I am trying to access an AD from asp.net, I am getting the 'famous' "The
specified domain either does not exist or could not be contacted" exception
with a HR = 0x08007054b
the code (C# .Net) is as follows:
DirectoryEntry rootEntry = new DirectoryEntry("LDAP://RootDSE");
string contextPath =
rootEntry.Properties["defaultNamingContext"].Value.ToString();
rootEntry.Dispose();
DirectoryEntry contextEntry = new DirectoryEntry("LDAP://" + contextPath);
I know this code works and as far as I know I should be able to access\query
the root but it fails. So is it a permissions issue with asp.net or the
domain configuration.
Cheers
Ollie Riches http://www.phoneanalyser.net
Disclaimer: Opinions expressed in this forum are my own, and not
representative of my employer.
I do not answer questions on behalf of my employer. I'm just a programmer
helping programmers. 8  7605 
The issue is probably serverless binding (not putting a server name in your
binding string). That only works if your current thread is running under a
domain account.
Trying putting the DNS name of a domain controller in there
(LDAP://server.com/RootDSE) and see if that fixes it. If so, that's your
problem. http://support.microsoft.com/default...b;en-us;329986
Joe K.
"Ollie Riches" <ol**********@phoneanalser.net> wrote in message
news:eE****************@TK2MSFTNGP14.phx.gbl... I am trying to access an AD from asp.net, I am getting the 'famous' "The
specified domain either does not exist or could not be contacted"
exception
with a HR = 0x08007054b
the code (C# .Net) is as follows:
DirectoryEntry rootEntry = new DirectoryEntry("LDAP://RootDSE");
string contextPath =
rootEntry.Properties["defaultNamingContext"].Value.ToString();
rootEntry.Dispose();
DirectoryEntry contextEntry = new DirectoryEntry("LDAP://" + contextPath);
I know this code works and as far as I know I should be able to
access\query
the root but it fails. So is it a permissions issue with asp.net or the
domain configuration.
Cheers
Ollie Riches
http://www.phoneanalyser.net
Disclaimer: Opinions expressed in this forum are my own, and not
representative of my employer.
I do not answer questions on behalf of my employer. I'm just a programmer
helping programmers.
thanks Joe, I do some more searching and found another one of your posts
explaining this and it works for accessing the default context but when I
attempt to get the users name ('cn' property) it fails. the code is shown
below.
string currentUserName =
(((string)Context.User.Identity.Name).Split('\\'))[1];
string contextPath = "";
using(DirectoryEntry rootEntry = new
DirectoryEntry("LDAP://XXXXXX/RootDSE"))
{
contextPath = rootEntry.Properties["defaultNamingContext"].Value.ToString();
}
using(DirectoryEntry contextEntry = new DirectoryEntry("LDAP://" +
contextPath))
using(DirectorySearcher searcher = new DirectorySearcher())
{
searcher.SearchRoot = contextEntry;
searcher.Filter =
String.Format("(&(objectCategory=person)(samAccoun tName={0}))",
currentUserName);
searcher.PropertiesToLoad.Add("cn");
searcher.SearchScope = SearchScope.Subtree;
SearchResult result = searcher.FindOne();
return result.Properties["cn"][0].ToString();
}
When impersonation was used in asp.net then it all works perfectly fine as I
expected but using impersonation defeats what I am try to achieve.
"Joe Kaplan (MVP - ADSI)" <jo*************@removethis.accenture.com> wrote
in message news:#j**************@TK2MSFTNGP15.phx.gbl... The issue is probably serverless binding (not putting a server name in
your binding string). That only works if your current thread is running under
a domain account.
Trying putting the DNS name of a domain controller in there
(LDAP://server.com/RootDSE) and see if that fixes it. If so, that's your
problem.
http://support.microsoft.com/default...b;en-us;329986
Joe K.
"Ollie Riches" <ol**********@phoneanalser.net> wrote in message
news:eE****************@TK2MSFTNGP14.phx.gbl...I am trying to access an AD from asp.net, I am getting the 'famous' "The
specified domain either does not exist or could not be contacted"
exception
with a HR = 0x08007054b
the code (C# .Net) is as follows:
DirectoryEntry rootEntry = new DirectoryEntry("LDAP://RootDSE");
string contextPath =
rootEntry.Properties["defaultNamingContext"].Value.ToString();
rootEntry.Dispose();
DirectoryEntry contextEntry = new DirectoryEntry("LDAP://" +
contextPath);
I know this code works and as far as I know I should be able to
access\query
the root but it fails. So is it a permissions issue with asp.net or the
domain configuration.
