String in Web.config to specify AD connection

[Frank00]

I run a .NET based portal product. I am using windows authentication. This
mode of authentication and the string specifying the connection to AD is
specified in the application's web.config file. This portal has always worked
fine, though recently, our infrastructure team changed our internal domain
name. Now I can no longer authenticate any users no matter how I change the
connect string in the web.config file.

For the purposes of this discussion my former domain name is 'abc.com' and
my new domain name is '123.abcdefghijklm.com'. The name of the server
housing AD is now 'DC1.123.abcdefghijklm.com'. The netbios name had to be
truncated to 15 characters to accommodate a couple NT4 servers and its new
designation is '123.abcdefghijk'.

The previous connect string in web.config which worked with the old domain
name:
<code><add key="ADdns" value="LDAP://DC1.abc.com/DC=abc, DC=com;
WinNT://abc"/></code>

I tried the following to accommodate the name change (domain and netBios):
<code><add key="ADdns"
value="LDAP://DC1.123.abcdefghijklm.com/DC=123.abcdefghijklm, DC=com;
WinNT://123.abcdefghijk"/></code>

It didn't work. The application generates an error specifying the domain
cannot be contacted.

Can anyone help me with this one?

[Joe Kaplan \(MVP - ADSI\)]

I'm not sure what either of these has to do with Windows authentication as
it does not use LDAP or WinNT for authentication. Are you doing forms
authentication against AD using LDAP?

In any case, I'd suggest you discover the defaultNamingContext for your
domain again by binding to RootDSE on your domain controller and reading the
defaultNamingContext attribute. This will give you the new domain root.

In general, you should never hard code that in an application but should
always look it up dynamically from RootDSE.

HTH,

Joe K.

"Frank00" <Frank00@discussions.microsoft.com> wrote in message
news:19EBF957-08FE-4CE9-9E0B-24116FC02F7B@microsoft.com...

>I run a .NET based portal product. I am using windows authentication.
>This
> mode of authentication and the string specifying the connection to AD is
> specified in the application's web.config file. This portal has always
> worked
> fine, though recently, our infrastructure team changed our internal domain
> name. Now I can no longer authenticate any users no matter how I change
> the
> connect string in the web.config file.
>
> For the purposes of this discussion my former domain name is 'abc.com' and
> my new domain name is '123.abcdefghijklm.com'. The name of the server
> housing AD is now 'DC1.123.abcdefghijklm.com'. The netbios name had to be
> truncated to 15 characters to accommodate a couple NT4 servers and its new
> designation is '123.abcdefghijk'.
>
> The previous connect string in web.config which worked with the old domain
> name:
> <code><add key="ADdns" value="LDAP://DC1.abc.com/DC=abc, DC=com;
> WinNT://abc"/></code>
>
> I tried the following to accommodate the name change (domain and netBios):
> <code><add key="ADdns"
> value="LDAP://DC1.123.abcdefghijklm.com/DC=123.abcdefghijklm, DC=com;
> WinNT://123.abcdefghijk"/></code>
>
> It didn't work. The application generates an error specifying the domain
> cannot be contacted.
>
> Can anyone help me with this one?
>