Announcement

Collapse
No announcement yet.

Indexing AD LDS Attribute

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Indexing AD LDS Attribute

    Hi,

    I am trying to index the telephoneNumber attribute of an AD LDS partitian, but it is failing with the following:

    ---------------------------
    ADSIEdit
    ---------------------------
    Operation failed. Error code: 0x2098
    Insufficient access rights to perform the operation.


    00002098: SecErr: DSID-03150BB9, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0

    ---------------------------
    OK
    ---------------------------


    I have specifically defined my account as an administrator on the partition, and i am logged in with an account that is domain admin on the domain that the server is a member of.

  • #2
    Re: Indexing AD LDS Attribute

    I'm pretty sure you will need to be a schema admin for this.

    Comment


    • #3
      Re: Indexing AD LDS Attribute

      Originally posted by wullieb1 View Post
      I'm pretty sure you will need to be a schema admin for this.
      Sorry, you're right, I am a schema admin, should have mentioned that. This is in a lab (preparing for production) so the installing account has every type of admin imaginable

      Comment


      • #4
        Re: Indexing AD LDS Attribute

        Originally posted by Conack View Post
        Sorry, you're right, I am a schema admin, should have mentioned that. This is in a lab (preparing for production) so the installing account has every type of admin imaginable
        You can't be.

        Schema Admins have full unrestricted access to do anything in the Schema hence it will have access to do this.

        Can you please do a work flow for what it is that you are doing so I can try and replicate.

        Comment


        • #5
          Re: Indexing AD LDS Attribute

          Originally posted by wullieb1 View Post
          You can't be.

          Schema Admins have full unrestricted access to do anything in the Schema hence it will have access to do this.

          Can you please do a work flow for what it is that you are doing so I can try and replicate.
          I assure you I am It was the first thing I checked. I am Enterprise, Schema and Domain admin. The ADLDS partition is on a domain-joined server, and I am added specifically as Admin on the partition.

          For what it's worth, I gave it a shot on the production environment, and it successfully indexed smoothly, so it's not as critical anymore, and now just more of an oddity to debug (plus the lab doesn't truly resemble production because of it).

          Here's my workflow:

          Connected to the Schema of the partition via ADSI edit using the account I am logged into the machine with (Enterprise, Domain, and Schema admin, which is also added as member of Administrators group in the ADLDS instance)

          Navigated to CN=Telephone-Number, double-clicked. Navigated to 'searchFlags', opened. The value is '0'. I enter '1' (no quotes), click 'ok', then apply, but get the error in my original post. I've also, just to test, tried entering different values, but get the same failure.

          I have tried to use the Active Directory Schema snap-in to access the attribute and apply the indexing, but it fails to connect to anything other than the domain controller (the partition is on a different server)

          Comment

          Working...
          X