Cheers
Ollie Riches
http://www.phoneanalyser.net
Disclaimer: Opinions expressed in this forum are my own, and not
representative of my employer.
I do not answer questions on behalf of my employer. I'm just a
programmer helping programmers.
Along the lines of the rest of the article that I sent in my last message,
you may need to provide credentials in your DirectoryEntry as well as a
server name.
Credentials and a DC to talk to are the two things that ADSI picks up from
the Windows security context and will supply automatically if you don't
specify them directly. However, if you don't specify them and your security
context isn't a domain account, then those will both fail.
What is likely happening is that you are being authenticated as the
anonymous user in AD and don't have any permissions to see any objects.
Joe K.
"Ollie Riches" <ol**********@phoneanalser.net> wrote in message
news:uz**************@TK2MSFTNGP15.phx.gbl... thanks Joe, I do some more searching and found another one of your posts
explaining this and it works for accessing the default context but when I
attempt to get the users name ('cn' property) it fails. the code is shown
below.
string currentUserName =
(((string)Context.User.Identity.Name).Split('\\'))[1];
string contextPath = "";
using(DirectoryEntry rootEntry = new
DirectoryEntry("LDAP://XXXXXX/RootDSE"))
{
contextPath =
rootEntry.Properties["defaultNamingContext"].Value.ToString();
}
using(DirectoryEntry contextEntry = new DirectoryEntry("LDAP://" +
contextPath))
using(DirectorySearcher searcher = new DirectorySearcher())
{
searcher.SearchRoot = contextEntry;
searcher.Filter =
String.Format("(&(objectCategory=person)(samAccoun tName={0}))",
currentUserName);
searcher.PropertiesToLoad.Add("cn");
searcher.SearchScope = SearchScope.Subtree;
SearchResult result = searcher.FindOne();
return result.Properties["cn"][0].ToString();
}
When impersonation was used in asp.net then it all works perfectly fine as
I
expected but using impersonation defeats what I am try to achieve.
"Joe Kaplan (MVP - ADSI)" <jo*************@removethis.accenture.com> wrote
in message news:#j**************@TK2MSFTNGP15.phx.gbl... The issue is probably serverless binding (not putting a server name in
your binding string). That only works if your current thread is running under
a domain account.
Trying putting the DNS name of a domain controller in there
(LDAP://server.com/RootDSE) and see if that fixes it. If so, that's your
problem.
http://support.microsoft.com/default...b;en-us;329986
Joe K.
"Ollie Riches" <ol**********@phoneanalser.net> wrote in message
news:eE****************@TK2MSFTNGP14.phx.gbl... >I am trying to access an AD from asp.net, I am getting the 'famous' "The
> specified domain either does not exist or could not be contacted"
> exception
> with a HR = 0x08007054b
>
> the code (C# .Net) is as follows:
>
> DirectoryEntry rootEntry = new DirectoryEntry("LDAP://RootDSE");
> string contextPath =
> rootEntry.Properties["defaultNamingContext"].Value.ToString();
> rootEntry.Dispose();
> DirectoryEntry contextEntry = new DirectoryEntry("LDAP://" + contextPath); >
> I know this code works and as far as I know I should be able to
> access\query
> the root but it fails. So is it a permissions issue with asp.net or the
> domain configuration.
>
>
> Cheers
>
> Ollie Riches
> http://www.phoneanalyser.net
>
> Disclaimer: Opinions expressed in this forum are my own, and not
> representative of my employer.
> I do not answer questions on behalf of my employer. I'm just a programmer > helping programmers.
>
>
thanks for the info Joe. It was the fact that we were authenticating as
anonymous user and when we set impersonation true for the aspx page then it
all work fine
Cheers
Ollie Riches
"Joe Kaplan (MVP - ADSI)" <jo*************@removethis.accenture.com> wrote
in message news:ey**************@tk2msftngp13.phx.gbl... Along the lines of the rest of the article that I sent in my last message,
you may need to provide credentials in your DirectoryEntry as well as a
server name.
