I am trying to access an AD from asp.net, I am getting the 'famous' "The
specified domain either does not exist or could not be contacted" exception
with a HR = 0x08007054b

the code (C# .Net) is as follows:

DirectoryEntry rootEntry = new DirectoryEntry("LDAP://RootDSE");
string contextPath =
rootEntry.Properties["defaultNamingContext"].Value.ToString();
rootEntry.Dispose();
DirectoryEntry contextEntry = new DirectoryEntry("LDAP://" + contextPath);

I know this code works and as far as I know I should be able to access\query
the root but it fails. So is it a permissions issue with asp.net or the
domain configuration.


Cheers

Ollie Riches
http://www.phoneanalyser.net

Disclaimer: Opinions expressed in this forum are my own, and not
representative of my employer.
I do not answer questions on behalf of my employer. I'm just a programmer
helping programmers.

The issue is probably serverless binding (not putting a server name in your
binding string). That only works if your current thread is running under a
domain account.

Trying putting the DNS name of a domain controller in there
(LDAP://server.com/RootDSE) and see if that fixes it. If so, that's your
problem.

http://support.microsoft.com/default...b;en-us;329986

Joe K.

"Ollie Riches" <(E-Mail Removed)> wrote in message
news:eE0%(E-Mail Removed)...
>I am trying to access an AD from asp.net, I am getting the 'famous' "The
> specified domain either does not exist or could not be contacted"
> exception
> with a HR = 0x08007054b
>
> the code (C# .Net) is as follows:
>
> DirectoryEntry rootEntry = new DirectoryEntry("LDAP://RootDSE");
> string contextPath =
> rootEntry.Properties["defaultNamingContext"].Value.ToString();
> rootEntry.Dispose();
> DirectoryEntry contextEntry = new DirectoryEntry("LDAP://" + contextPath);
>
> I know this code works and as far as I know I should be able to
> access\query
> the root but it fails. So is it a permissions issue with asp.net or the
> domain configuration.
>
>
> Cheers
>
> Ollie Riches
> http://www.phoneanalyser.net
>
> Disclaimer: Opinions expressed in this forum are my own, and not
> representative of my employer.
> I do not answer questions on behalf of my employer. I'm just a programmer
> helping programmers.
>
>

thanks Joe, I do some more searching and found another one of your posts
explaining this and it works for accessing the default context but when I
attempt to get the users name ('cn' property) it fails. the code is shown
below.

string currentUserName =
(((string)Context.User.Identity.Name).Split('\\'))[1];
string contextPath = "";
using(DirectoryEntry rootEntry = new
DirectoryEntry("LDAP://XXXXXX/RootDSE"))
{
contextPath = rootEntry.Properties["defaultNamingContext"].Value.ToString();
}
using(DirectoryEntry contextEntry = new DirectoryEntry("LDAP://" +
contextPath))
using(DirectorySearcher searcher = new DirectorySearcher())
{
searcher.SearchRoot = contextEntry;
searcher.Filter =
String.Format("(&(objectCategory=person)(samAccountName={0}))",
currentUserName);
searcher.PropertiesToLoad.Add("cn");
searcher.SearchScope = SearchScope.Subtree;
SearchResult result = searcher.FindOne();
return result.Properties["cn"][0].ToString();
}

When impersonation was used in asp.net then it all works perfectly fine as I
expected but using impersonation defeats what I am try to achieve.




