asp create mailbox question

Discussion in 'ASP General' started by Michael, Jul 19, 2006.

  1. Michael

    Michael Guest

    Hello,

    I've created an ASP web page where users in our organization can create
    Active Directory computer accounts.

    The web page is running on a Server 2003 SP1 IIS 6 installation. The
    Exchange System Manager is running on the web server and Exchange SP2 has
    been installed. The IIS site is configured with Basic Authentication and
    users are prompted to enter their Active Directory credentials when
    connecting to the site.

    The web page uses ADSI code to create a user, and then CDO code to create
    the mailbox e.g.

    set oOU=GetObject(<LDAP string for OU>)
    set oUser=oOU.CreateUser("user",<CN for user>)
    ' set a bunch of attributes
    ' now create mailbox
    set oMailbox=oUser
    oMailbox.CreateMailbox <string representing MTA>

    Now, when I connect to this site using my domain admin credentials, it
    works. However, if a user connects to this site, after being prompted by
    IIS' basic authentication for AD credentials, the user account is
    successfully created in AD but upon reaching the "CreateMailbox" line, I get

    Microsoft VBScript runtime error '800a01b6'
    Object doesn't support this property or method

    Thinking that this was most likely a permissions issue, I took the .asp page
    containing the code and converted it to a .vbs file. Then, I logged in as the
    user account and used cscript to execute the .vbs file. Both the user account
    and the mailbox were created succesfully.

    I don't understand why the code runs under the context of a user account as
    a vbs script, but doesn't run as an ASP page unless the user is a domain
    admin. It's not permissions on AD or Exchange or the code wouldn't have run
    as a vbs script. What is different about running it as an ASP page?

    Thanks for any help you can provide me!

    Michael Gibbons
    Bellevue, WA
     
    Michael, Jul 19, 2006
    #1
    1. Advertising

  2. "Michael" <> wrote in message
    news:...
    > Hello,
    >
    > I've created an ASP web page where users in our organization can create
    > Active Directory computer accounts.
    >
    > The web page is running on a Server 2003 SP1 IIS 6 installation. The
    > Exchange System Manager is running on the web server and Exchange SP2 has
    > been installed. The IIS site is configured with Basic Authentication and
    > users are prompted to enter their Active Directory credentials when
    > connecting to the site.
    >
    > The web page uses ADSI code to create a user, and then CDO code to create
    > the mailbox e.g.
    >
    > set oOU=GetObject(<LDAP string for OU>)
    > set oUser=oOU.CreateUser("user",<CN for user>)
    > ' set a bunch of attributes
    > ' now create mailbox
    > set oMailbox=oUser
    > oMailbox.CreateMailbox <string representing MTA>
    >
    > Now, when I connect to this site using my domain admin credentials, it
    > works. However, if a user connects to this site, after being prompted by
    > IIS' basic authentication for AD credentials, the user account is
    > successfully created in AD but upon reaching the "CreateMailbox" line, I
    > get
    >
    > Microsoft VBScript runtime error '800a01b6'
    > Object doesn't support this property or method
    >
    > Thinking that this was most likely a permissions issue, I took the .asp
    > page
    > containing the code and converted it to a .vbs file. Then, I logged in as
    > the
    > user account and used cscript to execute the .vbs file. Both the user
    > account
    > and the mailbox were created succesfully.
    >
    > I don't understand why the code runs under the context of a user account
    > as
    > a vbs script, but doesn't run as an ASP page unless the user is a domain
    > admin. It's not permissions on AD or Exchange or the code wouldn't have
    > run
    > as a vbs script. What is different about running it as an ASP page?


    If you run it under IIS 6 the script is ran under the context of
    NetworkService account, this is an account with very limited rights, for
    instance, it is not allowed for this account, to utilize network resources.
    Since Exchange is 'a network resource' the Network Service account is
    'halted' as soon as you want to go over the borders of the Web Server!

    It would be best to configure IIS, the application pool to run under an
    account that has sufficient rights, or just to disable anonymous access.

    --
    compatible web farm Session replacement for Asp and Asp.Net
    http://www.nieropwebconsult.nl/asp_session_manager.htm

    > Thanks for any help you can provide me!
    >
    > Michael Gibbons
    > Bellevue, WA
    >
     
    Egbert Nierop \(MVP for IIS\), Jul 20, 2006
    #2
    1. Advertising

  3. Michael

    Michael Guest

    I'm going to answer my own question, because I contacted MS-Premier for
    support and got an answer.

