3.1.6.12 Create Object Using LDAP

This event MUST be generated with the following arguments:

• iParentPath: the distinguished name of the parent of the object to be created.

• iChildName: the name of the object to be created.

• iObjectClass: the Active Directory schema class of the new object.

• iAttributes: a list of name-value pairs.

Return Values:

• rStatus: A DirectoryOperationResult that indicates the result of this directory operation.

• rObjectGuid: if rStatus is DirectoryOperationResult.Success, the value of the objectGUID attribute of the created object. Otherwise, this value is undefined and MUST NOT be used.

The algorithm MUST perform the following actions to process this event:

• If the value of the CachedConfigurationNamingContext ADM element is an empty string, rStatus MUST be set to DirectoryOperationResult.DirectoryNotConnected, and processing MUST end.

• Raise a Prepare an LDAP Connection (section 3.1.6.18) event. The event takes no arguments. If the rStatus returned is not DirectoryOperationResult.Success, rStatus MUST be set to DirectoryOperationResult.DirectoryNotConnected, and processing MUST end. Otherwise, let DirectoryServerConnection be a variable of type ADCONNECTION_HANDLE ([MS-DTYP] section 2.2.2), which is initialized to the value returned in rADConnection.

• Construct an LDAPMessage ([RFC2251] section 4.1):

  • messageID = set as described in [RFC2251] section 4.1.1.1.

  • protocolOp = searchRequest

  • controls = none

  • baseObject = iParentPath

  • scope = baseObject

  • derefAliases = neverDerefAliases

  • sizeLimit = 0

  • timeLimit = 0

  • typesOnly = FALSE

  • filter = "(objectClass=*)"

  • attributes = a one-element list consisting of the string "objectClass"

• Perform the Performing an LDAP Operation on an ADConnection ([MS-ADTS] section 7.6.1.6) task with the following parameters:

  • TaskInputADConnection = DirectoryServerConnection

  • TaskInputRequestMessage = the LDAPMessage constructed in the preceding step

• If the value of TaskReturnStatus is not success, as defined in [RFC2251] section 4.1.10, the algorithm MUST perform the following steps:

  • rStatus MUST be set to a DirectoryOperationResult enumeration value according to the conversion rules for TaskReturnStatus specified in section 2.2.6.

  • Raise a Shut Down an LDAP Connection (section 3.1.6.21) event.

  • Processing MUST end.

• Let ChildDistinguishedName be a string variable, initialized by concatenating the strings "CN=", the value of iChildName, a comma ",", and the value of iParentPath.

• Construct a set of attribute name-value pairs:

  • The attribute objectClass MUST be paired with the value of iObjectClass.

  • All pairs in iAttributes.

• Construct an LDAPMessage:

  • messageID = set as described in [RFC2251] section 4.1.1.1.

  • protocolOp = addRequest

  • controls = none

  • entry = ChildDistinguishedName

  • attributes = the set of attribute name-value pairs constructed in the previous step

• Perform the Performing an LDAP Operation on an ADConnection task with the following parameters:

  • TaskInputADConnection = DirectoryServerConnection

  • TaskInputRequestMessage = the LDAPMessage constructed in the preceding step

• If the value of TaskReturnStatus is not success, as defined in [RFC2251] section 4.1.10, the algorithm MUST perform the following steps:

  • rStatus MUST be set to a DirectoryOperationResult enumeration value according to the conversion rules for TaskReturnStatus specified in section 2.2.6.

  • Raise a Shut Down an LDAP Connection event.

  • Processing MUST end.

• Construct an LDAPMessage:

  • messageID = set as described in [RFC2251] section 4.1.1.1.

  • protocolOp = searchRequest

  • controls = none

  • baseObject = ChildDistinguishedName

  • scope = baseObject

  • derefAliases = neverDerefAliases

  • sizeLimit = 0

  • timeLimit = 0

  • typesOnly = FALSE

  • filter = "(objectClass=*)"

  • attributes = an empty list

• Perform the Performing an LDAP Operation on an ADConnection task with the following parameters:

  • TaskInputADConnection = DirectoryServerConnection

  • TaskInputRequestMessage = the LDAPMessage constructed in the preceding step

• If the value of TaskReturnStatus is not success, as defined in [RFC2251] section 4.1.10, the algorithm MUST perform the following steps:

  • rStatus MUST be set to a DirectoryOperationResult enumeration value according to the conversion rules for TaskReturnStatus specified in section 2.2.6.

  • Raise a Shut Down an LDAP Connection event.

  • Processing MUST end.

• Extract the value of the objectGuid attribute from the result message returned in TaskOutputResultMessages, and set rObjectGuid to that value.

• Raise a Shut Down an LDAP Connection event.

• Processing MUST end.