"Joe Kaplan (MVP - ADSI)" <(E-Mail Removed)> wrote
in message news:#(E-Mail Removed)...
> The issue is probably serverless binding (not putting a server name in
your
> binding string). That only works if your current thread is running under
a
> domain account.
>
> Trying putting the DNS name of a domain controller in there
> (LDAP://server.com/RootDSE) and see if that fixes it. If so, that's your
> problem.
>
> http://support.microsoft.com/default...b;en-us;329986
>
> Joe K.
>
> "Ollie Riches" <(E-Mail Removed)> wrote in message
> news:eE0%(E-Mail Removed)...
> >I am trying to access an AD from asp.net, I am getting the 'famous' "The
> > specified domain either does not exist or could not be contacted"
> > exception
> > with a HR = 0x08007054b
> >
> > the code (C# .Net) is as follows:
> >
> > DirectoryEntry rootEntry = new DirectoryEntry("LDAP://RootDSE");
> > string contextPath =
> > rootEntry.Properties["defaultNamingContext"].Value.ToString();
> > rootEntry.Dispose();
> > DirectoryEntry contextEntry = new DirectoryEntry("LDAP://" +
contextPath);
> >
> > I know this code works and as far as I know I should be able to
> > access\query
> > the root but it fails. So is it a permissions issue with asp.net or the
> > domain configuration.
> >
> >
> > Cheers
> >
> > Ollie Riches
> > http://www.phoneanalyser.net
> >
> > Disclaimer: Opinions expressed in this forum are my own, and not
> > representative of my employer.
> > I do not answer questions on behalf of my employer. I'm just a
programmer
> > helping programmers.
> >
> >
>
>

Along the lines of the rest of the article that I sent in my last message,
you may need to provide credentials in your DirectoryEntry as well as a
server name.

Credentials and a DC to talk to are the two things that ADSI picks up from
the Windows security context and will supply automatically if you don't
specify them directly. However, if you don't specify them and your security
context isn't a domain account, then those will both fail.

What is likely happening is that you are being authenticated as the
anonymous user in AD and don't have any permissions to see any objects.

Joe K.

"Ollie Riches" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> thanks Joe, I do some more searching and found another one of your posts
> explaining this and it works for accessing the default context but when I
> attempt to get the users name ('cn' property) it fails. the code is shown
> below.
>
> string currentUserName =
> (((string)Context.User.Identity.Name).Split('\\'))[1];
> string contextPath = "";
> using(DirectoryEntry rootEntry = new
> DirectoryEntry("LDAP://XXXXXX/RootDSE"))
> {
> contextPath =
> rootEntry.Properties["defaultNamingContext"].Value.ToString();
> }
> using(DirectoryEntry contextEntry = new DirectoryEntry("LDAP://" +
> contextPath))
> using(DirectorySearcher searcher = new DirectorySearcher())
> {
> searcher.SearchRoot = contextEntry;
> searcher.Filter =
> String.Format("(&(objectCategory=person)(samAccountName={0}))",
> currentUserName);
> searcher.PropertiesToLoad.Add("cn");
> searcher.SearchScope = SearchScope.Subtree;
> SearchResult result = searcher.FindOne();
> return result.Properties["cn"][0].ToString();
> }
>
> When impersonation was used in asp.net then it all works perfectly fine as
> I
> expected but using impersonation defeats what I am try to achieve.
>
>
>
>
> "Joe Kaplan (MVP - ADSI)" <(E-Mail Removed)> wrote
> in message news:#(E-Mail Removed)...
>> The issue is probably serverless binding (not putting a server name in
> your
>> binding string). That only works if your current thread is running under
> a
>> domain account.
>>
>> Trying putting the DNS name of a domain controller in there
>> (LDAP://server.com/RootDSE) and see if that fixes it. If so, that's your
>> problem.
>>
>> http://support.microsoft.com/default...b;en-us;329986
>>
>> Joe K.
>>
>> "Ollie Riches" <(E-Mail Removed)> wrote in message
>> news:eE0%(E-Mail Removed)...
>> >I am trying to access an AD from asp.net, I am getting the 'famous' "The
>> > specified domain either does not exist or could not be contacted"
>> > exception
>> > with a HR = 0x08007054b
>> >
>> > the code (C# .Net) is as follows:
>> >
>> > DirectoryEntry rootEntry = new DirectoryEntry("LDAP://RootDSE");
>> > string contextPath =
>> > rootEntry.Properties["defaultNamingContext"].Value.ToString();
>> > rootEntry.Dispose();
>> > DirectoryEntry contextEntry = new DirectoryEntry("LDAP://" +
> contextPath);
>> >
>> > I know this code works and as far as I know I should be able to
>> > access\query
>> > the root but it fails. So is it a permissions issue with asp.net or the
>> > domain configuration.
>> >
>> >
>> > Cheers
>> >
>> > Ollie Riches
>> > http://www.phoneanalyser.net
>> >
>> > Disclaimer: Opinions expressed in this forum are my own, and not
>> > representative of my employer.
>> > I do not answer questions on behalf of my employer. I'm just a
> programmer
>> > helping programmers.
>> >
>> >
>>
>>
>
>

thanks for the info Joe. It was the fact that we were authenticating as
anonymous user and when we set impersonation true for the aspx page then it
all work fine

Cheers

Ollie Riches

"Joe Kaplan (MVP - ADSI)" <(E-Mail Removed)> wrote
in message news:(E-Mail Removed)...
> Along the lines of the rest of the article that I sent in my last message,
> you may need to provide credentials in your DirectoryEntry as well as a
> server name.
>
> Credentials and a DC to talk to are the two things that ADSI picks up from
> the Windows security context and will supply automatically if you don't
> specify them directly. However, if you don't specify them and your
security
> context isn't a domain account, then those will both fail.
>
> What is likely happening is that you are being authenticated as the
> anonymous user in AD and don't have any permissions to see any objects.
>
> Joe K.
>
> "Ollie Riches" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> > thanks Joe, I do some more searching and found another one of your posts
> > explaining this and it works for accessing the default context but when
I
> > attempt to get the users name ('cn' property) it fails. the code is
shown
> > below.
> >
> > string currentUserName =
> > (((string)Context.User.Identity.Name).Split('\\'))[1];
> > string contextPath = "";
> > using(DirectoryEntry rootEntry = new
> > DirectoryEntry("LDAP://XXXXXX/RootDSE"))
> > {
> > contextPath =
> > rootEntry.Properties["defaultNamingContext"].Value.ToString();
> > }
> > using(DirectoryEntry contextEntry = new DirectoryEntry("LDAP://" +
> > contextPath))
> > using(DirectorySearcher searcher = new DirectorySearcher())
> > {
> > searcher.SearchRoot = contextEntry;
> > searcher.Filter =
> > String.Format("(&(objectCategory=person)(samAccountName={0}))",
> > currentUserName);
> > searcher.PropertiesToLoad.Add("cn");
> > searcher.SearchScope = SearchScope.Subtree;
> > SearchResult result = searcher.FindOne();
> > return result.Properties["cn"][0].ToString();
> > }
> >
> > When impersonation was used in asp.net then it all works perfectly fine
as
> > I
> > expected but using impersonation defeats what I am try to achieve.
> >
> >
> >
> >
> > "Joe Kaplan (MVP - ADSI)" <(E-Mail Removed)>
wrote
> > in message news:#(E-Mail Removed)...
> >> The issue is probably serverless binding (not putting a server name in
> > your
> >> binding string). That only works if your current thread is running
under
> > a
> >> domain account.
> >>
> >> Trying putting the DNS name of a domain controller in there
> >> (LDAP://server.com/RootDSE) and see if that fixes it. If so, that's
your
> >> problem.
> >>
> >> http://support.microsoft.com/default...b;en-us;329986
> >>
> >> Joe K.
> >>
> >> "Ollie Riches" <(E-Mail Removed)> wrote in message
> >> news:eE0%(E-Mail Removed)...
> >> >I am trying to access an AD from asp.net, I am getting the 'famous'
"The
> >> > specified domain either does not exist or could not be contacted"
> >> > exception
> >> > with a HR = 0x08007054b
> >> >
> >> > the code (C# .Net) is as follows:
> >> >
> >> > DirectoryEntry rootEntry = new DirectoryEntry("LDAP://RootDSE");
> >> > string contextPath =
> >> > rootEntry.Properties["defaultNamingContext"].Value.ToString();
> >> > rootEntry.Dispose();
> >> > DirectoryEntry contextEntry = new DirectoryEntry("LDAP://" +
> > contextPath);
> >> >
> >> > I know this code works and as far as I know I should be able to
> >> > access\query
> >> > the root but it fails. So is it a permissions issue with asp.net or
the
> >> > domain configuration.
> >> >
> >> >
> >> > Cheers
> >> >
> >> > Ollie Riches
> >> > http://www.phoneanalyser.net
> >> >
> >> > Disclaimer: Opinions expressed in this forum are my own, and not
> >> > representative of my employer.
> >> > I do not answer questions on behalf of my employer. I'm just a
> > programmer
> >> > helping programmers.
> >> >
> >> >
> >>
> >>
> >
> >
>
>

I was having a similar problem so I tried passing the username and password of the domain administrator account when
creating the DirectoryEntry object and it still failed. Then I tried setting the impersonation in the web.config file
to impersonate the domain adminstrator account and that failed as well. I could only get it to work by passing the
server name of the DC in the LDAP path string. I don't understand why.



--Buddy


Joe Kaplan (MVP - ADSI) wrote:
> The issue is probably serverless binding (not putting a server name in your
> binding string). That only works if your current thread is running under a
> domain account.
>
> Trying putting the DNS name of a domain controller in there
> (LDAP://server.com/RootDSE) and see if that fixes it. If so, that's your
> problem.
>
> http://support.microsoft.com/default...b;en-us;329986
>
> Joe K.
>
> "Ollie Riches" <(E-Mail Removed)> wrote in message
> news:eE0%(E-Mail Removed)...
>
>>I am trying to access an AD from asp.net, I am getting the 'famous' "The
>>specified domain either does not exist or could not be contacted"
>>exception
>>with a HR = 0x08007054b
>>
>>the code (C# .Net) is as follows:
>>
>>DirectoryEntry rootEntry = new DirectoryEntry("LDAP://RootDSE");
>>string contextPath =
>>rootEntry.Properties["defaultNamingContext"].Value.ToString();
>>rootEntry.Dispose();
>>DirectoryEntry contextEntry = new DirectoryEntry("LDAP://" + contextPath);
>>
>>I know this code works and as far as I know I should be able to
>>access\query
>>the root but it fails. So is it a permissions issue with asp.net or the
>>domain configuration.
>>
>>
>>Cheers
>>
>>Ollie Riches
>>http://www.phoneanalyser.net
>>
>>Disclaimer: Opinions expressed in this forum are my own, and not
>>representative of my employer.
>>I do not answer questions on behalf of my employer. I'm just a programmer
>>helping programmers.
>>
>>
>
>
>

Without seeing an example of what you tried and knowing the exact error, it
is hard to know exactly what went wrong.

However, you generally have to provide a server name if your current thread
is not running under a domain account. Serverless binding uses information
about the current security context to locate a domain controller for you and
connect to it. Typically, you would have a domain account on the current
thread if you were impersonating the domain administrator, so that should
have worked. What went wrong there?

Joe K.

"Buddy Ackerman" <(E-Mail Removed)> wrote in message
news:OH%(E-Mail Removed)...
>I was having a similar problem so I tried passing the username and password
>of the domain administrator account when creating the DirectoryEntry object
>and it still failed. Then I tried setting the impersonation in the
>web.config file to impersonate the domain adminstrator account and that
>failed as well. I could only get it to work by passing the server name of
>the DC in the LDAP path string. I don't understand why.
>
>
>
> --Buddy
>
>

If I try and do this:

Dim objDE As DirectoryEntry
Dim myDE As DirectoryEntry
objDE = New DirectoryEntry("LDAP://RootDSE")
myDE = New DirectoryEntry("LDAP://" & CStr(objDE.Properties("defaultNamingContext").Value) & "/cn=Users")

With the following entry in my web.config:

<identity impersonate="true" userName="administrator" password="mypassword"/>

I get the error "The specified domain either does not exist or could not be contacted", on the line where I instantiate
the myDE object. I would have expected this to work but I walways have to include the server name in the path. This works:

Dim objDE As DirectoryEntry
Dim myDE As DirectoryEntry
objDE = New DirectoryEntry("LDAP://myDC/RootDSE")
myDE = New DirectoryEntry("LDAP://myDC/" & CStr(objDE.Properties("defaultNamingContext").Value) & "/cn=Users")




--Buddy




Joe Kaplan (MVP - ADSI) wrote:
> Without seeing an example of what you tried and knowing the exact error, it
> is hard to know exactly what went wrong.
>
> However, you generally have to provide a server name if your current thread
> is not running under a domain account. Serverless binding uses information
> about the current security context to locate a domain controller for you and
> connect to it. Typically, you would have a domain account on the current
> thread if you were impersonating the domain administrator, so that should
> have worked. What went wrong there?
>
> Joe K.
>
> "Buddy Ackerman" <(E-Mail Removed)> wrote in message
> news:OH%(E-Mail Removed)...
>
>>I was having a similar problem so I tried passing the username and password
>>of the domain administrator account when creating the DirectoryEntry object
>>and it still failed. Then I tried setting the impersonation in the
>>web.config file to impersonate the domain adminstrator account and that
>>failed as well. I could only get it to work by passing the server name of
>>the DC in the LDAP path string. I don't understand why.
>>
>>
>>
>>--Buddy
>>
>>
>
>
>

<identity impersonate="true" userName="administrator"
password="mypassword"/>


Is administator here the domain admin for the domain or a local admin? If
it is local, then that is the same problem as before.

Another useful technique is to check the value of
System.Security.Principal.WindowsIdentity.GetCurrent().Name to see what the
current thread is executing as.

Joe K.

"Buddy Ackerman" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> If I try and do this:
>
> Dim objDE As DirectoryEntry
> Dim myDE As DirectoryEntry
> objDE = New DirectoryEntry("LDAP://RootDSE")
> myDE = New DirectoryEntry("LDAP://" &
> CStr(objDE.Properties("defaultNamingContext").Value) & "/cn=Users")
>
> With the following entry in my web.config:
>
> <identity impersonate="true" userName="administrator"
> password="mypassword"/>
>
> I get the error "The specified domain either does not exist or could not
> be contacted", on the line where I instantiate the myDE object. I would
> have expected this to work but I walways have to include the server name
> in the path. This works:
>
> Dim objDE As DirectoryEntry
> Dim myDE As DirectoryEntry
> objDE = New DirectoryEntry("LDAP://myDC/RootDSE")
> myDE = New DirectoryEntry("LDAP://myDC/" &
> CStr(objDE.Properties("defaultNamingContext").Value) & "/cn=Users")
>
>
>
>
> --Buddy
>
>
>
>
> Joe Kaplan (MVP - ADSI) wrote:
>> Without seeing an example of what you tried and knowing the exact error,
>> it is hard to know exactly what went wrong.
>>
>> However, you generally have to provide a server name if your current
>> thread is not running under a domain account. Serverless binding uses
>> information about the current security context to locate a domain
>> controller for you and connect to it. Typically, you would have a domain
>> account on the current thread if you were impersonating the domain
>> administrator, so that should have worked. What went wrong there?
>>
>> Joe K.
>>
>> "Buddy Ackerman" <(E-Mail Removed)> wrote in message
>> news:OH%(E-Mail Removed)...
>>
>>>I was having a similar problem so I tried passing the username and
>>>password of the domain administrator account when creating the
>>>DirectoryEntry object and it still failed. Then I tried setting the
>>>impersonation in the web.config file to impersonate the domain
>>>adminstrator account and that failed as well. I could only get it to
>>>work by passing the server name of the DC in the LDAP path string. I
>>>don't understand why.
>>>
>>>
>>>
>>>--Buddy
>>>
>>>
>>
>>