It’s a permission problem.
When you run the console app, that app runs with your credentials, e.g. as «you».
The WCF service runs where? In IIS? Most likely, it runs under a separate account, which is not permissioned to query Active Directory.
You can either try to get the WCF impersonation thingie working, so that your own credentials get passed on, or you can specify a username/password on creating your DirectoryEntry:
DirectoryEntry directoryEntry =
new DirectoryEntry("LDAP://someserver.contoso.com/DC=contoso,DC=com",
userName, password);
OK, so it might not be the credentials after all (that’s usually the case in over 80% of the cases I see).
What about changing your code a little bit?
DirectorySearcher directorySearcher = new DirectorySearcher(directoryEntry);
directorySearcher.Filter = string.Format("(&(objectClass=user)(objectCategory=user) (sAMAccountName={0}))", username);
directorySearcher.PropertiesToLoad.Add("msRTCSIP-PrimaryUserAddress");
var result = directorySearcher.FindOne();
if(result != null)
{
if(result.Properties["msRTCSIP-PrimaryUserAddress"] != null)
{
var resultValue = result.Properties["msRTCSIP-PrimaryUserAddress"][0];
}
}
My idea is: why not tell the DirectorySearcher right off the bat what attribute you’re interested in? Then you don’t need to do another extra step to get the full DirectoryEntry from the search result (should be faster), and since you told the directory searcher to find that property, it’s certainly going to be loaded in the search result — so unless it’s null (no value set), then you should be able to retrieve it easily.
Marc
- Remove From My Forums
-
Question
-
Hello everyone,
I know this is a very common subject but I didn’t find answer to my problem either because it was related to AD Cmdlets, or Quest or other stuff.
So it is quite simple, I’m running the script on WIN7 with PS v2 and want to add it to an AD security group.
Here is my function:
Function AddTo-SecurityGroup { param($GroupAdd, $MemberDN) $Connection = "LDAP://$GroupAdd" $Group = [adsi] $Connection $Add = "LDAP://$MemberDN" try { $Group.Add($Add) $Member = $MemberDN.split(",")[0].split("=")[1] $GroupMember = $GroupAdd.split(",")[0].split("=")[1] write-log "$Member is added in $GroupMember Group" } Catch { write-log "warning $_ " $LogWarning } }$SecurityGroup = $ImportedConfigFile.Configuration.AdInformation.SecurityGroup.path $Computername = $env:COMPUTERNAME AddTo-SecurityGroup $SecurityGroup $ComputerName
The thing is, everytime I try to run it, I get this error: The following exception occured while retrieving member «Add»: «Unknown error (0x80005000)»
I checked the config file and my securitygroup is provided as follow:
<ADInformation> <Domain Name=""/> <SecurityGroup Path="LDAP://CN=GR01_L Security Group PKI,OU=Security Groups,OU=Groups,OU=Racine1,DC=test,DC=lab" /> </ADInformation>
Thanks a lot !
Answers
-
Since you are use the Add method of the group object, the SetInfo() method is not required. The Add method requires the ADsPath of the prospective member, similar to «LDAP://cn=computer,ou=Sales,ou=West,dc=MyDomain,dc=com». I generally also use the
IsMember method of the group object, to first check if the object (computer in this case) is already a member. Also, when you connect to the computer object (using [ADSI]) you must use the full distinguished name of the computer, not the NetBIOS name
retrieved from the environment. I use the ADSystemInfo object to retrieve the distinguished name of the local computer (or the current user). I would suggest the following:# Retrieve DN of local computer object in AD.
$SysInfo =
New-Object -ComObject
«ADSystemInfo»
$ComputerDN =
$SysInfo.GetType().InvokeMember(«ComputerName»,
«GetProperty», $Null,
$SysInfo, $Null)
$ComputerDN# Specify the group.
$Group =
[ADSI]«LDAP://cn=Test Group,ou=West,dc=MyDomain,dc=com»# Check if computer already a member of the group.
If ($Group.IsMember(«LDAP://$ComputerDN»)
-eq $False)
{
# Add the computer to the group.
$Group.Add(«LDAP://$ComputerDN»)
}-----
Of course, this assumes the person running the script has permissions to add members to the group.
Richard Mueller — MVP Directory Services
-
Marked as answer by
Thursday, June 7, 2012 1:18 PM
-
Marked as answer by
- Remove From My Forums
-
Question
-
Hi Guys,
We are trying to get azure to sync for our O365 deployment and are running into a bit of trouble.
we get the following error:
Unknown error (0x80005000)
what to do next:
no specific information is available for this error. Examine the log for details.