Credentials and a DC to talk to are the two things that ADSI picks up from
the Windows security context and will supply automatically if you don't
specify them directly. However, if you don't specify them and your
security context isn't a domain account, then those will both fail.
What is likely happening is that you are being authenticated as the
anonymous user in AD and don't have any permissions to see any objects.
Joe K.
"Ollie Riches" <ol**********@phoneanalser.net> wrote in message
news:uz**************@TK2MSFTNGP15.phx.gbl... thanks Joe, I do some more searching and found another one of your posts
explaining this and it works for accessing the default context but when
I attempt to get the users name ('cn' property) it fails. the code is
shown below.
string currentUserName =
(((string)Context.User.Identity.Name).Split('\\'))[1];
string contextPath = "";
using(DirectoryEntry rootEntry = new
DirectoryEntry("LDAP://XXXXXX/RootDSE"))
{
contextPath =
rootEntry.Properties["defaultNamingContext"].Value.ToString();
}
using(DirectoryEntry contextEntry = new DirectoryEntry("LDAP://" +
contextPath))
using(DirectorySearcher searcher = new DirectorySearcher())
{
searcher.SearchRoot = contextEntry;
searcher.Filter =
String.Format("(&(objectCategory=person)(samAccoun tName={0}))",
currentUserName);
searcher.PropertiesToLoad.Add("cn");
searcher.SearchScope = SearchScope.Subtree;
SearchResult result = searcher.FindOne();
return result.Properties["cn"][0].ToString();
}
When impersonation was used in asp.net then it all works perfectly fine
as I
expected but using impersonation defeats what I am try to achieve.
"Joe Kaplan (MVP - ADSI)" <jo*************@removethis.accenture.com>
wrote in message news:#j**************@TK2MSFTNGP15.phx.gbl... The issue is probably serverless binding (not putting a server name in
your binding string). That only works if your current thread is running
under a domain account.
Trying putting the DNS name of a domain controller in there
(LDAP://server.com/RootDSE) and see if that fixes it. If so, that's
your problem.
http://support.microsoft.com/default...b;en-us;329986
Joe K.
"Ollie Riches" <ol**********@phoneanalser.net> wrote in message
news:eE****************@TK2MSFTNGP14.phx.gbl...
>I am trying to access an AD from asp.net, I am getting the 'famous'
"The > specified domain either does not exist or could not be contacted"
> exception
> with a HR = 0x08007054b
>
> the code (C# .Net) is as follows:
>
> DirectoryEntry rootEntry = new DirectoryEntry("LDAP://RootDSE");
> string contextPath =
> rootEntry.Properties["defaultNamingContext"].Value.ToString();
> rootEntry.Dispose();
> DirectoryEntry contextEntry = new DirectoryEntry("LDAP://" +
contextPath); >
> I know this code works and as far as I know I should be able to
> access\query
> the root but it fails. So is it a permissions issue with asp.net or
the > domain configuration.
>
>
> Cheers
>
> Ollie Riches
> http://www.phoneanalyser.net
>
> Disclaimer: Opinions expressed in this forum are my own, and not
> representative of my employer.
> I do not answer questions on behalf of my employer. I'm just a
programmer > helping programmers.
>
>
I was having a similar problem so I tried passing the username and password of the domain administrator account when
creating the DirectoryEntry object and it still failed. Then I tried setting the impersonation in the web.config file
to impersonate the domain adminstrator account and that failed as well. I could only get it to work by passing the
server name of the DC in the LDAP path string. I don't understand why.
--Buddy
Joe Kaplan (MVP - ADSI) wrote: The issue is probably serverless binding (not putting a server name in your
binding string). That only works if your current thread is running under a
domain account.
Trying putting the DNS name of a domain controller in there
(LDAP://server.com/RootDSE) and see if that fixes it. If so, that's your
problem.
http://support.microsoft.com/default...b;en-us;329986
Joe K.
"Ollie Riches" <ol**********@phoneanalser.net> wrote in message
news:eE****************@TK2MSFTNGP14.phx.gbl...
