Friday, February 24, 2012

Error trying to retreive lastlogon value through LDAP ADSI

I am trying to extract the value of the lastLogon attribute for users in
Active Directory by using LDAP ADSI. Setup is SQL Server 2000 with a linked
server named ADSI, using Query Anaylyzer.
I run the query
SELECT [name], lastlogon
FROM OPENQUERY( ADSI,
'SELECT name, samAccountName, lastlogon
FROM ''LDAP://hostname/OU=BIS Portal Users,DC=bis,DC=dhs,DC=local''
WHERE objectClass = ''user''')
which produces this error:
Server: Msg 7346, Level 16, State 2, Line 1
Could not get the data of the row from the OLE DB provider 'ADSDSOObject'.
Could not convert the data value due to reasons other than sign mismatch or
overflow.
OLE DB error trace [OLE/DB Provider 'ADSDSOObject' IRowset::GetData returned
0x40eda: Data status returned from the provider: [COLUMN_NAME=lastlogon
STATUS=DBSTATUS_E_CANTCONVERTVALUE], [COLUMN_NAME=name STATUS=DBSTATUS_S_OK]
].
I did a search on this forum for threads related to this error, and found a
thread discussing problems with querying mult-valued attributes through
OPENQUERY. According to MSDN's section on the AD schema, lastLogon is a
single-valued, 64-bit integer representing the 100 nanosecond intervals sinc
e
January 1, 1601.
I get the same error when I try to query other 64-bit attributes, such as
accountExpires, isAccountLocked, and others that are 100 nanosecond counters
.
I can successfully read badPwdCount, which is a 32-bit counter.
Is there any way to extract those 64-bit counters out of AD using OPENQUERY?Did you ever find a solution to this problem? I'm trying to do the samethin
g.

No comments:

Post a Comment