:
Re: Cannot Add user proxy object |
|
|
Hi
I think that the 1788 code you are getting back below is likely to be
1788
ERROR_TRUSTED_DOMAIN_FAILURE winerror.h
The trust relationship between the primary domain and the
trusted domain failed.
Beyond that I cannot help as I have no experience of NT4 trusts. I assume
that when you say the trusts have been verified that's using the credentials
of the ADAM Administrator?
Lee Flight
"Paul Liderman" <pliderman@yahoo.com> wrote in message
news:E5FC8A4D-F46D-478D-B562-723E4F2E8B42@microsoft.com...
| Quote: | I am trying to create a user proxy object that points to an NT 4.0 user
account. I am able to crate proxy objects for a number of NT 4.0 domains,
except for two or three domains and I cannot figure out what the problem
is.
I am trying to add a couple of test objects form ADSIEdit and I keep
getting
the following error, "The modification was not permitted for security
reasons." I enabled logging on the ADAM server, and am I able to see the
following two event log entries, but unfortunately they don't tell me
much.
1. Event_ID: 1138 - Internal event: Function ldap_add entered.
2. Event_ID: 1535 - Internal event: The LDAP server returned an error.
Additional Data
Error value:
000020E7: SvcErr: DSID-0315297C, problem 5003 (WILL_NOT_PERFORM), data
1788
This is somewhat of a unique ADAM SSO deployment; I have a Windows 2003
Domain with a number of two-way TRUSTS to NT 4.0 domains. My ADAM servers
are part of the AD domain, and the ADAM instance is running as a domain
account. I am able to create proxy objects pointing to most of the
domains,
except for two domains.
All the TRUSTS have been verified.
Any ideas on how I can further troubleshoot this issues?
Thanks.
Paul Liderman |
|
|
| Back to top |
|
|
Paul Liderman
Guest
|
| Posted:
Fri Jan 14, 2005 10:41 pm Post subject:
Re: Cannot Add user proxy object |
|
|
Lee -
You were correct, the few domains that had the issue, had the TRUST working
only in direction.
Thanks for your help.
Paul--
"Lee Flight" wrote:
| Quote: | Hi
I think that the 1788 code you are getting back below is likely to be
1788
ERROR_TRUSTED_DOMAIN_FAILURE winerror.h
The trust relationship between the primary domain and the
trusted domain failed.
Beyond that I cannot help as I have no experience of NT4 trusts. I assume
that when you say the trusts have been verified that's using the credentials
of the ADAM Administrator?
Lee Flight
"Paul Liderman" <pliderman@yahoo.com> wrote in message
news:E5FC8A4D-F46D-478D-B562-723E4F2E8B42@microsoft.com...
I am trying to create a user proxy object that points to an NT 4.0 user
account. I am able to crate proxy objects for a number of NT 4.0 domains,
except for two or three domains and I cannot figure out what the problem
is.
I am trying to add a couple of test objects form ADSIEdit and I keep
getting
the following error, "The modification was not permitted for security
reasons." I enabled logging on the ADAM server, and am I able to see the
following two event log entries, but unfortunately they don't tell me
much.
1. Event_ID: 1138 - Internal event: Function ldap_add entered.
2. Event_ID: 1535 - Internal event: The LDAP server returned an error.
Additional Data
Error value:
000020E7: SvcErr: DSID-0315297C, problem 5003 (WILL_NOT_PERFORM), data
1788
This is somewhat of a unique ADAM SSO deployment; I have a Windows 2003
Domain with a number of two-way TRUSTS to NT 4.0 domains. My ADAM servers
are part of the AD domain, and the ADAM instance is running as a domain
account. I am able to create proxy objects pointing to most of the
domains,
except for two domains.
All the TRUSTS have been verified.
Any ideas on how I can further troubleshoot this issues?
Thanks.
Paul Liderman
|
|
|
| Back to top |
|
|
Lee Flight
Guest
|
| Posted:
Sat Jan 15, 2005 12:02 am Post subject:
Re: Cannot Add user proxy object |
|
|
Glad you fixed it,
thanks for following up
Lee Flight
"Paul Liderman" <pliderman@yahoo.com> wrote in message
news:48D7A63C-7B29-4EBA-B349-B6A7A4ECAE68@microsoft.com...
| Quote: | Lee -
You were correct, the few domains that had the issue, had the TRUST
working
only in direction.
Thanks for your help.
Paul--
"Lee Flight" wrote:
Hi
I think that the 1788 code you are getting back below is likely to be
1788
ERROR_TRUSTED_DOMAIN_FAILURE winerror.h
The trust relationship between the primary domain and the
trusted domain failed.
Beyond that I cannot help as I have no experience of NT4 trusts. I assume
that when you say the trusts have been verified that's using the
credentials
of the ADAM Administrator?
Lee Flight
"Paul Liderman" <pliderman@yahoo.com> wrote in message
news:E5FC8A4D-F46D-478D-B562-723E4F2E8B42@microsoft.com...
I am trying to create a user proxy object that points to an NT 4.0 user
account. I am able to crate proxy objects for a number of NT 4.0
domains,
except for two or three domains and I cannot figure out what the
problem
is.
I am trying to add a couple of test objects form ADSIEdit and I keep
getting
the following error, "The modification was not permitted for security
reasons." I enabled logging on the ADAM server, and am I able to see
the
following two event log entries, but unfortunately they don't tell me
much.
1. Event_ID: 1138 - Internal event: Function ldap_add entered.
2. Event_ID: 1535 - Internal event: The LDAP server returned an error.
Additional Data
Error value:
000020E7: SvcErr: DSID-0315297C, problem 5003 (WILL_NOT_PERFORM), data
1788
This is somewhat of a unique ADAM SSO deployment; I have a Windows 2003
Domain with a number of two-way TRUSTS to NT 4.0 domains. My ADAM
servers
are part of the AD domain, and the ADAM instance is running as a domain
account. I am able to create proxy objects pointing to most of the
domains,
except for two domains.
All the TRUSTS have been verified.
Any ideas on how I can further troubleshoot this issues?
Thanks.
Paul Liderman
|
|
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in