Microsoft Active Directory create computer object operation failing with UndefinedAttributeTypeError for few attributes
Whenever we are trying to create computer object in Microsoft Active Directory as below:
var ldap = require('ldapjs');
var client = ldap.createClient({
url: 'ldap://<<host>>:389'
});
client.bind('<<Admin DN>>', '<<password>>', function(err) {
if(err){
console.log('error',err);
}else{
console.log('bind is success');
}
});
var newDN = "CN=testcomputeruser,OU=testou,DC=test,DC=com";
var newUser = {
cn: 'newtestComputer334',
objectClass: 'computer',
description: 'This is test implementation hence this is test description.',
//UndefinedAttributeTypeError: 'msDS-RevealedList':'S:12:RevealedList:CN=RevealedList,OU=testou,DC=test,DC=com',
//UndefinedAttributeTypeError 'msDS-isGC':'FALSE',
//UndefinedAttributeTypeError 'msDS-isRODC':'FALSE',
//UndefinedAttributeTypeError 'msDS-SiteName':'TestmsDSSiteName',
//UndefinedAttributeTypeError 'msDS-IsUserCachableAtRodc':'568974',
}
client.add(newDN, newUser,function(err, resp) {
console.log('newDN : ', newDN);
console.log('newUser : ' ,newUser);
if(err){
console.log('error',err);
}else{
console.log('new user is success');
}
})
It is failing with UndefinedAttributeTypeError for few attributes like msDS-RevealedList, msDS-isGC, msDS-isRODC, msDS-SiteName and msDS-IsUserCachableAtRodc after providing appropriate value.
Is there any way to find what is the issue for the same?
Those are all constructed attributes, meaning that AD calculates the value of those attributes at the time you ask for them. They are not writable.
Sometimes you see this in the documentation online. For example, the documentation for msDS-RevealedList says:
The msDS-RevealedList attribute is constructed from the msDS-RevealedUsers attribute
But some of the documentation pages don't tell you that, like msDS-isGC.
The easiest way to figure out if it's a constructed attribute is to use AD Users and Computers. Make sure View -> Advanced Features is selected. Then navigate to an OU and open the properties of a type of object you want to look at (like a computer). Then go to the Attribute Editor tab. Use the 'Filter' button and make sure the "Show only" options are deselected. Then show or hide Constructed attributes, and see if the attribute you're looking for shows up.
- Logon Batch Script Running for Standard Users but not Admins
- What are CN, OU, DC in an LDAP search?
- PHP LDAP query to get members of specific security Group
- How to authenticate User Credentials against AD from Android Java
- Is there any way to get VBA to get the current user's Full Name from a Windows user account without using CMD?
- LDAP Query via Windows CMD
- powershell foreach-object parallel - Not all properties of piped in object are available
- VBScript: Using WScript.Shell to Execute a Command Line Program That Accesses Active Directory
- Getting Active Directory "SecurityDescriptor" attribute in .net core on linux machine
- Set default server in powershell for AD related commands
- Batch Scripting - Wait until network Established
- ADFS Metadata not accessible from outside
- "é" become "ã©" while using ldap_modify_batch() in php
- Why creating new user and roaming profile creation will result error logging in?
- Having trouble making UserPrincipalName all lowercase in Powershell
- How to Compare Sets of Users
- How to keep the shell window open after running a PowerShell script?
- ExemptFileTypeDownloadWarnings correct registry syntax for intranet URLs
- How do I modify a Boolean LDAP Active Directory attribute using Net::LDAP?
- Get-ACL of Deleted Objects Container
- What is the maximum length of a SID in SDDL format
- IIS "Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'" SQL connection error, but only for 1 user
- How can I make sure this is a secure LDAP connection and write AD's unicodePwd attribute?
- Windows Property Pages: Domain Path Not Shown on Security Tab
- Azure Entra ID tokens endpoint issues an expired token
- NativeObject try-catch does not catch a timed out error
- Getting "The server could not be contacted." when trying to access active directory
- Can't figure out how to delete a specific computer from AD using power shell. Can't find any solution anywhere
- Powershell - Create new user accounts from CSV & simultaneously populate these new accounts with template account info (Address & group membership)
- Unknown Error (0x80005000) with LDAPS Connection