public static void TreatErrorMessage(DirectoryServicesCOMException e)
        {
            /** http://www-01.ibm.com/support/docview.wss?uid=swg21290631
             * 525 - user not found
             * 52e - invalid credentials
             * 530 - not permitted to logon at this time
             * 531 - not permitted to logon at this workstation
             * 532 - password expired
             * 533 - account disabled
             * 534 - The user has not been granted the requested logon type at this machine
             * 701 - account expired
             * 773 - user must reset password
             * 775 - user account locked */

            string msg = e.ExtendedErrorMessage ?? "";
            if (msg.Contains("525"))
            {
                throw new AdException(AdError.UserNotFound, "User Not found (525)", e);
            }
            if (msg.Contains("52e"))
            {
                throw new AdException(AdError.IncorrectPassword, "Invalid Credentials (52e)", e);
            }
            if (msg.Contains("530"))
            {
                throw new AdException(AdError.NotPermittedToLogonAtThisTime, "Not permitted to logon at this time (530)", e);
            }
            if (msg.Contains("531"))
            {
                throw new AdException(AdError.NotPermittedToLogonAtThisWorkstation, "Not permitted to logon at this workstation (531)", e);
            }
            if (msg.Contains("532"))
            {
                throw new AdException(AdError.ExpiredPassword, "Expired Password (532)", e);
            }
            if (msg.Contains("533"))
            {
                throw new AdException(AdError.AccountDisabled, "Account Disabled (533)", e);
            }
            if (msg.Contains("534"))
            {
                throw new AdException(AdError.UserNotGrantedRequestedLogonType, "User has not been granted the requested logon type at this machine (534)", e);
            }
            if (msg.Contains("701"))
            {
                throw new AdException(AdError.AccountExpired, "Account Expired (701)", e);
            }
            if (msg.Contains("773"))
            {
                throw new AdException(AdError.UserMustResetPassword, "User must Reset Password (733)", e);
            }
            if (msg.Contains("775"))
            {
                throw new AdException(AdError.AccountLocked, "User Account Locked (775)", e);
            }
            throw new AdException("Unkown Error", e);
        }
        /// <summary>
        /// Converts a DirectoryServicesCOMException into more meaningful ICF exception (e.g. AlreadyExistsException).
        /// </summary>
        /// 
        /// Actually, it is questionable if the exception mapping can be done in a universal way like this,
        /// or whether it has to be specific for individual operations (search, create, update, ...). We
        /// will see.
        public static Exception ComToIcfException(DirectoryServicesCOMException originalException, String message)
        {
            LOGGER.TraceEvent(TraceEventType.Information, CAT_DEFAULT, "ErrorCode = {0}, ExtendedError = {1}, ExtendedErrorMessage = {2}",
                originalException.ErrorCode, originalException.ExtendedError, originalException.ExtendedErrorMessage);

            if (originalException.ErrorCode == -2147463168 ||     // ADS_BAD_PATHNAME
                originalException.ErrorCode == -2147016656)       // LDAP_NO_SUCH_OBJECT
            {
                return new NoSuchAdObjectException(originalException.Message + ": " + message, originalException);
                        // not sure if the exception is related to the object as a whole, or to some of its attributes
                        // therefore we don't return UnknownUidException directly
            }
            else if (originalException.ErrorCode == -2147217911)  // ADO_PERMISSION_DENIED
            {
                return new PermissionDeniedException(originalException.Message + ": " + message, originalException);
            }
            else if (originalException.ErrorCode == -2147024891)    // ADS_INSUFFICIENT_RIGHTS
            {
                return new PermissionDeniedException(originalException.Message + ": " + message, originalException);
            }
            else if (originalException.ErrorCode == -2147023570)    // LDAP_INVALID_CREDENTIALS
            {
                return new InvalidCredentialException(originalException.Message + ": " + message, originalException);
            }
            else if (originalException.ErrorCode == -2147019886)    // LDAP_ALREADY_EXISTS
            {
                return new AlreadyExistsException(originalException.Message + ": " + message, originalException);
            }
            else if (originalException.ErrorCode == -2147016691)    // LDAP_ATTRIBUTE_OR_VALUE_EXISTS This error occurs primarily when you try to add members to groups that have been members of this group beforehand.
            {
                return originalException;       // if we returned AlreadyExistsException here the caller might be confused WHAT does 'already exist'
            }
            else if (originalException.ErrorCode == -2147016657)    // LDAP_CONSTRAINT_VIOLATION
            {
                if (originalException.ExtendedError == 8648)
                {
                    // userPrincipalName already exists; see https://technet.microsoft.com/en-us/library/dn535779.aspx
                    return new AlreadyExistsException("UserPrincipalName already exists: " + originalException.Message + ": " + originalException.ExtendedErrorMessage + ": " + message, originalException);
                }
                else
                {
                    return originalException;       // here will be something like SchemaException when it will be available
                }
            }
            else
            {
                return originalException;
            }
        }