Ask a Question related to ASP.NET Security, Design and Development.
-
webbertsolutions@newsgroups.nospam #1
Trouble Accessing Active Directory Domain Controller
I am having troubles accessing a different Domain Controller than the one
I am currently in. Any help would be appreciated.
Dave
=================================================
Access DC_1 Access DC_2
Machine_1 in Domain_1 Works Exception
Machine_2 in Domain_2 Exception Works
The Exception is the same for both:
ex.Message -> "[exception] Error occurred while retrieving Active Directory display name (displayname)."
ex.InnerException -> "Handling of this ADSVALUE type is not yet implemented (type = 0xb)."
AdminID Password
=======================
DC_1 Unknown Unknown
DC_2 known known
Code -- Use UserID and Password If known
=================================================
string ldapAdminID = ConfigurationSettings.AppSettings["User"];
string ldapAdminPwd = ConfigurationSettings.AppSettings["Pwd"];
AuthenticationTypes AD_TYPE = AuthenticationTypes.Secure;
if ((ldapAdminID == null) || (ldapAdminID.Trim().Equals(String.Empty)))
entry = new DirectoryEntry(path);
else
entry = new DirectoryEntry(path, ldapAdminID, ldapAdminPwd, AD_TYPE);
DirectorySearcher searcher = new DirectorySearcher( entry );
searcher.Filter = String.Format( AD_SEARCH_EXPRESSION, m_LogonID );
searcher.PropertiesToLoad.AddRange(
new string[] { displayNamePropertyName, groupsPropertyName } );
SearchResult result = searcher.FindOne();
if ( result != null )
{
// THIS LINE THROWS AN EXCEPTION
displayName = result.Properties["displayname"][0].ToString();
// ex.Message -> "[exception] Error occurred while retrieving Active Directory display name (displayname)."
// ex.InnerException -> "Handling of this ADSVALUE type is not yet implemented (type = 0xb)."
}
Using the watch window, these are the values of the SearchResult
================================================== ======================
result.Properties.Hashtable.KeyCollection._hashtab le
["adspath"]
["displayname"]
result.Properties["adspath"]
Item -> <cannot view indexed property>
System.Collections.ICollection.ReadOnlyCollectionB ase
list {Count=0x1}
list[0] -> "LDAP://aaaa/CN=bbbbb,CN=Users,DC=aaaa,DC=com"
result.Properties["displayname"]
Item -> <cannot view indexed property>
System.Collections.ICollection.ReadOnlyCollectionB ase
list {Count=0x1}
list[0] -> {System.NotImplementedException}
System.SystemException -> {"Handling of this ADSVALUE type is not yet implemented (type = 0xb)."}
webbertsolutions@newsgroups.nospam Guest
-
checking userid and password against windows domain (Active directory)
hi. to prevent separate systems with different accounts, i am looking for a perl module that will allow me to check the userID (username) and... -
Forms Authentication Using Domain Controller not Active Directory
I want to authenticate user using its Domain from Combo box and then giving username and password. Please give me some hint or links or code. i m... -
Accessing objects in active directory via asp.net
Hi everybody, I want to retrieve information about objects in active directory windows 2000 and their properties. I got some codes that don't... -
Accessing Active Directory
Hello there I've got a little problem when trying finding the person behind a global address book entry. Some background infos: I have an... -
Local v. Domain/Active Directory Security
I have what I believe is fairly common. I am running XP Pro on a home network. I have 4 computers connected to a LinkSys router/switch. I use... -
Joe Kaplan \(MVP - ADSI\) #2 Re: Trouble Accessing Active Directory Domain Controller
The path for the DirectoryEntry will control which LDAP server you access.
Your code doesn't show what you are using there.
The error you are getting is due to a problem with ADSI not being able to
read the server's abstract schema. This is almost always a problem related
to security context. Typically, the search is performed as an anonymous
user and that user does not have access to read the subschemaSubentry
object, so ADSI doesn't understand the server's data types. Sometimes you
get this problem because it could not parse the schema, but that doesn't
really seem to happen with AD or ADAM.
Can you show a very simple sample that demonstrates the error?
Joe K.
<webbertsolutions@newsgroups.nospam> wrote in message
news:176j31tp4gg5mvcuptuoqsukqv71ph6u8a@4ax.com...>I am having troubles accessing a different Domain Controller than the one
> I am currently in. Any help would be appreciated.
