Professional Web Applications Themes

Trouble Accessing Active Directory Domain Controller - ASP.NET Security

I am having troubles accessing a different Domain Controller than the one I am currently in. Any help would be appreciated. Dave ================================================= Access DC_1 Access DC_2 Machine_1 in Domain_1 Works Exception Machine_2 in Domain_2 Exception Works The Exception is the same for both: ex.Message -> "[exception] Error occurred while retrieving Active Directory display name (displayname)." ex.InnerException -> "Handling of this ADSVALUE type is not yet implemented (type = 0xb)." AdminID Password ======================= DC_1 Unknown Unknown DC_2 known known Code -- Use UserID and Password If known ================================================= string ldapAdminID = ConfigurationSettings.AppSettings["User"]; string ldapAdminPwd = ConfigurationSettings.AppSettings["Pwd"]; AuthenticationTypes AD_TYPE = AuthenticationTypes.Secure; ...

  1. #1

    Default Trouble Accessing Active Directory Domain Controller

    I am having troubles accessing a different Domain Controller than the one
    I am currently in. Any help would be appreciated.

    Dave

    =================================================

    Access DC_1 Access DC_2
    Machine_1 in Domain_1 Works Exception
    Machine_2 in Domain_2 Exception Works


    The Exception is the same for both:
    ex.Message -> "[exception] Error occurred while retrieving Active Directory display name (displayname)."
    ex.InnerException -> "Handling of this ADSVALUE type is not yet implemented (type = 0xb)."



    AdminID Password
    =======================
    DC_1 Unknown Unknown
    DC_2 known known



    Code -- Use UserID and Password If known
    =================================================

    string ldapAdminID = ConfigurationSettings.AppSettings["User"];
    string ldapAdminPwd = ConfigurationSettings.AppSettings["Pwd"];
    AuthenticationTypes AD_TYPE = AuthenticationTypes.Secure;

    if ((ldapAdminID == null) || (ldapAdminID.Trim().Equals(String.Empty)))
    entry = new DirectoryEntry(path);
    else
    entry = new DirectoryEntry(path, ldapAdminID, ldapAdminPwd, AD_TYPE);


    DirectorySearcher searcher = new DirectorySearcher( entry );
    searcher.Filter = String.Format( AD_SEARCH_EXPRESSION, m_LogonID );

    searcher.PropertiesToLoad.AddRange(
    new string[] { displayNamePropertyName, groupsPropertyName } );

    SearchResult result = searcher.FindOne();
    if ( result != null )
    {
    // THIS LINE THROWS AN EXCEPTION
    displayName = result.Properties["displayname"][0].ToString();

    // ex.Message -> "[exception] Error occurred while retrieving Active Directory display name (displayname)."
    // ex.InnerException -> "Handling of this ADSVALUE type is not yet implemented (type = 0xb)."
    }




    Using the watch window, these are the values of the SearchResult
    ================================================== ======================
    result.Properties.Hashtable.KeyCollection._hashtab le
    ["adspath"]
    ["displayname"]

    result.Properties["adspath"]
    Item -> <cannot view indexed property>
    System.Collections.ICollection.ReadOnlyCollectionB ase
    list {Count=0x1}
    list[0] -> "LDAP://aaaa/CN=bbbbb,CN=Users,DC=aaaa,DC=com"


    result.Properties["displayname"]
    Item -> <cannot view indexed property>
    System.Collections.ICollection.ReadOnlyCollectionB ase
    list {Count=0x1}
    list[0] -> {System.NotImplementedException}
    System.SystemException -> {"Handling of this ADSVALUE type is not yet implemented (type = 0xb)."}



    webbertsolutions@newsgroups.nospam Guest

  2. #2

    Default Re: Trouble Accessing Active Directory Domain Controller

    The path for the DirectoryEntry will control which LDAP server you access.
    Your code doesn't show what you are using there.

