Click Fraud Protection
PHP related blog, freelancer to hire!

Active Directory LDAP Errors in one place

Common Active Directory LDAP bind errors:

80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 525, v893
HEX: 0×525 – user not found
DEC: 1317 – ERROR_NO_SUCH_USER (The specified account does not exist.)
NOTE: Returns when username is invalid.

80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 52e, v893
HEX: 0x52e – invalid credentials
DEC: 1326 – ERROR_LOGON_FAILURE (Logon failure: unknown user name or bad password.)
NOTE: Returns when username is valid but password/credential is invalid. Will prevent most other errors from being displayed as noted.

80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 530, v893
HEX: 0×530 – not permitted to logon at this time
DEC: 1328 – ERROR_INVALID_LOGON_HOURS (Logon failure: account logon time restriction violation.)
NOTE: Returns only when presented with valid username and password/credential.

80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 531, v893
HEX: 0×531 – not permitted to logon from this workstation
DEC: 1329 – ERROR_INVALID_WORKSTATION (Logon failure: user not allowed to log on to this computer.)
LDAP[userWorkstations: <multivalued list of workstation names>] NOTE: Returns only when presented with valid username and password/credential.

80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 532, v893
HEX: 0×532 – password expired
DEC: 1330 – ERROR_PASSWORD_EXPIRED (Logon failure: the specified account password has expired.)
LDAP[userAccountControl: <bitmask=0x00800000>] – PASSWORDEXPIRED
NOTE: Returns only when presented with valid username and password/credential.

80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 533, v893
HEX: 0×533 – account disabled
DEC: 1331 – ERROR_ACCOUNT_DISABLED (Logon failure: account currently disabled.)
LDAP[userAccountControl: <bitmask=0x00000002>] – ACCOUNTDISABLE
NOTE: Returns only when presented with valid username and password/credential.

80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 701, v893
HEX: 0×701 – account expired
DEC: 1793 – ERROR_ACCOUNT_EXPIRED (The user’s account has expired.)
LDAP[accountExpires: <value of -1, 0, or extemely large value indicates account will not expire>] – ACCOUNTEXPIRED
NOTE: Returns only when presented with valid username and password/credential.

80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 773, v893
HEX: 0×773 – user must reset password
DEC: 1907 – ERROR_PASSWORD_MUST_CHANGE (The user’s password must be changed before logging on the first time.)
LDAP[pwdLastSet: <value of 0 indicates admin-required password change>] – MUST_CHANGE_PASSWD
NOTE: Returns only when presented with valid username and password/credential.

80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 775, v893
HEX: 0×775 – account locked out
DEC: 1909 – ERROR_ACCOUNT_LOCKED_OUT (The referenced account is currently locked out and may not be logged on to.)
LDAP[userAccountControl: <bitmask=0x00000010>] – LOCKOUT
NOTE: Returns even if invalid password is presented.

Hope it will save your time

Leave a Reply