Everything in the log seems to be chugging along swimmingly until an error:
[15:45:23.677] [ 13] [ERROR] Caught exception while creating synchronization account.
Exception Data (Raw): System.DirectoryServices.ActiveDirectory.ActiveDirectoryOperationException: Unknown error (0x80005000) —> System.Runtime.InteropServices.COMException: Unknown error (0x80005000)
at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_AdsObject()
at System.DirectoryServices.PropertyValueCollection.PopulateList()
at System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry entry, String propertyName)
at System.DirectoryServices.PropertyCollection.get_Item(String propertyName)
at System.DirectoryServices.ActiveDirectory.PropertyManager.GetPropertyValue(DirectoryContext context, DirectoryEntry directoryEntry, String propertyName)
— End of inner exception stack trace —
at System.DirectoryServices.ActiveDirectory.PropertyManager.GetPropertyValue(DirectoryContext context, DirectoryEntry directoryEntry, String propertyName)
at System.DirectoryServices.ActiveDirectory.DirectoryEntryManager.ExpandWellKnownDN(WellKnownDN dn)
at System.DirectoryServices.ActiveDirectory.Domain.GetDirectoryEntry()
at Microsoft.Online.DirSync.Common.DirectoryServicesAdapter.Domain.GetDirectoryEntry()
at Microsoft.Online.DirSync.Common.DomainAccountUtility.UpdatePermissionsOnDomains(DomainCollection domains, SecurityIdentifier sid, AccessControlEntryUpdateAction actionType, ActiveDirectoryRights accessType, Guid accessRightsGuid, Boolean applyToAdminSDHolder,
Guid inheritedObject, ActiveDirectorySecurityInheritance inheritanceType)
at Microsoft.Online.Deployment.Types.ActiveDirectoryPermissionsHelper.UpdateAccessRightsOnAllDomainsInForest(NetworkCredential domainAdminCredential, String samAccountName, AccessControlEntryUpdateAction accessControlEntryUpdateAction, ActiveDirectoryRights
accessType, Guid accessRightsGuid, Boolean applyToAdminSDHolder, Guid inheritedObject, ActiveDirectorySecurityInheritance inheritanceType)
at Microsoft.Online.Deployment.Types.ActiveDirectoryPermissionsHelper.GrantReplicationGetChangesPermissionToAllDomainsInForest(NetworkCredential domainAdminCredential, String synchronizationAccountName)
at Microsoft.Online.Deployment.Types.Providers.SyncDataProvider.GrantAllActiveDirectoryPermissions(NetworkCredential enterpriseAdminCredential, String syncAccountName)
at Microsoft.Online.Deployment.Types.Providers.SyncDataProvider.CreateSynchronizationAccount(NetworkCredential domainAdminCredential, String installationIdentifier, String tenantDisplayName)
at Microsoft.Online.Deployment.OneADWizard.Runtime.Stages.ConfigureSyncEngineStage.StartADSyncConfigurationCore(IPersistedStateProvider persistedStateProvider, StatusChangedDelegate progressChanged)
[15:45:23.677] [ 13] [INFO ] ConfigureSyncEngineStage.StartADSyncConfiguration: AADConnectResult.Status=Failed
[15:45:23.682] [ 6] [INFO ] Starting Telemetry SendIs someone able to point me in the right direction?
please let me know if I can provide any further useful information.
Thanks,
Spencer
Answers
-
Hello,
According to the error, this problem occurs if the Azure Active Directory Sync Tool Configuration Wizard cannot configure the domain.
To solve this problem, make sure that all domain controllers are running in a healthy state. To determine which domain or domain controller is causing the problem, follow these steps:
- On the server on which the Azure Active Directory Sync Tool is installed, start Windows PowerShell.
- Run the following commands:
$Forest = [System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest().domains
$Forest
- Examine the information in the output.
In the following example, the dev.contoso.com domain is unreachable. You can determine this because information about the domain is missing in the output, as in the following example.
Forest : contoso.com DomainControllers : {ContosoDC01.contoso.com} Children : {dev.contoso.com} DomainMode : Windows2008R2Domain Parent : PdcRoleOwner : ContosoDC01.contoso.com RidRoleOwner : ContosoDC01.contoso.com InfrastructureRoleOwner : ContosoDC01.contoso.com
Name : contoso.com Forest : DomainControllers : Children : DomainMode : Parent : PdcRoleOwner : RidRoleOwner : InfrastructureRoleOwner : Name : dev.contoso.com - Investigate and resolve the problem. Most likely, the domain controller that’s hosting the domain is not running or is not in the network.