>
> Dave
>
> =================================================
>
> Access DC_1 Access DC_2
> Machine_1 in Domain_1 Works Exception
> Machine_2 in Domain_2 Exception Works
>
>
> The Exception is the same for both:
> ex.Message -> "[exception] Error occurred while retrieving Active
> Directory display name (displayname)."
> ex.InnerException -> "Handling of this ADSVALUE type is not yet
> implemented (type = 0xb)."
>
>
>
> AdminID Password
> =======================
> DC_1 Unknown Unknown
> DC_2 known known
>
>
>
> Code -- Use UserID and Password If known
> =================================================
>
> string ldapAdminID = ConfigurationSettings.AppSettings["User"];
> string ldapAdminPwd = ConfigurationSettings.AppSettings["Pwd"];
> AuthenticationTypes AD_TYPE = AuthenticationTypes.Secure;
>
> if ((ldapAdminID == null) || (ldapAdminID.Trim().Equals(String.Empty)))
> entry = new DirectoryEntry(path);
> else
> entry = new DirectoryEntry(path, ldapAdminID, ldapAdminPwd, AD_TYPE);
>
>
> DirectorySearcher searcher = new DirectorySearcher( entry );
> searcher.Filter = String.Format( AD_SEARCH_EXPRESSION, m_LogonID );
>
> searcher.PropertiesToLoad.AddRange(
> new string[] { displayNamePropertyName, groupsPropertyName } );
>
> SearchResult result = searcher.FindOne();
> if ( result != null )
> {
> // THIS LINE THROWS AN EXCEPTION
> displayName = result.Properties["displayname"][0].ToString();
>
> // ex.Message -> "[exception] Error occurred while retrieving Active
> Directory display name (displayname)."
> // ex.InnerException -> "Handling of this ADSVALUE type is not yet
> implemented (type = 0xb)."
> }
>
>
>
>
> Using the watch window, these are the values of the SearchResult
> ================================================== ======================
> result.Properties.Hashtable.KeyCollection._hashtab le
> ["adspath"]
> ["displayname"]
>
> result.Properties["adspath"]
> Item -> <cannot view indexed property>
> System.Collections.ICollection.ReadOnlyCollectionB ase
> list {Count=0x1}
> list[0] -> "LDAP://aaaa/CN=bbbbb,CN=Users,DC=aaaa,DC=com"
>
>
> result.Properties["displayname"]
> Item -> <cannot view indexed property>
> System.Collections.ICollection.ReadOnlyCollectionB ase
> list {Count=0x1}
> list[0] -> {System.NotImplementedException}
> System.SystemException -> {"Handling of this ADSVALUE type is
> not yet implemented (type = 0xb)."}
>
>
>
Joe Kaplan \(MVP - ADSI\) Guest
-
webbertsolutions@newsgroups.nospam #3 Re: Trouble Accessing Active Directory Domain Controller
Joe,
Happy to get you what you want, just not sure what you want.
The code listed below is the ACTUAL code that I am using. Just
didn't include the entire source code due to size.
You said it could be a permission issue. Let me explain what I am doing.
I have logged in my machine (m_1) with my domain account. I am authenticated
against my corp dc (dc_1).
If I run the code on my machine (m_1) against (dc_1) everything works fine.
If I run the code on a dev machine (dev_2) against (dev_dc_2) everything works fine.
If I run the code on my machine (m_1) against (dev_dc_2) using the admin id / pwd of
dev_dc_2 it throws the exception described below.
Let me know what you are looking for and I will get it to you.
Thanks,
Dave
On Thu, 17 Mar 2005 09:20:05 -0600, "Joe Kaplan \(MVP - ADSI\)" <joseph.e.kaplan@removethis.accenture.com> wrote:
>The path for the DirectoryEntry will control which LDAP server you access.
>Your code doesn't show what you are using there.
>
>The error you are getting is due to a problem with ADSI not being able to
>read the server's abstract schema. This is almost always a problem related
>to security context. Typically, the search is performed as an anonymous
>user and that user does not have access to read the subschemaSubentry
>object, so ADSI doesn't understand the server's data types. Sometimes you
>get this problem because it could not parse the schema, but that doesn't
>really seem to happen with AD or ADAM.
>
>Can you show a very simple sample that demonstrates the error?
>
>Joe K.
>
><webbertsolutions@newsgroups.nospam> wrote in message
>news:176j31tp4gg5mvcuptuoqsukqv71ph6u8a@4ax.com.. .>>>I am having troubles accessing a different Domain Controller than the one
>> I am currently in. Any help would be appreciated.
