If you are querying a Windows 2003 Active Directory, some query operations does not work. This is because certain queries performs anonymous LDAP operations even if you have binded your connection. To fix this problem, you have to implement the change specified in the Microsoft Knowledge Base at http://support.microsoft.com/kb/326690. The steps below describes one way to implement this change using ADSI Edit included in the Windows Server 2003 Support Tools.

The Windows Support Tools are not automatically installed when you install Windows Server 2003. To install the Windows Support Tools on a computer that is running Windows Server 2003, run the Suptools.msi program that is in the Support\Tools folder on the Windows Server 2003 CD.

ADSI Edit1. Click Start then click Run and type in adsiedit.msc. This will launch the ADSI Edit application.
ADSI Edit2. In the ADSI Edit window, navigate to Configuration, CN=Configuration, CN=Services, CN=Windows NT and right click CN=Directory Service and click on Properties.
ADSI Edit3. Find dsHeuristics and click on Edit.
ADSI Edit4. Set the value of dsHeuristics to 0000002. If a previous value already exists, set the seventh character of the previous value to 2.

Visit the forum to ask for help or to give a comment.

Posted on 12/22/2007 and last updated on 11/7/2009
Filed under Active Directory