Best Regards,
Andy Liu
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact
tnmff@microsoft.com.-
Edited by
Thursday, November 24, 2016 2:55 AM
-
Marked as answer by
SpencerTuffnell
Monday, November 28, 2016 2:57 AM
| title | description | ms.date | ms.reviewer | ms.service | ms.subservice |
|---|---|---|---|---|---|
|
Error (Unknown error (0x80005000)) message when you run the Azure Active Directory Sync Tool Configuration Wizard |
Describes an issue where you receive an error message when you run the Azure Active Directory Sync Tool Configuration Wizard. Provides a resolution. |
06/08/2020 |
willfid |
active-directory |
enterprise-users |
Error when you run the Azure Active Directory Sync Tool Configuration Wizard: Unknown error (0x80005000)
This article provides a resolution to resolve an issue where you receive an error message when you run the Azure Active Directory Sync Tool Configuration Wizard.
Original product version: Office 365 Identity Management, Azure Active Directory, Cloud Services (Web roles/Worker roles), Microsoft Intune, Azure Backup
Original KB number: 3003331
Symptoms
When you run the Azure Active Directory Sync Tool Configuration Wizard, the tool fails, and you receive the following error message:
Error
Unknown error (0x80005000)
Cause
This problem occurs if the Azure Active Directory Sync Tool Configuration Wizard cannot configure the domain.
Resolution
To resolve this problem, make sure that all domain controllers are running in a healthy state. To determine which domain or domain controller is causing the problem, follow these steps:
-
On the server on which the Azure Active Directory Sync Tool is installed, start Windows PowerShell.
-
Run the following commands:
$Forest = [System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest().domains
-
Examine the information in the output.
In the following example, the
dev.contoso.comdomain is unreachable. You can determine this because information about the domain is missing in the output, as in the following example.Forest : contoso.com DomainControllers : {ContosoDC01.contoso.com} Children : {dev.contoso.com} DomainMode : Windows2008R2Domain Parent : PdcRoleOwner : ContosoDC01.contoso.com RidRoleOwner : ContosoDC01.contoso.com InfrastructureRoleOwner : ContosoDC01.contoso.com Name : contoso.com Forest : DomainControllers : Children : DomainMode : Parent : PdcRoleOwner : RidRoleOwner : InfrastructureRoleOwner : Name : dev.contoso.com -
Investigate and resolve the problem. Most likely, the domain controller that’s hosting the domain is not running or is not in the network.
[!INCLUDE Azure Help Support]
Was getting an error on every line except for the read-host lines «You cannot call a method on a null-valued expression.»
I restructured the snipit to look like
Powershell
$computer = [ADSI]"WinNT://$computerName" $Admin = $computer.Create("User","Admin2") $LUser = $computer.Create("User","LUser2") $AdminPassword = Read-Host -Prompt "Enter Admin password" -AsSecureString $LUserPassword = Read-Host -Prompt "Enter LUser password" -AsSecureString $Admin.setpassword($AdminPassword) $LUser.setpassword($LUserPassword) ([ADSI]"WinNT://$computerName/Administrators,group").Add("WinNT://$Admin") $flag = $Admin.UserFlags.value -bor 0x10000 $flag = $LUser.UserFlags.value -bor 0x10000 $Admin.SetInfo() $LUser.SetInfo()and now get the error «The following exception occurred while retrieving member «create»: «unknown error (0x80005000)» for both lines 2 & 3
(the previous errors persist)
That is because, with this snippet, $computerName isn’t defined. This is essentially what happened since $computerName was null:
Powershell
PS C:> $machine = [ADSI]"WinNT://" PS C:> $machine.Create("User","jdoe") The following exception occurred while retrieving member "Create": "Unknown error (0x80005000)" At line:1 char:1 + $machine.Create("User","jdoe") + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [], ExtendedTypeSystemException + FullyQualifiedErrorId : CatchFromBaseGetMember
Was this post helpful?
