Active Directory Provider

Executes standard operations on Microsoft. Active Directory. objects. Used by Microsoft. Provisioning Framework.


Program Files\Microsoft Provisioning\Providers\MPFADProv.dll


Name Active Directory Provider
Version 1
Provider Source Provisioning.ADProvider.1


Procedure Description
Create Object Creates an object of the specified schema class for the specified container.
Delete Object Deletes the specified object.
Evaluate Evaluates a simple expression and returns a regular expression. For example, you can use it to build and modify the values for an object's userAccountControl property.
Get DACL Returns the discretionary access control list (DACL) for the specified object.
Get Properties Returns one or more properties for an object.
Get SACL Returns the system access control list (SACL) for the specified object.
Group Add Adds an object to a group.
Group IsMember Checks whether an object is part of the specified group.
Group Members Returns the members of the specified group.
Group Remove Removes an object from a group.
Lookup Account from SID Returns the account name and Active Directory domain from a security identifier (SID).
Make Path Domain Controller Specific Forces a lightweight directory access protocol (LDAP) path to be domain-controller specific.
Make Path Domain Specific Modifies a given LDAP path to point to the Active Directory domain for the path's Domain Name System (DNS) host.
Move Object Moves the specified object.
Path from DN Converts a distinguished name (DN) to an LDAP path.
Path from RN Expands an object's relative name (RN) to its LDAP path.
Path to DN Converts an LDAP path to a distinguished name (DN).
Rename Object Renames the specified object.
Search Performs a directory search.
Set Properties Sets one or more properties for an object.
Translate Name Converts names between different Microsoft. Win32. naming conventions.
Update ACL Updates an object's security descriptor. The security descriptor consists of the discretionary access control list (DACL) that sets permissions and the system access control list (SACL) that sets auditing.
User Change Password Changes user passwords.
User Groups Lists the groups for a user.
User Set Password Sets a user's initial password.
Verify UPN Verifies that the user principal name (UPN) has a valid UPN suffix (any characters after the "@" character) and returns an error if it does not. More precisely, this procedure verifies that the suffix of the given UPN is in the given list of UPN suffixes.


The following table lists the errors returned by this provider.

0xC2100FA2 The required input element '%1' was not found in type '%2'.
0xC2100FA3 The input element '%1' is invalid in type '%2'.
0xC2100FA4 Unable to open object '%1'.
0xC2100FA5 The domain of the path does not match that of the preferredDomainController.
0xC2100FA6 Invalid mode attribute value for property.
0xC2100FA7 The 'preference' sub-element '%1' is missing or invalid.
0xC2100FA8 IDirectorySearch::GetNextRow failed.
0xC2100FA9 Unable to create '%1'.
0xC2100FAA Unable to delete '%1'.
0xC2100FAB Invalid parameter: '%1'.
0xC2100FFA The element name '%1' is not a valid expression operator.
0xC2100FFB An expression argument is missing.
0xC2100FFC Invalid enum string: '%1'.
0xC2100FFD The expression operator '%1' could not be evaluated.
0xC2100FFE An attempt was made to divide by zero.
0xC2101068 Invalid 'ace' sub-element name '%1'.
0xC2101069 The 'ace' sub-element '%1' has an invalid value of '%2'.
0xC210106A Missing 'ace' sub-element '%1'.
0xC210106B Only one 'ace' sub-element named '%1' is allowed per 'ace'.
0xC210106C The 'ace' sub-element 'trusteeForm' does not specify an object, but an object was specified.
0xC210106D The provided ACL was rejected by SetEntriesInAcl.
0xC210106E %1.
0x8007001F A device attached to the system is not functioning.

Create Object can return this for an invalid sAMAccountName.

0x80005000 Unspecified Error

Group Add, Group Remove and Group IsMember can return this for an invalid path element.

0x80070057 The parameter is incorrect.

Get DACL can return this when the user does not have read privilege on the object.

See Also

Standard Providers and Namespaces

Up Top of Page
) 1999-2002 Microsoft Corporation. All rights reserved.