Version

Argent Advanced Technology 3.1A-1407-A or earlier

Date

Monday, 15 Sep 2014

Summary

When doing Active Directory network scanning on an enterprise network with more than 1,000 computers, Argent AT could return incomplete results with error ‘0x80072023‘

This caused by a Microsoft bug in Active Directory; it applies to all known versions of Active Directory

Technical Background

Argent AT scans Active Directory through ADSI C/C++ interface

Active Directory has an undocumented size limit of 1,000 objects

As a result, only the first 1,000 computers are returned with error ‘0x80072023‘

Because the size limit is configured on Active Directory server, the actual limit may vary

Microsoft also provides ADO data source ‘Active Directory Provider‘ through WMI, and DirectorySearcher through PowerShell

Apparently, Microsoft has some undocumented tweaking that can return the full result of more than the size limit

Argent AT 3.1A-1407-T4 and later include a VBScript that can scan the full result

For backward compatibility, the ADSI C/C++ method is used by default

The VBScript approach can be enabled if needed

Resolution

Upgrade to Argent AT 3.1A-1407-T4 or later

If customer encounters error ‘0x80072023‘ while doing AD scanning, he can rename

{PRODUCT_HOME_DIRECTORY}\ARGSOFT_AD_NETSCAN.VBS.TMPL to ARGSOFT_AD_NETWORK.VBS

This enables the approach of ADO with Active Directory Provider

To confirm the scanning result, customer can check main GUI log

He should see line similar to following:

For customer who cannot upgrade immediately, he may be able to scan computers in specific AD container one by one

Click For Full Size