By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
448,537 Members | 881 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 448,537 IT Pros & Developers. It's quick & easy.

Q; Accessing AD in ASP.Net

P: n/a
Accessing AD in ASP.Net
1. It sees I can I access Active Directory catalog from asp.net, is the
version of AD important for this?
2. Do I need to have a domain user for that or IIS will be accessing it?
3. If I need to create a domain user, doe sit have to be domain admin?
4. How can I restrict this user’s access only for read for only AD access?

Jul 12 '08 #1
Share this Question
Share on Google+
2 Replies


P: n/a
On Jul 12, 2:50*am, JIM.H. <J...@discussions.microsoft.comwrote:
Accessing AD in ASP.Net
1. * * *It sees I can I access Active Directory catalog from asp.net, is the
version of AD important for this?
2. * * *Do I need to have a domain user for that or IIS will be accessing it?
3. * * *If I need to create a domain user, doe sit have to be domain admin?
4. * * *How can I restrict this user’s access only for read for only AD access?
1. Active Directory must be compatible with your computer, I guess.
2. In most cases you would need to have a domain user.
3. No, you can delegate rights to create users in AD to non-domain
admins
4. In AD

I suggest you post in microsoft.public.windows.server.active_directory
or a similar, for more expert help with this, as it's something you'd
need to manage in AD rather than at the ASP.NET.

Also please check threads in microsoft.*public.*dotnet.*framework.*
aspnet.*security

Hope this helps
Jul 13 '08 #2

P: n/a
"JIM.H." <JI**@discussions.microsoft.comwrote in message
news:73**********************************@microsof t.com...
Accessing AD in ASP.Net
1. It sees I can I access Active Directory catalog from asp.net, is the
version of AD important for this?
Not usually. So long as you're using ASP.NET 3.5, you'll be able to query
all existing Active Directory catalogs...
2. Do I need to have a domain user for that or IIS will be accessing it?
Yes. The default account under which ASP.NET runs normally does not have
sufficient privilegs to be able to query Active Directory. However, any
domain user account usually does. You might want your web app to run under a
domain user account via impersonation, or just the subection which queries
AD - there are dozens of articles on the web about running ASP.NET under
different accounts to gain (temporary) access to more privileged
resources...
3. If I need to create a domain user, doe sit have to be domain admin?
Doesn't need to be a domain admin just to query Active Directory. However,
actions which involve writing to Active Directory usually require more
elevated privileges than come as standard with a domain user account.
Impossible to tell in your particular case without knowing how your network
security has been configured...
4. How can I restrict this user’s access only for read for only AD access?
Generally speaking, a domain user account will have read access to AD
only...

You might get a better response if you post in:
microsoft.public.adsi.general. Basically, anything Joe Kaplan tells you can
be taken as gospel...
--
Mark Rae
ASP.NET MVP
http://www.markrae.net

Jul 13 '08 #3

This discussion thread is closed

Replies have been disabled for this discussion.