    The answer was, that although .vbs scripts can contain CDOEXM calls like
    CreateMailbox, such a call in an ASP script is unsupported.

    I was advised to create a COM+ object that included the create mailbox
    functionality and call it from the ASP page.

    Instead, what I will probably do is have two separate scripts, one which is
    the existing ASP script that does everything but create the mailbox, and then
    run a scheduled task on the web server that is a VBS script that looks for
    accounts without mailboxes in a certain OU, creates the mailbox, and puts the
    account in a "Finished Account" OU.

    - Michael Gibbons

    "Egbert Nierop (MVP for IIS)" wrote:

    >
    > "Michael" <> wrote in message
    > news:...
    > > Hello,
    > >
    > > I've created an ASP web page where users in our organization can create
    > > Active Directory computer accounts.
    > >
    > > The web page is running on a Server 2003 SP1 IIS 6 installation. The
    > > Exchange System Manager is running on the web server and Exchange SP2 has
    > > been installed. The IIS site is configured with Basic Authentication and
    > > users are prompted to enter their Active Directory credentials when
    > > connecting to the site.
    > >
    > > The web page uses ADSI code to create a user, and then CDO code to create
    > > the mailbox e.g.
    > >
    > > set oOU=GetObject(<LDAP string for OU>)
    > > set oUser=oOU.CreateUser("user",<CN for user>)
    > > ' set a bunch of attributes
    > > ' now create mailbox
    > > set oMailbox=oUser
    > > oMailbox.CreateMailbox <string representing MTA>
    > >
    > > Now, when I connect to this site using my domain admin credentials, it
    > > works. However, if a user connects to this site, after being prompted by
    > > IIS' basic authentication for AD credentials, the user account is
    > > successfully created in AD but upon reaching the "CreateMailbox" line, I
    > > get
    > >
    > > Microsoft VBScript runtime error '800a01b6'
    > > Object doesn't support this property or method
    > >
    > > Thinking that this was most likely a permissions issue, I took the .asp
    > > page
    > > containing the code and converted it to a .vbs file. Then, I logged in as
    > > the
    > > user account and used cscript to execute the .vbs file. Both the user
    > > account
    > > and the mailbox were created succesfully.
    > >
    > > I don't understand why the code runs under the context of a user account
    > > as
    > > a vbs script, but doesn't run as an ASP page unless the user is a domain
    > > admin. It's not permissions on AD or Exchange or the code wouldn't have
    > > run
    > > as a vbs script. What is different about running it as an ASP page?

    >
    > If you run it under IIS 6 the script is ran under the context of
    > NetworkService account, this is an account with very limited rights, for
    > instance, it is not allowed for this account, to utilize network resources.
    > Since Exchange is 'a network resource' the Network Service account is
    > 'halted' as soon as you want to go over the borders of the Web Server!
    >
    > It would be best to configure IIS, the application pool to run under an
    > account that has sufficient rights, or just to disable anonymous access.
    >
    > --
    > compatible web farm Session replacement for Asp and Asp.Net
    > http://www.nieropwebconsult.nl/asp_session_manager.htm
    >
    > > Thanks for any help you can provide me!
    > >
    > > Michael Gibbons
    > > Bellevue, WA
    > >

    >
    >
     
    Michael, Jul 21, 2006
    #3
  4. "Michael" <> wrote in message
    news:...
    > I'm going to answer my own question, because I contacted MS-Premier for
    > support and got an answer.
    >
    > The answer was, that although .vbs scripts can contain CDOEXM calls like
    > CreateMailbox, such a call in an ASP script is unsupported.
    >
    > I was advised to create a COM+ object that included the create mailbox
    > functionality and call it from the ASP page.
    >
    > Instead, what I will probably do is have two separate scripts, one which
    > is
    > the existing ASP script that does everything but create the mailbox, and
    > then
    > run a scheduled task on the web server that is a VBS script that looks for
    > accounts without mailboxes in a certain OU, creates the mailbox, and puts
    > the
    > account in a "Finished Account" OU.
    >
    > - Michael Gibbons


    That's exactly the same reason, inside COM+, you can create a process that
    impersonates 'someone' with sufficient rights to use CDOEXM.

    In theory it can be done through ASP, but not on anonymous pages.
     
    Egbert Nierop \(MVP for IIS\), Jul 29, 2006
    #4
  5. Michael

    Suman Guest

    Heloo Mr. Egbert Nierop, Mr. Michael Gibbons,

    I am relatively new to .NET. I am trying to create a user in AD and a
    corresponding email account in the exchange server from an ASP.NET, C#
    application.

