public static void TreatErrorMessage(DirectoryServicesCOMException e) { /** http://www-01.ibm.com/support/docview.wss?uid=swg21290631 * 525 - user not found * 52e - invalid credentials * 530 - not permitted to logon at this time * 531 - not permitted to logon at this workstation * 532 - password expired * 533 - account disabled * 534 - The user has not been granted the requested logon type at this machine * 701 - account expired * 773 - user must reset password * 775 - user account locked */ string msg = e.ExtendedErrorMessage ?? ""; if (msg.Contains("525")) { throw new AdException(AdError.UserNotFound, "User Not found (525)", e); } if (msg.Contains("52e")) { throw new AdException(AdError.IncorrectPassword, "Invalid Credentials (52e)", e); } if (msg.Contains("530")) { throw new AdException(AdError.NotPermittedToLogonAtThisTime, "Not permitted to logon at this time (530)", e); } if (msg.Contains("531")) { throw new AdException(AdError.NotPermittedToLogonAtThisWorkstation, "Not permitted to logon at this workstation (531)", e); } if (msg.Contains("532")) { throw new AdException(AdError.ExpiredPassword, "Expired Password (532)", e); } if (msg.Contains("533")) { throw new AdException(AdError.AccountDisabled, "Account Disabled (533)", e); } if (msg.Contains("534")) { throw new AdException(AdError.UserNotGrantedRequestedLogonType, "User has not been granted the requested logon type at this machine (534)", e); } if (msg.Contains("701")) { throw new AdException(AdError.AccountExpired, "Account Expired (701)", e); } if (msg.Contains("773")) { throw new AdException(AdError.UserMustResetPassword, "User must Reset Password (733)", e); } if (msg.Contains("775")) { throw new AdException(AdError.AccountLocked, "User Account Locked (775)", e); } throw new AdException("Unkown Error", e); }
/// <summary> /// Converts a DirectoryServicesCOMException into more meaningful ICF exception (e.g. AlreadyExistsException). /// </summary> /// /// Actually, it is questionable if the exception mapping can be done in a universal way like this, /// or whether it has to be specific for individual operations (search, create, update, ...). We /// will see. public static Exception ComToIcfException(DirectoryServicesCOMException originalException, String message) { LOGGER.TraceEvent(TraceEventType.Information, CAT_DEFAULT, "ErrorCode = {0}, ExtendedError = {1}, ExtendedErrorMessage = {2}", originalException.ErrorCode, originalException.ExtendedError, originalException.ExtendedErrorMessage); if (originalException.ErrorCode == -2147463168 || // ADS_BAD_PATHNAME originalException.ErrorCode == -2147016656) // LDAP_NO_SUCH_OBJECT { return new NoSuchAdObjectException(originalException.Message + ": " + message, originalException); // not sure if the exception is related to the object as a whole, or to some of its attributes // therefore we don't return UnknownUidException directly } else if (originalException.ErrorCode == -2147217911) // ADO_PERMISSION_DENIED { return new PermissionDeniedException(originalException.Message + ": " + message, originalException); } else if (originalException.ErrorCode == -2147024891) // ADS_INSUFFICIENT_RIGHTS { return new PermissionDeniedException(originalException.Message + ": " + message, originalException); } else if (originalException.ErrorCode == -2147023570) // LDAP_INVALID_CREDENTIALS { return new InvalidCredentialException(originalException.Message + ": " + message, originalException); } else if (originalException.ErrorCode == -2147019886) // LDAP_ALREADY_EXISTS { return new AlreadyExistsException(originalException.Message + ": " + message, originalException); } else if (originalException.ErrorCode == -2147016691) // LDAP_ATTRIBUTE_OR_VALUE_EXISTS This error occurs primarily when you try to add members to groups that have been members of this group beforehand. { return originalException; // if we returned AlreadyExistsException here the caller might be confused WHAT does 'already exist' } else if (originalException.ErrorCode == -2147016657) // LDAP_CONSTRAINT_VIOLATION { if (originalException.ExtendedError == 8648) { // userPrincipalName already exists; see https://technet.microsoft.com/en-us/library/dn535779.aspx return new AlreadyExistsException("UserPrincipalName already exists: " + originalException.Message + ": " + originalException.ExtendedErrorMessage + ": " + message, originalException); } else { return originalException; // here will be something like SchemaException when it will be available } } else { return originalException; } }