    The error you are getting is due to a problem with ADSI not being able to
    read the server's abstract schema. This is almost always a problem related
    to security context. Typically, the search is performed as an anonymous
    user and that user does not have access to read the subschemaSubentry
    object, so ADSI doesn't understand the server's data types. Sometimes you
    get this problem because it could not p the schema, but that doesn't
    really seem to happen with AD or ADAM.

    Can you show a very simple sample that demonstrates the error?

    Joe K.

    <webbertsolutionsnewsgroups.nospam> wrote in message
    news:176j31tp4gg5mvcuptuoqsukqv71ph6u8a4ax.com...
    >I am having troubles accessing a different Domain Controller than the one
    > I am currently in. Any help would be appreciated.
    >
    > Dave
    >
    > =================================================
    >
    > Access DC_1 Access DC_2
    > Machine_1 in Domain_1 Works Exception
    > Machine_2 in Domain_2 Exception Works
    >
    >
    > The Exception is the same for both:
    > ex.Message -> "[exception] Error occurred while retrieving Active
    > Directory display name (displayname)."
    > ex.InnerException -> "Handling of this ADSVALUE type is not yet
    > implemented (type = 0xb)."
    >
    >
    >
    > AdminID Password
    > =======================
    > DC_1 Unknown Unknown
    > DC_2 known known
    >
    >
    >
    > Code -- Use UserID and Password If known
    > =================================================
    >
    > string ldapAdminID = ConfigurationSettings.AppSettings["User"];
    > string ldapAdminPwd = ConfigurationSettings.AppSettings["Pwd"];
    > AuthenticationTypes AD_TYPE = AuthenticationTypes.Secure;
    >
    > if ((ldapAdminID == null) || (ldapAdminID.Trim().Equals(String.Empty)))
    > entry = new DirectoryEntry(path);
    > else
    > entry = new DirectoryEntry(path, ldapAdminID, ldapAdminPwd, AD_TYPE);
    >
    >
    > DirectorySearcher searcher = new DirectorySearcher( entry );
    > searcher.Filter = String.Format( AD_SEARCH_EXPRESSION, m_LogonID );
    >
    > searcher.PropertiesToLoad.AddRange(
    > new string[] { displayNamePropertyName, groupsPropertyName } );
    >
    > SearchResult result = searcher.FindOne();
    > if ( result != null )
    > {
    > // THIS LINE THROWS AN EXCEPTION
    > displayName = result.Properties["displayname"][0].ToString();
    >
    > // ex.Message -> "[exception] Error occurred while retrieving Active
    > Directory display name (displayname)."
    > // ex.InnerException -> "Handling of this ADSVALUE type is not yet
    > implemented (type = 0xb)."
    > }
    >
    >
    >
    >
    > Using the watch window, these are the values of the SearchResult
    > ================================================== ======================
    > result.Properties.Hashtable.KeyCollection._hashtab le
    > ["adspath"]
    > ["displayname"]
    >
    > result.Properties["adspath"]
    > Item -> <cannot view indexed property>
    > System.Collections.ICollection.ReadOnlyCollectionB ase
    > list {Count=0x1}
    > list[0] -> "LDAP://aaaa/CN=bbbbb,CN=Users,DC=aaaa,DC=com"
    >
    >
    > result.Properties["displayname"]
    > Item -> <cannot view indexed property>
    > System.Collections.ICollection.ReadOnlyCollectionB ase
    > list {Count=0x1}
    > list[0] -> {System.NotImplementedException}
    > System.SystemException -> {"Handling of this ADSVALUE type is
    > not yet implemented (type = 0xb)."}
    >
    >
    >

    Joe Kaplan \(MVP - ADSI\) Guest

  3. #3

    Default Re: Trouble Accessing Active Directory Domain Controller

    Joe,

    Happy to get you what you want, just not sure what you want.
    The code listed below is the ACTUAL code that I am using. Just
    didn't include the entire source code due to size.

    You said it could be a permission issue. Let me explain what I am doing.

