Executes standard operations on Active Directory directory service objects. Used by Microsoft Provisioning Framework (MPF).
Program Files\Microsoft Provisioning\Providers\MPFADProv.dll
The following table lists the errors returned by this .
HRESULT | Message |
---|---|
0xC2100FA2 | The required input element '%1' was not found in type '%2'. |
0xC2100FA3 | The input element '%1' is invalid in type '%2'. |
0xC2100FA4 | Unable to open object '%1'. |
0xC2100FA5 | The domain of the path does not match that of the preferredDomainController. |
0xC2100FA6 | Invalid mode attribute value for property. |
0xC2100FA7 | The 'preference' sub-element '%1' is missing or invalid. |
0xC2100FA8 | IDirectorySearch::GetNextRow failed. |
0xC2100FA9 | Unable to create '%1'. |
0xC2100FAA | Unable to delete '%1'. |
0xC2100FAB | Invalid parameter: '%1'. |
0xC2100FFA | The element name '%1' is not a valid expression operator. |
0xC2100FFB | An expression argument is missing. |
0xC2100FFC | Invalid enum string: '%1'. |
0xC2100FFD | The expression operator '%1' could not be evaluated. |
0xC2100FFE | An attempt was made to divide by zero. |
0xC2101068 | Invalid 'ace' sub-element name '%1'. |
0xC2101069 | The 'ace' sub-element '%1' has an invalid value of '%2'. |
0xC210106A | Missing 'ace' sub-element '%1'. |
0xC210106B | Only one 'ace' sub-element named '%1' is allowed per 'ace'. |
0xC210106C | The 'ace' sub-element 'trusteeForm' does not specify an object, but an object was specified. |
0xC210106D | The provided ACL was rejected by SetEntriesInAcl. |
0xC210106E | %1. |
0x8007001F | A device attached to the system is not functioning.
Create Object can return this for an invalid sAMAccountName. |
0x80005000 | Unspecified Error
Group Add, Group Remove and Group IsMember can return this for an invalid path element. |
0x80070057 | The parameter is incorrect.
Get DACL can return this when the user does not have read privilege on the object. |
Name | Active Directory Provider |
---|---|
Version | 1 |
Provider Source | Provisioning.ADProvider.1 |
Public Method | Description |
---|---|
Create Object | Creates an object of the specified schema class for the specified container. |
Delete Object | Deletes the specified object. |
Evaluate | Evaluates a simple expression and returns a regular expression. For example, you can use it to build and modify the values for an object's userAccountControl property. |
Get DACL | Returns the discretionary access control list (DACL) for the specified object. |
Get Properties | Returns one or more properties for an object. |
Get SACL | Returns the system access control list (SACL) for the specified object. |
Group Add | Adds an object to a group. |
Group IsMember | Checks whether an object is part of the specified group. |
Group Members | Returns the members of the specified group. |
Group Remove | Removes an object from a group. |
Lookup Account from SID | Returns the account name and Active Directory domain from a security identifier (SID). |
Make Path Domain Controller Specific | Forces a lightweight directory access protocol (LDAP) path to be domain-controller specific. |
Make Path Domain Specific | Modifies a given LDAP path to point to the Active Directory domain for the path's Domain Name System (DNS) host. |
Move Object | Moves the specified object. |
Path from DN | Converts a distinguished name (DN) to an LDAP path. |
Path from RN | Expands an object's relative name (RN) to its LDAP path. |
Path to DN | Converts an LDAP path to a distinguished name (DN). |
Rename Object | Renames the specified object. |
Search | Performs a directory search. |
Set Properties | Sets one or more properties for an object. |
Translate Name | Converts names between different Microsoft® Win32® naming conventions. |
Updates an object's security descriptor. The security descriptor consists of the discretionary access control list (DACL) that sets permissions and the system access control list (SACL) that sets auditing. | |
Changes user passwords. | |
Lists the groups for a user. | |
Sets a user's initial password. | |
Verifies that the user principal name (UPN) has a valid UPN suffix (any characters after the "@" character) and returns an error if it does not. More precisely, this procedure verifies that the suffix of the given UPN is in the given list of UPN suffixes. |
Applies To |