none
Active directory Change Schema Attribute ADSI Error Code 0x213b

    Question

  • i am Using ADSI to change the schema attribute on a windows 2008 R2 server Using with a functional domain level of 2003. And i keep getting the errors.

    the attribute is cn=division and change the searchFlags to 128 or 0x80  When i hit apply on one of my DC's i get the error code: 0x213b,  skip a line and under that i get 0000213b:dsid-030f0692, problem 5003, (will not perform) data 0,

    on My other DC, i get operation failed 0x202b, a referral was returned from the server.  skip 2 lines and you get 0000202B REfErr:DSID-030a0b09, data 0, 1 access points ref 1: 'b2cec15c-32b1-45d4-a7dc-4bcc8d24bfea._msdcs.(domain)'

    I need some help, not sure what to do at this point.   I am trying to mark confidential so this attribute is not viewable through an AD Search/Query.

    thank you,

    stephen gagliardi

     

     

    Tuesday, December 21, 2010 11:45 PM

Answers

  • Hi,

    As "Alexei Segundo" mentioned, the base schema cannot be modified using the AdsiEdit tool.

    You may try to modify the property using the LDP tool:

    1. Launch LDP.exe and bind to the server you want to modify. Make sure you are schema admin, and admin over the partition you are modifying.
    2. After connecting and binding, select Browse then select the Modify.
    3. Leave the DN blank, type schemaUpgradeInProgress into the Attribute field and in the Values field type 1.
    4. Click Add and then Enter. This will add the command to the entry list.
    5. Click Run. If you are successful you should see a successful modify message.
    6. Select View then Tree. Connect to the appropriate base DN.
    7. Right-click the object as in the example below and select Modify:

      CN=Division,CN=Schema,CN=Configuration,DC=ADATUM,DC=COM
    8. Enter the desire value for the attribute. Values are case sensitive.
    9. Click Enter, then click Run to update the flag values.

    Regards,


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

     

    Wednesday, December 22, 2010 8:27 AM
    Moderator
  • Hi Stephen

    0x213b converts to ERROR_DS_ILLEGAL_BASE_SCHEMA_MOD, which is an attempt to modify the base schema.  Some attributes are marked as part of the base AD schema and you can't modify them. 

    http://msdn.microsoft.com/en-us/library/ms681390(VS.85).aspx

    You can find attributes that form part of the base schema by looking at the systemFlags attibute.  If it is set to 0x10 then it is part of the base schema.


    Alexei
    Wednesday, December 22, 2010 1:57 AM

All replies

  • Hi Stephen

    0x213b converts to ERROR_DS_ILLEGAL_BASE_SCHEMA_MOD, which is an attempt to modify the base schema.  Some attributes are marked as part of the base AD schema and you can't modify them. 

    http://msdn.microsoft.com/en-us/library/ms681390(VS.85).aspx

    You can find attributes that form part of the base schema by looking at the systemFlags attibute.  If it is set to 0x10 then it is part of the base schema.


    Alexei
    Wednesday, December 22, 2010 1:57 AM
  • Hi,

    As "Alexei Segundo" mentioned, the base schema cannot be modified using the AdsiEdit tool.

    You may try to modify the property using the LDP tool:

    1. Launch LDP.exe and bind to the server you want to modify. Make sure you are schema admin, and admin over the partition you are modifying.
    2. After connecting and binding, select Browse then select the Modify.
    3. Leave the DN blank, type schemaUpgradeInProgress into the Attribute field and in the Values field type 1.
    4. Click Add and then Enter. This will add the command to the entry list.
    5. Click Run. If you are successful you should see a successful modify message.
    6. Select View then Tree. Connect to the appropriate base DN.
    7. Right-click the object as in the example below and select Modify:

      CN=Division,CN=Schema,CN=Configuration,DC=ADATUM,DC=COM
    8. Enter the desire value for the attribute. Values are case sensitive.
    9. Click Enter, then click Run to update the flag values.

    Regards,


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

     

    Wednesday, December 22, 2010 8:27 AM
    Moderator
  • Worked like a charm! Thanks Arthur!

    - Santron Manibharathi.

    Tuesday, December 03, 2013 1:23 PM
  • Thank you so much.
    Tuesday, December 03, 2013 2:27 PM