defaultNamingContext property failing in asp.net

[Ollie Riches]

I am trying to access an AD from asp.net, I am getting the 'famous' "The
specified domain either does not exist or could not be contacted" exception
with a HR = 0x08007054b

the code (C# .Net) is as follows:

DirectoryEntry rootEntry = new DirectoryEntry("LDAP://RootDSE");
string contextPath =
rootEntry.Properties["defaultNamingContext"].Value.ToString();
rootEntry.Dispose();
DirectoryEntry contextEntry = new DirectoryEntry("LDAP://" + contextPath);

I know this code works and as far as I know I should be able to access\query
the root but it fails. So is it a permissions issue with asp.net or the
domain configuration.


Cheers

Ollie Riches
http://www.phoneanalyser.net

Disclaimer: Opinions expressed in this forum are my own, and not
representative of my employer.
I do not answer questions on behalf of my employer. I'm just a programmer
helping programmers.

 

[Joe Kaplan \(MVP - ADSI\)]

The issue is probably serverless binding (not putting a server name in your
binding string). That only works if your current thread is running under a
domain account.

Trying putting the DNS name of a domain controller in there
(LDAP://server.com/RootDSE) and see if that fixes it. If so, that's your
problem.

http://support.microsoft.com/default.aspx?scid=kb;en-us;329986

Joe K.

 

[Ollie Riches]

thanks Joe, I do some more searching and found another one of your posts
explaining this and it works for accessing the default context but when I
attempt to get the users name ('cn' property) it fails. the code is shown
below.

string currentUserName =
(((string)Context.User.Identity.Name).Split('\\'))[1];
string contextPath = "";
using(DirectoryEntry rootEntry = new
DirectoryEntry("LDAP://XXXXXX/RootDSE"))
{
contextPath = rootEntry.Properties["defaultNamingContext"].Value.ToString();
}
using(DirectoryEntry contextEntry = new DirectoryEntry("LDAP://" +
contextPath))
using(DirectorySearcher searcher = new DirectorySearcher())
{
searcher.SearchRoot = contextEntry;
searcher.Filter =
String.Format("(&(objectCategory=person)(samAccountName={0}))",
currentUserName);
searcher.PropertiesToLoad.Add("cn");
searcher.SearchScope = SearchScope.Subtree;
SearchResult result = searcher.FindOne();
return result.Properties["cn"][0].ToString();
}

When impersonation was used in asp.net then it all works perfectly fine as I
expected but using impersonation defeats what I am try to achieve.

The issue is probably serverless binding (not putting a server name in your
binding string). That only works if your current thread is running under a
domain account.

Trying putting the DNS name of a domain controller in there
(LDAP://server.com/RootDSE) and see if that fixes it. If so, that's your
problem.

http://support.microsoft.com/default.aspx?scid=kb;en-us;329986

Joe K.

I am trying to access an AD from asp.net, I am getting the 'famous' "The
specified domain either does not exist or could not be contacted"
exception
with a HR = 0x08007054b

the code (C# .Net) is as follows:

DirectoryEntry rootEntry = new DirectoryEntry("LDAP://RootDSE");
string contextPath =
rootEntry.Properties["defaultNamingContext"].Value.ToString();
rootEntry.Dispose();
DirectoryEntry contextEntry = new DirectoryEntry("LDAP://" + contextPath);

I know this code works and as far as I know I should be able to
access\query
the root but it fails. So is it a permissions issue with asp.net or the
domain configuration.


Cheers

Ollie Riches
http://www.phoneanalyser.net

Disclaimer: Opinions expressed in this forum are my own, and not
representative of my employer.
I do not answer questions on behalf of my employer. I'm just a programmer
helping programmers.

 

[Joe Kaplan \(MVP - ADSI\)]

Along the lines of the rest of the article that I sent in my last message,
you may need to provide credentials in your DirectoryEntry as well as a
server name.

Credentials and a DC to talk to are the two things that ADSI picks up from
the Windows security context and will supply automatically if you don't
specify them directly. However, if you don't specify them and your security
context isn't a domain account, then those will both fail.

What is likely happening is that you are being authenticated as the
anonymous user in AD and don't have any permissions to see any objects.

