RAPID PUBLISHING ARTICLES PROVIDE INFORMATION DIRECTLY FROM WITHIN THE MICROSOFT SUPPORT ORGANIZATION. THE INFORMATION CONTAINED HEREIN IS CREATED IN RESPONSE TO EMERGING OR UNIQUE TOPICS, OR IS INTENDED SUPPLEMENT OTHER KNOWLEDGE BASE INFORMATION.
We are using Identity Lifecycle Manager (ILM) to synchronize data into a target Active Directory Application Mode (ADAM) SP1 instance. When modifying the attribute grouptype in ADAM to set the value 2147483650 we find on reading the value back through ILM 2007 SP2 that we receive value -2147483646. Note that ILM is expecting to receive the same value when reading back the groupType value as that which it was updated with; otherwise the entry always becomes a candidate for modifying even though the "correct" value is already present in the ADAM directory.
This is done in accordance with the following MSDN article where positive values of group type are mentioned:
Group-Type Attribute http://msdn.microsoft.com/en-us/library/ms675935.aspx
LDAP stores the groupType Attribute as a Hexadecimal.
2147483650 converts to hexadecimal as 0x80000002
-2147483646 converts to hexadecimal as 0xFFFFFFFF80000002
The business side of the value is the hex value 80000002, while reading from LDAP the remaining nibbles are all Fs thus resulting into the value appearing as -2147483646 in decimal.
If you write -2147483646 to LDAP grouptype, then the written and the read values will match.
Recommended constant values for various group types when writing to ADAM/AD
Domain Local Security Group
Domain Local Distribution Group
Global Security Group
Global Distribution Group
Universal Security Group
MICROSOFT AND/OR ITS SUPPLIERS MAKE NO REPRESENTATIONS OR WARRANTIES ABOUT THE SUITABILITY, RELIABILITY OR ACCURACY OF THE INFORMATION CONTAINED IN THE DOCUMENTS AND RELATED GRAPHICS PUBLISHED ON THIS WEBSITE (THE “MATERIALS”) FOR ANY PURPOSE. THE MATERIALS MAY INCLUDE TECHNICAL INACCURACIES OR TYPOGRAPHICAL ERRORS AND MAY BE REVISED AT ANY TIME WITHOUT NOTICE.
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, MICROSOFT AND/OR ITS SUPPLIERS DISCLAIM AND EXCLUDE ALL REPRESENTATIONS, WARRANTIES, AND CONDITIONS WHETHER EXPRESS, IMPLIED OR STATUTORY, INCLUDING BUT NOT LIMITED TO REPRESENTATIONS, WARRANTIES, OR CONDITIONS OF TITLE, NON INFRINGEMENT, SATISFACTORY CONDITION OR QUALITY, MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, WITH RESPECT TO THE MATERIALS.