OpenDSObject Call Returns Error 0x80072027 after Upgrade to ADSI 2.5

ID: Q236005

The information in this article applies to:

SYMPTOMS

When you upgrade your server to Active Directory Services Interface (ADSI) 2.5, the code using the OpenDSObject fails with the following error:

-2147016665 (0x80072027) LDAP_AUTH_METH_NOT_SUPPORTED
NOTE: Your OpenDSObject call is using ADS_SECURE_AUTHENTICATION to attempt to open the desired object securely.


CAUSE

ADSI 2.5 changed the behavior so that an error is returned when a secure authentication call fails instead of falling back to LDAP Simple Authentication.


WORKAROUND

To workaround this issue, use one of the following:

  • Change your OpenDSObject call to use LDAP Simple Authentication: 
    Set obj = User.OpenDSObject("LDAP://Server:389/ou=Members,o=Microsoft", "cn=Administrator,ou=Members,o=Microsoft", "password", 0)


  • To open an object using a method other than LDAP Simple Authentication, use ADS_USE_SSL and connect to the directory with SSL.

    For example: 
    Set obj = User.OpenDSObject("LDAP://Server:389/ou=Members,o=Microsoft", "cn=Administrator,ou=Members,o=Microsoft", "password", ADS_USE_SSL)


    • NOTE: For this to work, you must have a certificate installed on the Lightweight Directory Access Protocol (LDAP) server.


    MORE INFORMATION

    Site Server 3.0 Membership does not support using ADS_SECURE_AUTHENTICATION to open an object on a Membership-authenticated directory. This authentication method will work if the membership directory is configured with Windows NT authentication. The only way to bind securely with Membership authentication is to use SSL.

    For additional information, please see the following article(s) in the Microsoft Knowledge Base:

    Q236050 How to Bind to a Membership Directory with ADSI using SSL

    Additional query words: 

    
Keywords          : 
Version           : winnt:3.0
Platform          : winnt 
Issue type        : kbprb

    Last Reviewed: July 12, 1999