Joe K.

thanks Joe, I do some more searching and found another one of your posts
explaining this and it works for accessing the default context but when I
attempt to get the users name ('cn' property) it fails. the code is shown
below.

string currentUserName =
(((string)Context.User.Identity.Name).Split('\\'))[1];
string contextPath = "";
using(DirectoryEntry rootEntry = new
DirectoryEntry("LDAP://XXXXXX/RootDSE"))
{
contextPath =
rootEntry.Properties["defaultNamingContext"].Value.ToString();
}
using(DirectoryEntry contextEntry = new DirectoryEntry("LDAP://" +
contextPath))
using(DirectorySearcher searcher = new DirectorySearcher())
{
searcher.SearchRoot = contextEntry;
searcher.Filter =
String.Format("(&(objectCategory=person)(samAccountName={0}))",
currentUserName);
searcher.PropertiesToLoad.Add("cn");
searcher.SearchScope = SearchScope.Subtree;
SearchResult result = searcher.FindOne();
return result.Properties["cn"][0].ToString();
}

When impersonation was used in asp.net then it all works perfectly fine as
I
expected but using impersonation defeats what I am try to achieve.

The issue is probably serverless binding (not putting a server name in your
binding string). That only works if your current thread is running under a
domain account.

Trying putting the DNS name of a domain controller in there
(LDAP://server.com/RootDSE) and see if that fixes it. If so, that's your
problem.

http://support.microsoft.com/default.aspx?scid=kb;en-us;329986

Joe K.

I am trying to access an AD from asp.net, I am getting the 'famous' "The
specified domain either does not exist or could not be contacted"
exception
with a HR = 0x08007054b

the code (C# .Net) is as follows:

DirectoryEntry rootEntry = new DirectoryEntry("LDAP://RootDSE");
string contextPath =
rootEntry.Properties["defaultNamingContext"].Value.ToString();
rootEntry.Dispose();
DirectoryEntry contextEntry = new DirectoryEntry("LDAP://" + contextPath);

I know this code works and as far as I know I should be able to
access\query
the root but it fails. So is it a permissions issue with asp.net or the
domain configuration.


Cheers

Ollie Riches
http://www.phoneanalyser.net

Disclaimer: Opinions expressed in this forum are my own, and not
representative of my employer.
I do not answer questions on behalf of my employer. I'm just a programmer
helping programmers.

 

[Ollie Riches]

thanks for the info Joe. It was the fact that we were authenticating as
anonymous user and when we set impersonation true for the aspx page then it
all work fine

Cheers

Ollie Riches

Along the lines of the rest of the article that I sent in my last message,
you may need to provide credentials in your DirectoryEntry as well as a
server name.

Credentials and a DC to talk to are the two things that ADSI picks up from
the Windows security context and will supply automatically if you don't
specify them directly. However, if you don't specify them and your security
context isn't a domain account, then those will both fail.

What is likely happening is that you are being authenticated as the
anonymous user in AD and don't have any permissions to see any objects.

Joe K.

thanks Joe, I do some more searching and found another one of your posts
explaining this and it works for accessing the default context but when I
attempt to get the users name ('cn' property) it fails. the code is shown
below.

string currentUserName =
(((string)Context.User.Identity.Name).Split('\\'))[1];
string contextPath = "";
using(DirectoryEntry rootEntry = new
DirectoryEntry("LDAP://XXXXXX/RootDSE"))
{
contextPath =
rootEntry.Properties["defaultNamingContext"].Value.ToString();
}
using(DirectoryEntry contextEntry = new DirectoryEntry("LDAP://" +
contextPath))
using(DirectorySearcher searcher = new DirectorySearcher())
{
searcher.SearchRoot = contextEntry;
searcher.Filter =
String.Format("(&(objectCategory=person)(samAccountName={0}))",
currentUserName);
searcher.PropertiesToLoad.Add("cn");
searcher.SearchScope = SearchScope.Subtree;
SearchResult result = searcher.FindOne();
return result.Properties["cn"][0].ToString();
}

When impersonation was used in asp.net then it all works perfectly fine as
I
expected but using impersonation defeats what I am try to achieve.




in message news:#[email protected]...

The issue is probably serverless binding (not putting a server name in your
binding string). That only works if your current thread is running

under
a

domain account.