    I have logged in my machine (m_1) with my domain account. I am authenticated
    against my corp dc (dc_1).

    If I run the code on my machine (m_1) against (dc_1) everything works fine.
    If I run the code on a dev machine (dev_2) against (dev_dc_2) everything works fine.

    If I run the code on my machine (m_1) against (dev_dc_2) using the admin id / pwd of
    dev_dc_2 it throws the exception described below.

    Let me know what you are looking for and I will get it to you.

    Thanks,
    Dave

    On Thu, 17 Mar 2005 09:20:05 -0600, "Joe Kaplan \(MVP - ADSI\)" <joseph.e.kaplanremovethis.accenture.com> wrote:
    >The path for the DirectoryEntry will control which LDAP server you access.
    >Your code doesn't show what you are using there.
    >
    >The error you are getting is due to a problem with ADSI not being able to
    >read the server's abstract schema. This is almost always a problem related
    >to security context. Typically, the search is performed as an anonymous
    >user and that user does not have access to read the subschemaSubentry
    >object, so ADSI doesn't understand the server's data types. Sometimes you
    >get this problem because it could not p the schema, but that doesn't
    >really seem to happen with AD or ADAM.
    >
    >Can you show a very simple sample that demonstrates the error?
    >
    >Joe K.
    >
    ><webbertsolutionsnewsgroups.nospam> wrote in message
    >news:176j31tp4gg5mvcuptuoqsukqv71ph6u8a4ax.com.. .
    >>I am having troubles accessing a different Domain Controller than the one
    >> I am currently in. Any help would be appreciated.
    >>
    >> Dave
    >>
    >> =================================================
    >>
    >> Access DC_1 Access DC_2
    >> Machine_1 in Domain_1 Works Exception
    >> Machine_2 in Domain_2 Exception Works
    >>
    >>
    >> The Exception is the same for both:
    >> ex.Message -> "[exception] Error occurred while retrieving Active
    >> Directory display name (displayname)."
    >> ex.InnerException -> "Handling of this ADSVALUE type is not yet
    >> implemented (type = 0xb)."
    >>
    >>
    >>
    >> AdminID Password
    >> =======================
    >> DC_1 Unknown Unknown
    >> DC_2 known known
    >>
    >>
    >>
    >> Code -- Use UserID and Password If known
    >> =================================================
    >>
    >> string ldapAdminID = ConfigurationSettings.AppSettings["User"];
    >> string ldapAdminPwd = ConfigurationSettings.AppSettings["Pwd"];
    >> AuthenticationTypes AD_TYPE = AuthenticationTypes.Secure;
    >>
    >> if ((ldapAdminID == null) || (ldapAdminID.Trim().Equals(String.Empty)))
    >> entry = new DirectoryEntry(path);
    >> else
    >> entry = new DirectoryEntry(path, ldapAdminID, ldapAdminPwd, AD_TYPE);
    >>
    >>
    >> DirectorySearcher searcher = new DirectorySearcher( entry );
    >> searcher.Filter = String.Format( AD_SEARCH_EXPRESSION, m_LogonID );
    >>
    >> searcher.PropertiesToLoad.AddRange(
    >> new string[] { displayNamePropertyName, groupsPropertyName } );
    >>
    >> SearchResult result = searcher.FindOne();
    >> if ( result != null )
    >> {
    >> // THIS LINE THROWS AN EXCEPTION
    >> displayName = result.Properties["displayname"][0].ToString();
    >>
    >> // ex.Message -> "[exception] Error occurred while retrieving Active
    >> Directory display name (displayname)."
    >> // ex.InnerException -> "Handling of this ADSVALUE type is not yet
    >> implemented (type = 0xb)."
    >> }
    >>
    >>
    >>
    >>
    >> Using the watch window, these are the values of the SearchResult
    >> ================================================== ======================
    >> result.Properties.Hashtable.KeyCollection._hashtab le
    >> ["adspath"]
    >> ["displayname"]
    >>
    >> result.Properties["adspath"]
    >> Item -> <cannot view indexed property>
    >> System.Collections.ICollection.ReadOnlyCollectionB ase
    >> list {Count=0x1}
    >> list[0] -> "LDAP://aaaa/CN=bbbbb,CN=Users,DC=aaaa,DC=com"
    >>
    >>
    >> result.Properties["displayname"]
    >> Item -> <cannot view indexed property>
    >> System.Collections.ICollection.ReadOnlyCollectionB ase
    >> list {Count=0x1}
    >> list[0] -> {System.NotImplementedException}
    >> System.SystemException -> {"Handling of this ADSVALUE type is
    >> not yet implemented (type = 0xb)."}
    >>
    >>
    >>
    >
    webbertsolutions@newsgroups.nospam Guest

