DetailPage-MSS-KB

Microsoft small business knowledge base

Article ID: 969194 - Last Review: March 18, 2009 - Revision: 1.0

Source: Microsoft Support

RAPID PUBLISHING

RAPID PUBLISHING ARTICLES PROVIDE INFORMATION DIRECTLY FROM WITHIN THE MICROSOFT SUPPORT ORGANIZATION. THE INFORMATION CONTAINED HEREIN IS CREATED IN RESPONSE TO EMERGING OR UNIQUE TOPICS, OR IS INTENDED SUPPLEMENT OTHER KNOWLEDGE BASE INFORMATION.

Symptom



We are using Identity Lifecycle Manager (ILM) to synchronize data into a target Active Directory Application Mode (ADAM) SP1 instance. When modifying the attribute grouptype in ADAM to set the value 2147483650 we find on reading the value back through ILM 2007 SP2 that we receive value -2147483646. Note that ILM is expecting to receive the same value when reading back the groupType value as that which it was updated with; otherwise the entry always becomes a candidate for modifying even though the "correct" value is already present in the ADAM directory.

This is done in accordance with the following MSDN article where positive values of group type are mentioned:

Group-Type Attribute
http://msdn.microsoft.com/en-us/library/ms675935.aspx (http://msdn.microsoft.com/en-us/library/ms675935.aspx)

Cause

LDAP stores the groupType Attribute as a Hexadecimal.

2147483650 converts to hexadecimal as 0x80000002
-2147483646 converts to hexadecimal as 0xFFFFFFFF80000002

The business side of the value is the hex value 80000002, while reading from LDAP the remaining nibbles are all Fs thus resulting into the value appearing as -2147483646 in decimal.

Resolution

If you write -2147483646 to LDAP grouptype, then the written and the read values will match.

More Information

Recommended constant values for various group types when writing to ADAM/AD

Domain Local Security Group
0x80000004 (-2147483644)

Domain Local Distribution Group
0x00000004

Global Security Group
0x80000002 (-2147483646)

Global Distribution Group
0x00000002

Universal Security Group
0x80000008 (-2147483640)

DISCLAIMER

MICROSOFT AND/OR ITS SUPPLIERS MAKE NO REPRESENTATIONS OR WARRANTIES ABOUT THE SUITABILITY, RELIABILITY OR ACCURACY OF THE INFORMATION CONTAINED IN THE DOCUMENTS AND RELATED GRAPHICS PUBLISHED ON THIS WEBSITE (THE “MATERIALS”) FOR ANY PURPOSE. THE MATERIALS MAY INCLUDE TECHNICAL INACCURACIES OR TYPOGRAPHICAL ERRORS AND MAY BE REVISED AT ANY TIME WITHOUT NOTICE.

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, MICROSOFT AND/OR ITS SUPPLIERS DISCLAIM AND EXCLUDE ALL REPRESENTATIONS, WARRANTIES, AND CONDITIONS WHETHER EXPRESS, IMPLIED OR STATUTORY, INCLUDING BUT NOT LIMITED TO REPRESENTATIONS, WARRANTIES, OR CONDITIONS OF TITLE, NON INFRINGEMENT, SATISFACTORY CONDITION OR QUALITY, MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, WITH RESPECT TO THE MATERIALS.

APPLIES TO
  • Microsoft Identity Lifecycle Manager 2007
Keywords: 
kbrapidpub kbnomt KB969194
Share
Additional support options
Ask The Microsoft Small Business Support Community
Contact Microsoft Small Business Support
Find Microsoft Small Business Support Certified Partner
Find a Microsoft Store For In-Person Small Business Support