Error opening specified object -2147016656 assigning user rights

  • 7940141
  • 19-Aug-2009
  • 07-Jan-2014

Archived Content: This information is no longer maintained and is provided 'as is' for your convenience.


SecureLogin SSO
All Versions
Active Directory



Customer has Microsoft ADS environment and extended the schema for SecureLogin. They then wanted to assign the rights using ADSSchema.Exe so users could run SecureLogin.

Their user objects exists in an OU called London they created (standard User objects don’t reside in the built in “Users” container).

They ran ADSSchema.Exe and entered the name of the container as


The following message appears and the rights aren’t assigned.

Error opening specified object –2147016656



This will occur if you are assigning rights to ADS containers other than the built in “Users” container and use CN when entering the path to the desired container. You don’t use CN=, you use OU= as per the information below.

This also occurs if there is a spelling or syntax error in the customer mistyped the name. In the example below, the letter “a” is missing in “company” and there is a comma missing between “compny” and “com”, so the same error would occur.



  • Check the syntax is correct and the CN (or OU) and DC’s are correct.
  • If assigning rights to OU’s that are not the built in ""Users"" container, use the following syntax (instead of CN=, use OU=)


  • If assigning rights to the built in Users container, user the following syntax (instead of OU=, use CN=)


  • Check the specified container exists.
  • Check your spelling.
  • Check your rights to modify the schema.
  • Check the domain name (open Active Directory Users and Computers and check you have all instances of dc= in the path)

In a future version of SecureLogin, a browse button will appear so the SSO administrator can simply point and click to select the container to assign the rights to.