  4. #4

    Default Re: Trouble Accessing Active Directory Domain Controller

    Essentially what I'm asking for is a stripped down code sample with hard
    coded values (changed to protect the innocent) so that I don't have to try
    to figure out what all those variables mean. It is especially important to
    see an example of what you are using for the path and the syntax you are
    using for username and password.

    Once I see that, I think I can diagnose it. Another thing I suggest you do
    is add AuthenticationTypes.Secure to your DirectoryEntry constructors as you
    really don't want to be passing plaintext credentials on the network, right?
    That's generally bad form, especially when you have the domain admin
    account.

    Thanks!

    Joe K.

    <webbertsolutionsnewsgroups.nospam> wrote in message
    news:7dst31ter1s8isf20nd2luqn2gc4735eb84ax.com...
    > Joe,
    >
    > Happy to get you what you want, just not sure what you want.
    > The code listed below is the ACTUAL code that I am using. Just
    > didn't include the entire source code due to size.
    >
    > You said it could be a permission issue. Let me explain what I am doing.
    >
    > I have logged in my machine (m_1) with my domain account. I am
    > authenticated
    > against my corp dc (dc_1).
    >
    > If I run the code on my machine (m_1) against (dc_1) everything works
    > fine.
    > If I run the code on a dev machine (dev_2) against (dev_dc_2) everything
    > works fine.
    >
    > If I run the code on my machine (m_1) against (dev_dc_2) using the admin
    > id / pwd of
    > dev_dc_2 it throws the exception described below.
    >
    > Let me know what you are looking for and I will get it to you.
    >
    > Thanks,
    > Dave
    >
    > On Thu, 17 Mar 2005 09:20:05 -0600, "Joe Kaplan \(MVP - ADSI\)"
    > <joseph.e.kaplanremovethis.accenture.com> wrote:
    >
    >>The path for the DirectoryEntry will control which LDAP server you access.
    >>Your code doesn't show what you are using there.
    >>
    >>The error you are getting is due to a problem with ADSI not being able to
    >>read the server's abstract schema. This is almost always a problem
    >>related
    >>to security context. Typically, the search is performed as an anonymous
    >>user and that user does not have access to read the subschemaSubentry
    >>object, so ADSI doesn't understand the server's data types. Sometimes you
    >>get this problem because it could not p the schema, but that doesn't
    >>really seem to happen with AD or ADAM.
    >>
    >>Can you show a very simple sample that demonstrates the error?
    >>
    >>Joe K.
    >>
    >><webbertsolutionsnewsgroups.nospam> wrote in message
    >>news:176j31tp4gg5mvcuptuoqsukqv71ph6u8a4ax.com. ..
    >>>I am having troubles accessing a different Domain Controller than the one
    >>> I am currently in. Any help would be appreciated.
    >>>
    >>> Dave
    >>>
    >>> =================================================
    >>>
    >>> Access DC_1 Access DC_2
    >>> Machine_1 in Domain_1 Works Exception
    >>> Machine_2 in Domain_2 Exception Works
    >>>
    >>>
    >>> The Exception is the same for both:
    >>> ex.Message -> "[exception] Error occurred while retrieving Active