thumb_up
thumb_down
Есть скрипт:
$sourceOU = "OU=Workstations,OU=11,OU=Filials,DC=domain,DC=local"
$destinationOUs = Get-Content C:ou.txt
foreach ($destinationOU in $destinationOUs)
{
$adPath= "LDAP://" + $destinationOUs
import-module activedirectory
#Create OUs
$objDomain=New-Object System.DirectoryServices.DirectoryEntry($adPath)
$ObjSearch=New-Object System.DirectoryServices.DirectorySearcher($ObjDomain)
[array] $OUs = @()
$OUs = dsquery * $sourceOU -Filter "(objectCategory=organizationalUnit)" -limit 0
$OUsorted = $OUs | sort-object { $_.Length}
for ($k=0; $k -le $OUsorted.Count -1; $k++)
{
$OUtoCreate = ($OUsorted[$k] -replace $sourceOU,$destinationOUs).ToString()
$OUSearch = ($OUtoCreate -replace '"',"").ToString()
$ObjSearch.Filter = "(&(objectCategory=organizationalUnit)(distinguishedName="+ $OUSearch + "))"
$allSearchResult = $ObjSearch.FindAll()
if ($allSearchResult.Count -eq 1)
{
"No changes were done on = " + $OUtoCreate
}
else
{
dsadd ou $OUtoCreate
"OU Creation = " + $OUtoCreate
}
}
}
Есть файл, содержащий список $sourceOU, вида: OU=Workstations,OU=11,OU=Filials,DC=domain,DC=local в каждой строчке. Но работает только если в файле только одно значение. Если два и более не работает. Не могу понять почему 
Выдает ошибку:
Exception calling "FindAll" with "0" argument(s): "Unknown error (0x80005000)"
At line:30 char:5
+ $allSearchResult = $ObjSearch.FindAll()
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : COMException
dsadd : dsadd failed:OU=Workstations,OU=22,OU=Filials,DC=domain,DC=local OU=Workstations,OU=Ag. Krilatskoe,OU=Filials,DC=domain,DC=local:Directory object
not found.
At line:37 char:9
+ dsadd ou $OUtoCreate
+ ~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (dsadd failed:OU...ject not found.:String) [], RemoteException
+ FullyQualifiedErrorId : NativeCommandError
type dsadd /? for help.
OU Creation = "OU=Workstations,OU=22,OU=Filials,DC=domain,DC=local OU=Workstations,OU=Ag. Krilatskoe,OU=Filials,DC=domain,DC=local"В чем я ошибаюсь? Где не правильно?
-
Вопрос заданболее трёх лет назад
-
147 просмотров
В строчке $adPath= «LDAP://» + $destinationOUs вы указали $destinationOUs эта переменная содержит весь массив OU, вам надо было указать $destinationOU
Подобные проблемы легко можно обнаружить заменяя исполняемые команды более простыми, например Write-Host имя переменной, сразу все становится на свои места и понятно что откуда берется
Пригласить эксперта
1. Откройте скрипт в Powershell ISE, там есть функционал для дебага скриптов.
2. В Powershell есть нативный командлет для создания OU — New-ADOrganizationalUnit, зачем связываться с dsadd.
-
Показать ещё
Загружается…
04 июн. 2023, в 12:23
30000 руб./за проект
04 июн. 2023, в 12:18
20000 руб./за проект
04 июн. 2023, в 12:07
2000 руб./за проект
Минуточку внимания
- Home
- Microsoft
- Exchange 2013
- Exchange 2013 Powershell Error – No Exchange Servers Are Available In Any Active Directory sites
Written by Allen White on November 26, 2012. Posted in Exchange 2013
If you see this error when you try to run the Exchange 2013 power-shell..
+ CategoryInfo : OpenError: (System.Manageme….RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotin
gTransportException
+ FullyQualifiedErrorId : 1312,PSSessionOpenFailed
Exception calling “FindAll” with “0” argument(s): “Unknown error (0x80005000)”
At C:Program FilesMicrosoftExchange ServerV15binConnectFunctions.ps1:253 char:2
+ $search.FindAll()
+ ~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : COMException_AutoDiscoverAndConnect : No Exchange servers are available in any Active Directory sites. You can’t connect to remote
Powershell on a computer that only has the Management Tools role installed.
At C:Program FilesMicrosoftExchange ServerV15binConnectFunctions.ps1:45 char:4
+ _AutoDiscoverAndConnect $credential $Forest -useWIA:$useWIA -ClientApplicatio …
+
It is because you have not logged into your domain and you have logged into the Exchange 2013 server as a local user. To reslove this you can either log in again as a domain user with valid credentials or you can.
Right click the Exchange Powershell App from the gui formerley known as “metro”.
Now at the bottom of the screen the menu bar will appear as seen below, simply select run as Administrator then enter the Domain credentials.
Exchange 2013 Powershell will now run fine.
Allen White
Allen is an IT Consultant and holds the following accreditations. MCSA, MCSE, MCTS, MCITP, CCA, CCSP, VCP 4,5, 6 and HP ASE, AIS — Network Infrastructure.