>>
>> Dave
>>
>> =================================================
>>
>> Access DC_1 Access DC_2
>> Machine_1 in Domain_1 Works Exception
>> Machine_2 in Domain_2 Exception Works
>>
>>
>> The Exception is the same for both:
>> ex.Message -> "[exception] Error occurred while retrieving Active
>> Directory display name (displayname)."
>> ex.InnerException -> "Handling of this ADSVALUE type is not yet
>> implemented (type = 0xb)."
>>
>>
>>
>> AdminID Password
>> =======================
>> DC_1 Unknown Unknown
>> DC_2 known known
>>
>>
>>
>> Code -- Use UserID and Password If known
>> =================================================
>>
>> string ldapAdminID = ConfigurationSettings.AppSettings["User"];
>> string ldapAdminPwd = ConfigurationSettings.AppSettings["Pwd"];
>> AuthenticationTypes AD_TYPE = AuthenticationTypes.Secure;
>>
>> if ((ldapAdminID == null) || (ldapAdminID.Trim().Equals(String.Empty)))
>> entry = new DirectoryEntry(path);
>> else
>> entry = new DirectoryEntry(path, ldapAdminID, ldapAdminPwd, AD_TYPE);
>>
>>
>> DirectorySearcher searcher = new DirectorySearcher( entry );
>> searcher.Filter = String.Format( AD_SEARCH_EXPRESSION, m_LogonID );
>>
>> searcher.PropertiesToLoad.AddRange(
>> new string[] { displayNamePropertyName, groupsPropertyName } );
>>
>> SearchResult result = searcher.FindOne();
>> if ( result != null )
>> {
>> // THIS LINE THROWS AN EXCEPTION
>> displayName = result.Properties["displayname"][0].ToString();
>>
>> // ex.Message -> "[exception] Error occurred while retrieving Active
>> Directory display name (displayname)."
>> // ex.InnerException -> "Handling of this ADSVALUE type is not yet
>> implemented (type = 0xb)."
>> }
>>
>>
>>
>>
>> Using the watch window, these are the values of the SearchResult
>> ================================================== ======================
>> result.Properties.Hashtable.KeyCollection._hashtab le
>> ["adspath"]
>> ["displayname"]
>>
>> result.Properties["adspath"]
>> Item -> <cannot view indexed property>
>> System.Collections.ICollection.ReadOnlyCollectionB ase
>> list {Count=0x1}
>> list[0] -> "LDAP://aaaa/CN=bbbbb,CN=Users,DC=aaaa,DC=com"
>>
>>
>> result.Properties["displayname"]
>> Item -> <cannot view indexed property>
>> System.Collections.ICollection.ReadOnlyCollectionB ase
>> list {Count=0x1}
>> list[0] -> {System.NotImplementedException}
>> System.SystemException -> {"Handling of this ADSVALUE type is
>> not yet implemented (type = 0xb)."}
>>
>>
>>webbertsolutions@newsgroups.nospam Guest
-
Joe Kaplan \(MVP - ADSI\) #4 Re: Trouble Accessing Active Directory Domain Controller
Essentially what I'm asking for is a stripped down code sample with hard
coded values (changed to protect the innocent) so that I don't have to try
to figure out what all those variables mean. It is especially important to
see an example of what you are using for the path and the syntax you are
using for username and password.
Once I see that, I think I can diagnose it. Another thing I suggest you do
is add AuthenticationTypes.Secure to your DirectoryEntry constructors as you
really don't want to be passing plaintext credentials on the network, right?
That's generally bad form, especially when you have the domain admin
account.
Thanks!
Joe K.
<webbertsolutions@newsgroups.nospam> wrote in message
news:7dst31ter1s8isf20nd2luqn2gc4735eb8@4ax.com...> Joe,
>
> Happy to get you what you want, just not sure what you want.
> The code listed below is the ACTUAL code that I am using. Just
> didn't include the entire source code due to size.
>
> You said it could be a permission issue. Let me explain what I am doing.
>
> I have logged in my machine (m_1) with my domain account. I am
> authenticated
> against my corp dc (dc_1).
>
> If I run the code on my machine (m_1) against (dc_1) everything works
> fine.
> If I run the code on a dev machine (dev_2) against (dev_dc_2) everything
> works fine.
>
> If I run the code on my machine (m_1) against (dev_dc_2) using the admin
> id / pwd of
> dev_dc_2 it throws the exception described below.