Trying putting the DNS name of a domain controller in there
(LDAP://server.com/RootDSE) and see if that fixes it. If so, that's your
problem.

http://support.microsoft.com/default.aspx?scid=kb;en-us;329986

Joe K.

I am trying to access an AD from asp.net, I am getting the 'famous' "The
specified domain either does not exist or could not be contacted"
exception
with a HR = 0x08007054b

the code (C# .Net) is as follows:

DirectoryEntry rootEntry = new DirectoryEntry("LDAP://RootDSE");
string contextPath =
rootEntry.Properties["defaultNamingContext"].Value.ToString();
rootEntry.Dispose();
DirectoryEntry contextEntry = new DirectoryEntry("LDAP://" + contextPath);

I know this code works and as far as I know I should be able to
access\query
the root but it fails. So is it a permissions issue with asp.net or the
domain configuration.


Cheers

Ollie Riches
http://www.phoneanalyser.net

Disclaimer: Opinions expressed in this forum are my own, and not
representative of my employer.
I do not answer questions on behalf of my employer. I'm just a programmer
helping programmers.

 

[Buddy Ackerman]

I was having a similar problem so I tried passing the username and password of the domain administrator account when
creating the DirectoryEntry object and it still failed. Then I tried setting the impersonation in the web.config file
to impersonate the domain adminstrator account and that failed as well. I could only get it to work by passing the
server name of the DC in the LDAP path string. I don't understand why.



--Buddy

The issue is probably serverless binding (not putting a server name in your
binding string). That only works if your current thread is running under a
domain account.

Trying putting the DNS name of a domain controller in there
(LDAP://server.com/RootDSE) and see if that fixes it. If so, that's your
problem.

http://support.microsoft.com/default.aspx?scid=kb;en-us;329986

Joe K.

I am trying to access an AD from asp.net, I am getting the 'famous' "The
specified domain either does not exist or could not be contacted"
exception
with a HR = 0x08007054b

the code (C# .Net) is as follows:

DirectoryEntry rootEntry = new DirectoryEntry("LDAP://RootDSE");
string contextPath =
rootEntry.Properties["defaultNamingContext"].Value.ToString();
rootEntry.Dispose();
DirectoryEntry contextEntry = new DirectoryEntry("LDAP://" + contextPath);

I know this code works and as far as I know I should be able to
access\query
the root but it fails. So is it a permissions issue with asp.net or the
domain configuration.


Cheers

Ollie Riches
http://www.phoneanalyser.net

Disclaimer: Opinions expressed in this forum are my own, and not
representative of my employer.
I do not answer questions on behalf of my employer. I'm just a programmer
helping programmers.

 

[Joe Kaplan \(MVP - ADSI\)]

Without seeing an example of what you tried and knowing the exact error, it
is hard to know exactly what went wrong.

However, you generally have to provide a server name if your current thread
is not running under a domain account. Serverless binding uses information
about the current security context to locate a domain controller for you and
connect to it. Typically, you would have a domain account on the current
thread if you were impersonating the domain administrator, so that should
have worked. What went wrong there?

Joe K.

 

[Buddy Ackerman]

If I try and do this:

Dim objDE As DirectoryEntry
Dim myDE As DirectoryEntry
objDE = New DirectoryEntry("LDAP://RootDSE")
myDE = New DirectoryEntry("LDAP://" & CStr(objDE.Properties("defaultNamingContext").Value) & "/cn=Users")

With the following entry in my web.config:

<identity impersonate="true" userName="administrator" password="mypassword"/>

I get the error "The specified domain either does not exist or could not be contacted", on the line where I instantiate
the myDE object. I would have expected this to work but I walways have to include the server name in the path. This works:

Dim objDE As DirectoryEntry
Dim myDE As DirectoryEntry
objDE = New DirectoryEntry("LDAP://myDC/RootDSE")
myDE = New DirectoryEntry("LDAP://myDC/" & CStr(objDE.Properties("defaultNamingContext").Value) & "/cn=Users")




--Buddy

 

[Joe Kaplan \(MVP - ADSI\)]

<identity impersonate="true" userName="administrator"
password="mypassword"/>


Is administator here the domain admin for the domain or a local admin? If
it is local, then that is the same problem as before.

Another useful technique is to check the value of
System.Security.Principal.WindowsIdentity.GetCurrent().Name to see what the
current thread is executing as.

Joe K.