    >>> Directory display name (displayname)."
    >>> ex.InnerException -> "Handling of this ADSVALUE type is not yet
    >>> implemented (type = 0xb)."
    >>>
    >>>
    >>>
    >>> AdminID Password
    >>> =======================
    >>> DC_1 Unknown Unknown
    >>> DC_2 known known
    >>>
    >>>
    >>>
    >>> Code -- Use UserID and Password If known
    >>> =================================================
    >>>
    >>> string ldapAdminID = ConfigurationSettings.AppSettings["User"];
    >>> string ldapAdminPwd = ConfigurationSettings.AppSettings["Pwd"];
    >>> AuthenticationTypes AD_TYPE = AuthenticationTypes.Secure;
    >>>
    >>> if ((ldapAdminID == null) || (ldapAdminID.Trim().Equals(String.Empty)))
    >>> entry = new DirectoryEntry(path);
    >>> else
    >>> entry = new DirectoryEntry(path, ldapAdminID, ldapAdminPwd, AD_TYPE);
    >>>
    >>>
    >>> DirectorySearcher searcher = new DirectorySearcher( entry );
    >>> searcher.Filter = String.Format( AD_SEARCH_EXPRESSION, m_LogonID );
    >>>
    >>> searcher.PropertiesToLoad.AddRange(
    >>> new string[] { displayNamePropertyName, groupsPropertyName } );
    >>>
    >>> SearchResult result = searcher.FindOne();
    >>> if ( result != null )
    >>> {
    >>> // THIS LINE THROWS AN EXCEPTION
    >>> displayName = result.Properties["displayname"][0].ToString();
    >>>
    >>> // ex.Message -> "[exception] Error occurred while retrieving Active
    >>> Directory display name (displayname)."
    >>> // ex.InnerException -> "Handling of this ADSVALUE type is not yet
    >>> implemented (type = 0xb)."
    >>> }
    >>>
    >>>
    >>>
    >>>
    >>> Using the watch window, these are the values of the SearchResult
    >>> ================================================== ======================
    >>> result.Properties.Hashtable.KeyCollection._hashtab le
    >>> ["adspath"]
    >>> ["displayname"]
    >>>
    >>> result.Properties["adspath"]
    >>> Item -> <cannot view indexed property>
    >>> System.Collections.ICollection.ReadOnlyCollectionB ase
    >>> list {Count=0x1}
    >>> list[0] -> "LDAP://aaaa/CN=bbbbb,CN=Users,DC=aaaa,DC=com"
    >>>
    >>>
    >>> result.Properties["displayname"]
    >>> Item -> <cannot view indexed property>
    >>> System.Collections.ICollection.ReadOnlyCollectionB ase
    >>> list {Count=0x1}
    >>> list[0] -> {System.NotImplementedException}
    >>> System.SystemException -> {"Handling of this ADSVALUE type
    >>> is
    >>> not yet implemented (type = 0xb)."}
    >>>
    >>>
    >>>
    >>
    >

    Joe Kaplan \(MVP - ADSI\) Guest

Similar Threads

  1. Replies: 1
    Last Post: June 9th, 08:27 AM
  2. Forms Authentication Using Domain Controller not Active Directory
    By Deepak Mehta in forum ASP.NET Security
    Replies: 0
    Last Post: October 5th, 01:08 PM
  3. Accessing objects in active directory via asp.net
    By Toufani in forum ASP.NET Security
    Replies: 1
    Last Post: August 31st, 01:56 PM
  4. Accessing Active Directory
    By Markus Alexander in forum ASP.NET Web Services
    Replies: 1
    Last Post: February 23rd, 07:30 AM
  5. Local v. Domain/Active Directory Security
    By Tom Becker in forum Windows Setup, Administration & Security
    Replies: 0
    Last Post: July 10th, 02:05 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139