I am trying to access an AD from asp.net, I am getting the 'famous' "The
specified domain either does not exist or could not be contacted"
exception
with a HR = 0x08007054b
the code (C# .Net) is as follows:
DirectoryEntry rootEntry = new DirectoryEntry("LDAP://RootDSE");
string contextPath =
rootEntry.Properties["defaultNamingContext"].Value.ToString();
rootEntry.Dispose();
DirectoryEntry contextEntry = new DirectoryEntry("LDAP://" + contextPath);
I know this code works and as far as I know I should be able to
access\query
the root but it fails. So is it a permissions issue with asp.net or the
domain configuration.
Cheers
Ollie Riches
http://www.phoneanalyser.net
Disclaimer: Opinions expressed in this forum are my own, and not
representative of my employer.
I do not answer questions on behalf of my employer. I'm just a programmer
helping programmers.
Without seeing an example of what you tried and knowing the exact error, it
is hard to know exactly what went wrong.
However, you generally have to provide a server name if your current thread
is not running under a domain account. Serverless binding uses information
about the current security context to locate a domain controller for you and
connect to it. Typically, you would have a domain account on the current
thread if you were impersonating the domain administrator, so that should
have worked. What went wrong there?
Joe K.
"Buddy Ackerman" <bu**********@buddyackerman.com> wrote in message
news:OH****************@TK2MSFTNGP12.phx.gbl... I was having a similar problem so I tried passing the username and password
of the domain administrator account when creating the DirectoryEntry object
and it still failed. Then I tried setting the impersonation in the
web.config file to impersonate the domain adminstrator account and that
failed as well. I could only get it to work by passing the server name of
the DC in the LDAP path string. I don't understand why.
--Buddy
<identity impersonate="true" userName="administrator"
password="mypassword"/>
Is administator here the domain admin for the domain or a local admin? If
it is local, then that is the same problem as before.
Another useful technique is to check the value of
System.Security.Principal.WindowsIdentity.GetCurre nt().Name to see what the
current thread is executing as.
Joe K.
"Buddy Ackerman" <bu**********@buddyackerman.com> wrote in message
news:uV**************@TK2MSFTNGP09.phx.gbl... If I try and do this:
Dim objDE As DirectoryEntry
Dim myDE As DirectoryEntry
objDE = New DirectoryEntry("LDAP://RootDSE")
myDE = New DirectoryEntry("LDAP://" &
CStr(objDE.Properties("defaultNamingContext").Valu e) & "/cn=Users")
With the following entry in my web.config:
<identity impersonate="true" userName="administrator"
password="mypassword"/>
I get the error "The specified domain either does not exist or could not
be contacted", on the line where I instantiate the myDE object. I would
have expected this to work but I walways have to include the server name
in the path. This works:
Dim objDE As DirectoryEntry
Dim myDE As DirectoryEntry
objDE = New DirectoryEntry("LDAP://myDC/RootDSE")
myDE = New DirectoryEntry("LDAP://myDC/" &
CStr(objDE.Properties("defaultNamingContext").Valu e) & "/cn=Users")
--Buddy
Joe Kaplan (MVP - ADSI) wrote: Without seeing an example of what you tried and knowing the exact error,
it is hard to know exactly what went wrong.
However, you generally have to provide a server name if your current
thread is not running under a domain account. Serverless binding uses
information about the current security context to locate a domain
controller for you and connect to it. Typically, you would have a domain
account on the current thread if you were impersonating the domain
administrator, so that should have worked. What went wrong there?
Joe K.
"Buddy Ackerman" <bu**********@buddyackerman.com> wrote in message
news:OH****************@TK2MSFTNGP12.phx.gbl...
I was having a similar problem so I tried passing the username and
password of the domain administrator account when creating the
DirectoryEntry object and it still failed. Then I tried setting the
impersonation in the web.config file to impersonate the domain
adminstrator account and that failed as well. I could only get it to
work by passing the server name of the DC in the LDAP path string. I
don't understand why.