    -----------------------------
    I have the exact same problem wherein I am able to create a user but am
    unable to create a mailbox for the user. I "WAS" using exchange 2000.

    The error that I was getting is a class cast exception when I try to do
    this:

    DirectoryEntry user1 = new DirectoryEntry(path, username, password);
    IMailboxStore mailbox;
    //exception caused in the next line
    mailbox = (IMailboxStore)(user1.NativeObject);

    Exception Details: System.InvalidCastException: Specified cast is not
    valid.

    I have read that CDOEXM does not work in asp.net. Most of the
    discussions suggest using a COM object. I do not know how to deal with
    COM objects or how they work. I dont know if the above error is well
    before the execution needs the CDOEXM specific alteration or if its
    just someother error.
    -----------------------------

    Anyways, now I am at a stage where, I have a seperate domain setup just
    to test this application and that runs WIN 2003 and Exchange 2003 SP 2.


    I want to not be able to do the same here on the new domain.
    1) Create a user in AD and
    2) Create a corresponding Mailbox through a asp.net, C# application.

    I am able to do the first task. Could any of you provide some code for
    creating an email account through an asp.net application and show how
    the COM object would be implemented in C# and used from the asp.net
    application.

    OR
    I still have access to the previous environment. If something strikes
    you looking at the exception that I was getting in the previous domain
    and that can be fixed to create email accounts in the Exchange 2000,
    that should be fine too.

    I would be really thankful to you for any help provided. I have been
    trying to complete this project for a really long time now.

    Thanks a lot in advance.
    Suman

    "I was advised to create a COM+ object that included the create mailbox

    functionality and call it from the ASP page. "

    Egbert Nierop (MVP for IIS) wrote:
    > "Michael" <> wrote in message
    > news:...
    > > I'm going to answer my own question, because I contacted MS-Premier for
    > > support and got an answer.
    > >
    > > The answer was, that although .vbs scripts can contain CDOEXM calls like
    > > CreateMailbox, such a call in an ASP script is unsupported.
    > >
    > > I was advised to create a COM+ object that included the create mailbox
    > > functionality and call it from the ASP page.
    > >
    > > Instead, what I will probably do is have two separate scripts, one which
    > > is
    > > the existing ASP script that does everything but create the mailbox, and
    > > then
    > > run a scheduled task on the web server that is a VBS script that looks for
    > > accounts without mailboxes in a certain OU, creates the mailbox, and puts
    > > the
    > > account in a "Finished Account" OU.
    > >
    > > - Michael Gibbons

    >
    > That's exactly the same reason, inside COM+, you can create a process that
    > impersonates 'someone' with sufficient rights to use CDOEXM.
    >
    > In theory it can be done through ASP, but not on anonymous pages.
     
    Suman, Aug 15, 2006
    #5
  6. Michael

    Mike Brind Guest

    Suman wrote:
    > Heloo Mr. Egbert Nierop, Mr. Michael Gibbons,
    >
    > I am relatively new to .NET. I am trying to create a user in AD and a
    > corresponding email account in the exchange server from an ASP.NET, C#
    > application.


    Three things: first, this group covers classic ASP. Dotnet is a
    different technology and has it's own group:
    microsoft.public.dotnetframework.aspnet.

    Second, you shouldn't append your question to an existing thread. When
    you go to the other group, start a new thread for your question. That
    will make it easier for other people with the same issue as you to find
    your question and any answers when they search the archives.

    Finally, it is always advisable to read some of the threads in a group
    the first time you post to it. That way you can identify whether the
    group you have chosen really is the right one for your subject matter.

    --
    Mike Brind
     
    Mike Brind, Aug 15, 2006
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. David Stockwell

    [python] mailbox -- Question on usage

    David Stockwell, Jun 14, 2004, in forum: Python
    Replies:
    0
    Views:
    372
    David Stockwell
    Jun 14, 2004
  2. Replies:
    2
    Views:
    428
  3. Sandro
    Replies:
    1
    Views:
    1,545
    Daniel Pitts
    Nov 1, 2008
  4. SunSmile

    Create MailBox Exchange Server ASP.net

    SunSmile, Apr 2, 2008, in forum: ASP .Net Security
    Replies:
    1
    Views:
    819
    Aguardientico
    Apr 4, 2008
  5. Michael

    800a01b6 create mailbox asp

    Michael, Jul 18, 2006, in forum: ASP General
    Replies:
    2
    Views:
    293
    Michael
    Jul 18, 2006
Loading...

Share This Page