User Account Control throws null value exception

Hi Team,

Greetings!

I have a very weird problem but not sure if it's in C# code issue or in Active Directory replication issue. We have a C# SSIS code/script to fetch AD user Properties and update SQL Database. Recent times it's throwing null value exceptions for UserAccountControl.

I changed the C# code to query specific Domain Controller and value returned as expected - This is fine as a workaround

So I queried all DC using PowerShell to find replication issue and it returned value (512).

I checked msDS-User-Account-Control-Computed it has Integer 0.

Indeed it has some issues in AD but as per the logic it's not null some value needs to be returned. 

Note: The issue relies in trusted domain account and all DC are 2003 server = Forest mode is 2003 as well. The Code runs from 2008 R2 Server

On which condition UAC returns null value?

May 19th, 2015 7:40pm

Hi,

Thanks for your post.

512 means enabled account.

http://www.netvision.com/ad_useraccountcontrol.php

I checked msDS-User-Account-Control-Computed it has Integer 0.

If the object TO is not in a domain NC, TO!msDS-User-Account-Control-Computed = 0.

https://msdn.microsoft.com/en-us/library/cc223393.aspx

For C# related issue, I think you need to ask in:

https://social.msdn.microsoft.com/Forums/vstudio/en-US/home?forum=csharpgeneral

Regards.

Free Windows Admin Tool Kit Click here and download it now
May 20th, 2015 8:30am

Hi,

Any update about the issue?

Regards.

May 24th, 2015 8:53am

For user and computer objects in Active Directory the userAccountControl is a mandatory property, so it cannot be null (missing).

The msDS-User-Account-Control-Computed attribute is supposed to have the same bits as uaserAccountControl, plus others, so it too will never be null. As the name implies, msDS-User-Account-Control-Computed is computed (operational), so special code may be required to retrieve it. But if you get the value for some users, you should get it for all.

I should add that I have never seen userAccountControl be either missing or 0. For some reason msDS-User-Account-Control-Computed can be 0, but again I have never found it missing (with no v

Free Windows Admin Tool Kit Click here and download it now
May 24th, 2015 7:52pm

Thanks for confirmation Richard. Indeed it can't be null. In my case the C# code returns null value because of authentication issue. The ID which runs the SSIS Script has no access to query UAC.

The PowerShell code works fine because I am passing credentials of Admin. Same way in changed the C# code and that worked.

I am leaving this case to my development team.

May 26th, 2015 3:23am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics