Active Directory Error "The specified domain either does not exist or could not be contacted"

[Brad]

I'm trying to use Active Directory to retrieve information for a user...for
display purposes.. I am not using windows authentication or
impersonation....I am using a fixed user id and password for initializing
the DirectoryEntry object. For example sake our domain name is mydomain.net
so the LDAP path I use is LDAP://DC=mydomain,DC=Net
Notice I am not specifying a server in the LDAP path which and I would
prefer to not use the server name in the path as we have multiple ldap
servers, all mirroring each other for backup, performance and failover. On
my pc, a win2003 server, this work fine in my asp.net app and the
information is retrieved. However when I deploy to a web server on our
domain I receive the following error:
"The specified domain either does not exist or could not be
contacted"

If I include a server name in the LDAP path it works correctly on the
server, i.e. LDAP://adserver/DC=mydomain,DC=Net

Why would I have to user the server name in the path on web server but not,
for the same web app, on my local pc? I am also using the default account
for running asp.net: Network Service on my win2003 pc and ASP.NET on the
win2000 web server.


Thanks


Brad

 

[[MSFT]]

Hi Brad,

Did the ASP.NET app run under same account on the two servers? To Access AD
in an ASP.NET application, it is better to run the app under a domain user
in local administrator. For example, you can config like following:

1. In machine.config, <ProcessModal> element, set the User to System
2. In Web.config, set <identity Impersonate=true />
3. In IIS manager, set the app's anonymous access account to domain user in
local administrator

Luke
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)