--Buddy
I am trying to change the Active Directory password using C#. However, it seems to me it does not really works. I wonder what is wrong with my code. Hope somone can help me and thanks a lot. Below is my code :
try
{
string dcDNS = "mypsptestdev"; //use this if you want to supply a server name
DirectoryEntry userEntry = null;
string currentUserName = (((string)Context.User.Identity.Name).Split('\\')) [1];
DirectoryEntry rootDSE = new DirectoryEntry(String.Format("LDAP://{0}/rootDSE", dcDNS), "_aduser", "TESTsql@dm1n", AuthenticationTypes.Secure);
string rootDN = rootDSE.Properties["defaultNamingContext"].Value.ToString();
DirectoryEntry searchRoot = new DirectoryEntry(String.Format("LDAP://{0}/{1}", dcDNS, rootDN), "_aduser", "TESTsql@dm1n", AuthenticationTypes.Secure);
DirectorySearcher searcher = new DirectorySearcher(searchRoot);
searcher.Filter = String.Format("samAccountName={0}", "_aduser");
searcher.SearchScope = SearchScope.Subtree;
SearchResultCollection results = searcher.FindAll();
foreach (SearchResult result in results)
{
userEntry = result.GetDirectoryEntry();
break;
}
if (userEntry == null)
{
throw new InvalidOperationException("User not found in this domain.");
}
userEntry.Invoke("ChangePassword", new object[]{"TESTsql@dm1n", "sql@dm1n"});
userEntry.CommitChanges();
}
catch (System.Reflection.TargetInvocationException ex)
{
Response.Write("msg1 = " + ex.ToString() + "<br>");
Response.Write("msg2 = " + ex.InnerException.ToString());
}
And this is the error i got :
System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.Runtime.InteropServices.COMException (0x8007202F): A constraint violation occurred. --- End of inner exception stack trace --- at System.RuntimeType.InvokeDispMethod(String name, BindingFlags invokeAttr, Object target, Object[] args, Boolean[] byrefModifiers, Int32 culture, String[] namedParameters) at System.RuntimeType.InvokeMember(String name, BindingFlags invokeAttr, Binder binder, Object target, Object[] args, ParameterModifier[] modifiers, CultureInfo culture, String[] namedParameters) at System.Type.InvokeMember(String name, BindingFlags invokeAttr, Binder binder, Object target, Object[] args) at System.DirectoryServices.DirectoryEntry.Invoke(Str ing methodName, Object[] args) at AdminChangePasswd.test.ChangePassword1() in c:\portal administration\adminchangepasswd\test.aspx.cs:line 246
System.Runtime.InteropServices.COMException (0x8007202F): A constraint violation occurred.
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Luigi |
last post by:
I would know what "criteria" is used in box positioning with the
position property.
Here my tries (using IE and Opera):
I have a box with an absolute positioning (properties used: position,...
|
by: MGFoster |
last post by:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I've converted an ACC97 .mdb file to an ACC2K2 .adp. A report that
worked in ACC97 doesn't work in ACC2K2.
Report setup:
ACC97 ...
|
by: C# Learner |
last post by:
How can I achieve something like the following?
private void label_Click(object sender, System.EventArgs e)
{
Label label = (Label)sender;
int number = (int)label.Tag;
}
The second line...
|
by: Kitchen Bin |
last post by:
HELP PLEASE!! The C# Visual Studio IDE is failing to load an
inherited form into the IDE from a base form when I add items to an
array property of a user control on the base form. That sounds...
|
by: sklett |
last post by:
I just found myself doing something I haven't before:
<code>
public uint Duration
{
get
{
uint duration = 0;
foreach(Thing t in m_things)
{
duration += t.Duration;
|
by: Sek |
last post by:
Gurus,
I am wondering whether it is right to throw an exception from a
Property of an object.
To get into it further, is it okay to throw exception during 'get'
operation?
I was searching...
|
by: David Greenberg |
last post by:
Hello
I am running a DTS (Sql 2000) and transfering data from an SqlServer
database to an Ingres database.
I am transfering 153k rows.
Execution fails with the error message:
"The number of...
|
by: Gregor Horvath |
last post by:
Hi,
why is this code failing?
class B(object):
pass
B.testattr = property(lambda s:"hallo")
b = B()
b.testattr = "test"
|
by: David Moss |
last post by:
Hi,
I want to manage and control access to several important attributes in
a class and override the behaviour of some of them in various
subclasses.
Below is a stripped version of how I've...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
| |
