By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
438,867 Members | 1,981 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 438,867 IT Pros & Developers. It's quick & easy.

Querying AD using vb script from ASP page returns "An operations error occurred"

P: 8
Hi,

I am trying to query AD for sAMAccountName attribute for given email.
My code is as follows:
Expand|Select|Wrap|Line Numbers
  1.  
  2. Dim ldapSearchBaseDn,ldapSearchHost,ldapUser,ldapPwd    
  3.  
  4. ldapSearchBaseDn = "dc=test,dc=com"  ''"base dn"    
  5. ldapSearchHost = "IP of domain system"    
  6. ldapUser    = "domain\username"
  7. ldapPwd     = "password"
  8. email  = "test@testmail.com"
  9. Set oConn = Server.CreateObject("ADODB.Connection")
  10.  
  11. oConn.Provider = "ADSDSOObject"
  12. oConn.properties("User ID") = ldapUser
  13. oConn.properties("Password") = ldapPwd
  14. oConn.Properties("Encrypt Password") = true    
  15. oConn.Open "Ads Provider"  
  16.  
  17. Set rs = oConn.Execute("<LDAP://" & ldapSearchHost & "/" & ldapSearchBaseDn &">;" &_
  18.  "(&(objectClass=user)(mail=" & email & "));" &_
  19.   "sAMAccountName;subtree")    
  20.  
  21.  
When I am running the above code as vbs file, my code is running without any issue and returning sAMAccountName for given email.
But when I am running same query from ASP page, then I am getting following Error:
Error# -2147217865
Error Desc= An operations error occurred
Error Source - Active Directory

Please help me in solving the above issue. Its very urgent.

Thanks,
Anu
Jul 11 '11 #1
Share this Question
Share on Google+
6 Replies


jhardman
Expert 2.5K+
P: 3,405
The problem is probably that the iusr account doesn't have access to AD. When you run it from a .vbs file you are probably executing it yourself, so it runs under your username. Go into IIS and (if you dare) set the asp process to run under your user account instead of iusr. I bet that will fix the problem.

Jared
Jul 11 '11 #2

P: 8
Thanks for reply.
I am member of "domain Admin" group in AD.
I have to run this query without changing IIS settings.
I have tried the same in 2 different systems
1.Error "Table does not existss" if I run same query from asp page published in windows2003
2. "Operation error occured" if I run from windows2008 system

Does it make any difference? As I am getting different error when running in windows2003 system.
I had run same query successfully a long time back from windows2003 system.

Thanks,
Anu
Jul 11 '11 #3

jhardman
Expert 2.5K+
P: 3,405
The bottom line is there is nothing wrong with the script, the problem is the account the script uses when it executes. It does not run under your user credentials, it runs as a service account called "iusr_(computername)". That account doesn't usually have very many permissions, and it isn't a member of the AD.

I don't know of any way to do this without changing IIS settings. I guess you could try to add the iusr account to the domain, but I've never tried that, not sure if it can work. You could also try increasing iusr's permissions.

Jared
Jul 11 '11 #4

P: 8
Hi jhardman,

My website is published in IIS7.0 in windows2008 system.
The main IIS settings are:
Authentication - Anonymous
Authorization rules - allow all
.Net trust levels - full
The Application Pool settings are as below:
Managed Pipeline Mode - Integrated
Identity - LocalSystem
Load User Profile - false

Please advise ,What do I need to change in above settings to run my script?

Thanks,
Anu
Jul 12 '11 #5

jhardman
Expert 2.5K+
P: 3,405


go into IIS (type inetmgr into the run prompt)
select your server
double click on authentication
right click on "anonymous authentication"
select "edit" and you will see the above image
click on "set..." to change user

Let me know if this works.

Jared
Jul 14 '11 #6

P: 8
Hi Jared,

I need not to make any changes in IIS and I get solution with following script:
Expand|Select|Wrap|Line Numbers
  1. ldapSearchBaseDn =  "dc=abc,dc=com"     
  2. ldapSearchHost =  "AD IP"    
  3. ldapUser         = "AD User"
  4. ldapPwd         = "password"   
  5. email              = "abc@xyz.com"
  6.  
  7. strQuery = "<LDAP://"& ldapSearchHost & "/" & ldapSearchBaseDn &">;" &_
  8. "(&(objectCategory=user)(mail=" & email & "));" &_
  9. "samAccountName;" &_
  10. "subtree"
  11.  
  12. Const ADS_CHASE_REFERRALS_SUBORDINATE = &H20
  13.  
  14. 'Start the ADO connection
  15. Set oConnection1 = CreateObject("ADODB.Connection")
  16. Set objCommand = CreateObject("ADODB.Command")
  17. oConnection1.Provider = "ADsDSOObject"
  18. oConnection1.Properties("User ID") = user
  19. oConnection1.Properties("Password") = pwd
  20. oConnection1.Properties("Encrypt Password") = True
  21. oConnection1.Open "ADsDSOObject"
  22. objCommand.ActiveConnection = oConnection1objCommand.CommandText = strQuery
  23. objCommand.Properties("Cache Results") = False
  24. objCommand.Properties("Chase Referrals") = ADS_CHASE_REFERRALS_SUBORDINATE
  25.  
  26. Set rs = objCommand.Execute
  27. Set objCommand = nothing
  28.  
  29. If Err.Number = 0 then    
  30. if not rs.eof then
  31.     user = trim(rs("sAMAccountName").value)
  32. end if
  33. end if
  34.  

But now I have one more issue. I have created one file test.txt in c:\windows\temp folder. I am trying to read that file. But when i check for its existence, its returning me false i.e. file does not exists.
My code is as follows:
Expand|Select|Wrap|Line Numbers
  1. Dim fileName,fso
  2. ForReading = 1
  3. fileName="C:\WINDOWS\Temp\MacList.txt"
  4.  
  5. set fso=Server.createobject("scripting.FileSystemObject")
  6.  
  7. If fso.FileExists(fileName) then
  8.   //code to handle it
  9. else
  10.  //file not exists
  11. end if
  12.  
  13.  
and above code is returning that file does not exists.
Please help.

Thanks
Anu
Jul 19 '11 #7

Post your reply

Sign in to post your reply or Sign up for a free account.