The current version of Active Directory Services Interface (ADSI) on Microsoft Windows NT 4.0, Microsoft Windows 95, and Microsoft Windows 98 contains problems with adding and removing access control entries (ACEs), slow initial searches with Windows 95/Windows 98, and using GeneralizedTime values with IADsPropertyList.
A supported fix is now available from Microsoft, but it is only intended to
correct the problem described in this article and should be applied only to
systems experiencing this specific problem. This fix may receive additional
testing at a later time, to further ensure product quality. Therefore, if you
are not severely affected by this problem, Microsoft recommends that you wait
for the next release of the directory services client that contains this fix.
To resolve this problem immediately, contact Microsoft Product Support Services
to obtain the fix. For a complete list of Microsoft Product Support Services
phone numbers and information about support costs, please go to the following
address on the World Wide Web:
http://support.microsoft.com/default.aspx?scid=fh;EN-US;CNTACTMS
NOTE : In special cases, charges that are normally incurred for
support calls may be canceled, if a Microsoft Support Professional determines
that a specific update will resolve your problem. Normal support costs will
apply to additional support questions and issues that do not qualify for the
specific update in question.
The English version of this fix should have the following file attributes or
later:
Date Time Version Size File name Platform ------------------------------------------------------------ 3/2/2000 3:31PM 4.01.259.1 129 KB Activeds.dll * 3/2/2000 3:34PM 4.01.259.1 121 KB Adsldp.dll * 3/2/2000 3:28PM 4.01.259.1 126 KB Adsldpc.dll * * Windows NT 4.0, Windows 95, and Windows 98
Microsoft has confirmed this to be a problem in the Microsoft products that
are listed at the beginning of this article.
In a multiple-domain environment, adding an ACE to an access control list (ACL) that has a duplicate account name in another domain may cause the incorrect trustee to be used. For example, if there is a John Doe (JDoe) in domain A and a Jane Doe (JDoe) in domain B and there is a trust relationship between the two domains, using ADSI to add an ACE for John may result in permissions being assigned for Jane.
For performance reasons, ADSI attempts to cache to disk the schema of a Lightweight Directory Access Protocol (LDAP) version 3 server that it contacts. ADSI 2.5 on Windows 95 or Windows 98 improperly downloads the schema each time instead of caching it. This causes a delay in the results returned for the first LDAP queries that are issued to the server. For additional information about how ADSI caches LDAP 3 schema information, click the article number below to view the article in the Microsoft Knowledge Base:
Q251189 INFO: Locating an LDAP Server Schema Cached by ADSI
The data transmitted over the wire for a date formatted in Universal Time Coordinate (UTC) time format is different from that for generalized time. When you are using the ADSI 2.5 IADsPropertyList interface, the dates for GeneralizedTime values may be transmitted in the wrong format.
For additional information about ADSI, visit the following Microsoft Web site:
Source : Microsoft TechNet article Q259879