Read ObjectSid into anchor attribute RRS feed

  • Question

  • Hi,

    I'm developing an ECMA 2.2 and I have set the Anchor attribute to be the objectSid. I have to use powershell (from within the C# MA code) to obtain the objectSid.

    The trouble I have now is that I'm unable to translate this objectSid into the right format (to be honest, I don't even know what format it is returned in).

    When coding the schema, I code the "ObjectSid" attribute as an AttributeType.Binary

    public Schema GetSchema(KeyedCollection<string, ConfigParameter> configParameters)
                Microsoft.MetadirectoryServices.SchemaType userType = Microsoft.MetadirectoryServices.SchemaType.Create("user", false);
                userType.Attributes.Add(SchemaAttribute.CreateSingleValuedAttribute("AccountName", AttributeType.String)); // AccountName is the anchor attribute
                userType.Attributes.Add(SchemaAttribute.CreateSingleValuedAttribute("Email", AttributeType.String));
                userType.Attributes.Add(SchemaAttribute.CreateSingleValuedAttribute("SipAddress", AttributeType.String));
                userType.Attributes.Add(SchemaAttribute.CreateSingleValuedAttribute("EmployeeID", AttributeType.String));
                userType.Attributes.Add(SchemaAttribute.CreateSingleValuedAttribute("ObjectSid", AttributeType.Binary));
                Schema schema = Schema.Create();
                return schema;

    Then I populate the ObjectSid like so:

                        csentry.AttributeChanges.Add(AttributeChange.CreateAttributeAdd("ObjectSid", obj.Members["ObjectSid"].Value));

    where obj is a powershell object which contains the result of a powershell command execution which gets the objectSid. 

    This doesn't work and I get an error in the Server logs:

    The server encountered an unexpected error while performing an operation for a management agent.
     "System.InvalidCastException: Unable to cast object of type 'System.Security.Principal.SecurityIdentifier' to type 'System.Byte[]'.
       at Microsoft.MetadirectoryServices.Impl.Ecma2ConversionServices.AddAttributeToDImage(CDImage* pdimage, String attributeName, AttributeModificationType attributeModificationType, IList`1 attributeValueChanges, Int32 escapeReferenceDNValues)
       at Microsoft.MetadirectoryServices.Impl.Ecma2ConversionServices.ConvertToDImage(CSEntryChange csEntryChange, CDImage** ppDImage, Int32 escapeReferenceDNValues)
       at Microsoft.MetadirectoryServices.Impl.ScriptHost.InvokeExtMA_ImportEntry(UInt32 cBatchSize, UInt16* pcszCustomData, UInt32 cFullObject, _OCTET* rgoctFullObject, UInt32* rgomodt, UInt32* pcpcszChangedAttributes, UInt16*** prgpcszChangedAttributes, Int32 fIsDNStyleNone, UInt16** ppszUpdatedCustomData, _OCTET* rgoctCSImage, Int32* rgextec, UInt16** rgpszErrorName, UInt16** rgpszErrorDetail, Int32* pfMoreToImport)"

    How should I handle the objectSid conversion here? Totally lost since I thought the objectSid would be returned as a byte[] array but instead it is being returned as a string.


    Wednesday, July 24, 2013 2:28 PM


  • So, to work around it for now, I'm using the ObjectSid as a String type parameter in my MA, and from the portal I flow it in using ConvertSidToString(objectSid) function which seems to work for now.

    Leaving this answer here if anyone finds it useful in the future

    • Marked as answer by kmittal82 Wednesday, August 21, 2013 10:15 AM
    Thursday, July 25, 2013 8:36 AM