Trouble Accessing Active Dirctory Domain Controller

W

webbertsolutions

I am having troubles accessing a different Domain Controller than the one
I am currently in. Any help would be appreciated.

Dave

=================================================

Access DC_1 Access DC_2
Machine_1 in Domain_1 Works Exception
Machine_2 in Domain_2 Exception Works


The Exception is the same for both:
ex.Message -> "[exception] Error occurred while retrieving Active Directory display name (displayname)."
ex.InnerException -> "Handling of this ADSVALUE type is not yet implemented (type = 0xb)."



AdminID Password
=======================
DC_1 Unknown Unknown
DC_2 known known



Code -- Use UserID and Password If known
=================================================

string ldapAdminID = ConfigurationSettings.AppSettings["User"];
string ldapAdminPwd = ConfigurationSettings.AppSettings["Pwd"];
AuthenticationTypes AD_TYPE = AuthenticationTypes.Secure;

if ((ldapAdminID == null) || (ldapAdminID.Trim().Equals(String.Empty)))
entry = new DirectoryEntry(path);
else
entry = new DirectoryEntry(path, ldapAdminID, ldapAdminPwd, AD_TYPE);


DirectorySearcher searcher = new DirectorySearcher( entry );
searcher.Filter = String.Format( AD_SEARCH_EXPRESSION, m_LogonID );

searcher.PropertiesToLoad.AddRange(
new string[] { displayNamePropertyName, groupsPropertyName } );

SearchResult result = searcher.FindOne();
if ( result != null )
{
// THIS LINE THROWS AN EXCEPTION
displayName = result.Properties["displayname"][0].ToString();

// ex.Message -> "[exception] Error occurred while retrieving Active Directory display name (displayname)."
// ex.InnerException -> "Handling of this ADSVALUE type is not yet implemented (type = 0xb)."
}




Using the watch window, these are the values of the SearchResult
========================================================================
result.Properties.Hashtable.KeyCollection._hashtable
["adspath"]
["displayname"]

result.Properties["adspath"]
Item -> <cannot view indexed property>
System.Collections.ICollection.ReadOnlyCollectionBase
list {Count=0x1}
list[0] -> "LDAP://aaaa/CN=bbbbb,CN=Users,DC=aaaa,DC=com"


result.Properties["displayname"]
Item -> <cannot view indexed property>
System.Collections.ICollection.ReadOnlyCollectionBase
list {Count=0x1}
list[0] -> {System.NotImplementedException}
System.SystemException -> {"Handling of this ADSVALUE type is not yet implemented (type = 0xb)."}
 
M

Marc Scheuner [MVP ADSI]

SearchResult result = searcher.FindOne();
if ( result != null )
{
// THIS LINE THROWS AN EXCEPTION
displayName = result.Properties["displayname"][0].ToString();
Click to expand...

Yes, this line will throw an exception if the "displayName" property
does not contain any value.

In that case, result.Properties["displayName"] will return a NULL
value, and indexing that with a [0] and then applying a .ToString()
method will NOT WORK.

So you GOTTA CHECK FOR NULL ! :)

SearchResult result = searcher.FindOne();
if ( result != null )
{
if(result.Properties.Contains("displayName"))
{
displayName = result.Properties["displayname"][0].ToString();
}
}

Then you should be fine. "displayName" is an optional property -
there's no guarantee that it will actually contain a value.

Marc

================================================================
Marc Scheuner May The Source Be With You!
Berne, Switzerland m.scheuner -at- inova.ch
 
W

webbertsolutions

Granted, I should have a try block.

THIS, HOWEVER, IS NOT THE ROOT PROBLEM.

Using the same exact code, If
Machine_A can extract information from Domain_1
Machine_B can extract information from Domain_2

Why can't Machine_A extract information from Domain_2

THIS IS THE REAL PROBLEM.

Cheers,
Dave


SearchResult result = searcher.FindOne();
if ( result != null )
{
// THIS LINE THROWS AN EXCEPTION
displayName = result.Properties["displayname"][0].ToString();
Click to expand...

Yes, this line will throw an exception if the "displayName" property
does not contain any value.

In that case, result.Properties["displayName"] will return a NULL
value, and indexing that with a [0] and then applying a .ToString()
method will NOT WORK.

So you GOTTA CHECK FOR NULL ! :)

SearchResult result = searcher.FindOne();
if ( result != null )
{
if(result.Properties.Contains("displayName"))
{
displayName = result.Properties["displayname"][0].ToString();
}
}

Then you should be fine. "displayName" is an optional property -
there's no guarantee that it will actually contain a value.

Marc

================================================================
Marc Scheuner May The Source Be With You!
Berne, Switzerland m.scheuner -at- inova.ch
Click to expand...
 
M

Marc Scheuner [MVP ADSI]

Using the same exact code, If
Machine_A can extract information from Domain_1
Machine_B can extract information from Domain_2

Why can't Machine_A extract information from Domain_2
Click to expand...

Are you sure you have the right domain trusts in place? Sounds a bit
like a permissions issue..... (since only the "cross-domain" calls
seem to fail)

Marc

================================================================
Marc Scheuner May The Source Be With You!
Berne, Switzerland m.scheuner -at- inova.ch
 
W

webbertsolutions

I'm not sure about the domain trusts. I didn't set either up.

What would I ask my admin about?
Why would trust be important if I have the admin id/pwd for the
dev dc?

Thanks,
Dave
 
M

Marc Scheuner [MVP ADSI]

I'm not sure about the domain trusts. I didn't set either up.
What would I ask my admin about?
Click to expand...

If there is a trust between the two domains, and if it's a full trust,
and if it's a two-way trust (e.g. if Domain A trusts Domain B and
vice-versa, or just a one-way trust).
Why would trust be important if I have the admin id/pwd for the
dev dc?
Click to expand...

When doing cross-domain searcher and stuff, you need to have full
two-way trust set up, to get any decent results. Your admin id/pwd
might work in one domain, but then you'd only have access to that one
domain (where you're currently logged on) - you can't log on to
multiple domains in a DirectorySearcher, and thus, you need trusts.

Marc

================================================================
Marc Scheuner May The Source Be With You!
Berne, Switzerland m.scheuner -at- inova.ch
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Accessing objects in active directory via asp.net 1
How to fetch attributes of LDAP entry? 3
How to get memberOf groups for a user in ldap ? 1
Determining the Password Age from Active Directory 0
Windows Authentication through Active Directory 8
AD w/ LDAP 2
LDAP lookup: fails on remote computers -- Please help 3
Help! I can't connect to Active Directory! 1

Top