>
> Let me know what you are looking for and I will get it to you.
>
> Thanks,
> Dave
>
> On Thu, 17 Mar 2005 09:20:05 -0600, "Joe Kaplan \(MVP - ADSI\)"
> <joseph.e.kaplan@removethis.accenture.com> wrote:
>>>>The path for the DirectoryEntry will control which LDAP server you access.
>>Your code doesn't show what you are using there.
>>
>>The error you are getting is due to a problem with ADSI not being able to
>>read the server's abstract schema. This is almost always a problem
>>related
>>to security context. Typically, the search is performed as an anonymous
>>user and that user does not have access to read the subschemaSubentry
>>object, so ADSI doesn't understand the server's data types. Sometimes you
>>get this problem because it could not parse the schema, but that doesn't
>>really seem to happen with AD or ADAM.
>>
>>Can you show a very simple sample that demonstrates the error?
>>
>>Joe K.
>>
>><webbertsolutions@newsgroups.nospam> wrote in message
>>news:176j31tp4gg5mvcuptuoqsukqv71ph6u8a@4ax.com. ..>>>>>I am having troubles accessing a different Domain Controller than the one
>>> I am currently in. Any help would be appreciated.
>>>
>>> Dave
>>>
>>> =================================================
>>>
>>> Access DC_1 Access DC_2
>>> Machine_1 in Domain_1 Works Exception
>>> Machine_2 in Domain_2 Exception Works
>>>
>>>
>>> The Exception is the same for both:
>>> ex.Message -> "[exception] Error occurred while retrieving Active
>>> Directory display name (displayname)."
>>> ex.InnerException -> "Handling of this ADSVALUE type is not yet
>>> implemented (type = 0xb)."
>>>
>>>
>>>
>>> AdminID Password
>>> =======================
>>> DC_1 Unknown Unknown
>>> DC_2 known known
>>>
>>>
>>>
>>> Code -- Use UserID and Password If known
>>> =================================================
>>>
>>> string ldapAdminID = ConfigurationSettings.AppSettings["User"];
>>> string ldapAdminPwd = ConfigurationSettings.AppSettings["Pwd"];
>>> AuthenticationTypes AD_TYPE = AuthenticationTypes.Secure;
>>>
>>> if ((ldapAdminID == null) || (ldapAdminID.Trim().Equals(String.Empty)))
>>> entry = new DirectoryEntry(path);
>>> else
>>> entry = new DirectoryEntry(path, ldapAdminID, ldapAdminPwd, AD_TYPE);
>>>
>>>
>>> DirectorySearcher searcher = new DirectorySearcher( entry );
>>> searcher.Filter = String.Format( AD_SEARCH_EXPRESSION, m_LogonID );
>>>
>>> searcher.PropertiesToLoad.AddRange(
>>> new string[] { displayNamePropertyName, groupsPropertyName } );
>>>
>>> SearchResult result = searcher.FindOne();
>>> if ( result != null )
>>> {
>>> // THIS LINE THROWS AN EXCEPTION
>>> displayName = result.Properties["displayname"][0].ToString();
>>>
>>> // ex.Message -> "[exception] Error occurred while retrieving Active
>>> Directory display name (displayname)."
>>> // ex.InnerException -> "Handling of this ADSVALUE type is not yet
>>> implemented (type = 0xb)."
>>> }
>>>
>>>
>>>
>>>
>>> Using the watch window, these are the values of the SearchResult
>>> ================================================== ======================
>>> result.Properties.Hashtable.KeyCollection._hashtab le
>>> ["adspath"]
>>> ["displayname"]
>>>
>>> result.Properties["adspath"]
>>> Item -> <cannot view indexed property>
>>> System.Collections.ICollection.ReadOnlyCollectionB ase
>>> list {Count=0x1}
>>> list[0] -> "LDAP://aaaa/CN=bbbbb,CN=Users,DC=aaaa,DC=com"
>>>
>>>
>>> result.Properties["displayname"]
>>> Item -> <cannot view indexed property>
>>> System.Collections.ICollection.ReadOnlyCollectionB ase
>>> list {Count=0x1}
>>> list[0] -> {System.NotImplementedException}
>>> System.SystemException -> {"Handling of this ADSVALUE type
>>> is
>>> not yet implemented (type = 0xb)."}
>>>
>>>
>>>
Joe Kaplan \(MVP - ADSI\) Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
