1. You need to increase the amount of records returned by AD. By default, AD returns 1000 records. You can increase this amount using ntdsutil. This must be performed by a domain admin.
http://support.microsoft.com/kb/315071 The AD administration limit you want to change is "maxPageSize". Don't make the value too large. I would suggest setting it a few hundred higher than your maximum amount of object that you want to query. For example, if you have 9,000 user objects, set maxPageSize to 10,000. 2. Look at the CFLDAP attributes of SEPARATOR and DELIMITER. Also, try to set only one attribute at a time. Then, add each attribute until you find the one that is causing the error. You don't need to set objectClass and objectCategory. They are set by AD when you create the user account. This may be the actual cause of the error. Drop these two attributes from your modify operation. 3. You can allow users to update their own information, however, you should do it using a generic proxy account that has permissions to update AD. First, authenticate the users, using CFLDAP or integrated browser security. If you use CFLDAP to authenticate the user, grab and store the DN at the same time. If you use browser security, you need to perform another CFLDAP query to get the user's DN. (You will need the DN for the update operation.) Next, present a form to allow the users to modify their data. I would suggest looking at the AD Schema MMC snap-in to get the datatypes/lengths of each AD attribute. Then, build your form validation around that information. Finally, use CFLDAP to modify the attributes of the AD user object, and pass in the authenticated user's DN to control which AD object is modified. Mike -----Original Message----- From: Isidro Pimentel [mailto:[EMAIL PROTECTED] Sent: Thursday, August 14, 2008 3:09 AM To: CF-Talk Subject: CFLDAP Query / Add/Modify Users in AD Hello, I am trying to create a coldfusion that allows users to add a user/modify a user . I am able to add a user into AD with no problem. I am having difficulties with two things. 1. Query - How do I query AD for more than 1000 users. Currently when I query it I only get 1000 user in my results. 2. Modify - When I attempt to modify a user I get the following error: LDAP: error code 19 - 00000057: LdapErr: DSID-0C090A85, comment: Error in attribute conversion operation, data 57, vece This is add user and it works. User is added into ad but it is not activated. <cfldap action="add" server="xxxx" username="domainaccount" password="xxxx" attributes=" objectClass=top;person;orgazationalPerson;user; sAMAccountName=mphelps;cn=Michael Phelps;givenName=Michael;SN=Phelps; employeeID=11111;telephoneNumber=5555555555; physicalDeliveryOfficeName=Beijing;[EMAIL PROTECTED];" dn="cn=Michael Phelps,ou=Staff,dc=xxxx,dc=com"> Modify user on the other hand fails. <cfldap action="modify" modifytype="replace" server="xxxxx" username="domainAccount" password="xxxxx" attributes="telephonenumber=5555555555;physicalDeliveryOfficeName=HomeOf fice; [EMAIL PROTECTED];sAMAccountName=mphelps;cn=Michael Phleps; employeeID=11111;instanceType=4; objectClass=top;person;orgazationalPerson;user; objectCategory=CN=Person,CN=Schema,CN=Configuration,DC=xxxx,DC=com" dn="CN=Michael Phelps,OU=Staff,DC=xxxx,DC=com"> Also is there a way to allow individual users to update their information. Any help will be greatly appreciated. Thank you in advance for your assistance. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310954 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4