authentication issue

[Doug Partridge]

Hi, I have been stuck on something for a few days ... I
have some code that is working on a domain controller but
not a member server (running on a DC is not an option, so
I must get it to work on the member server). I figured no
problem, I will just provide domain user credentials in my
code .... well, it has not been so easy. I run into one
of two problems, when I don't provide credentials (when
running on the member server) I get:

Provider (0x80004005)
Unspecified error

when I do provide credentials, I get:

Provider (0x80040E09)
Permission denied.

Can someone tell what I am doing wrong ... or perhaps show
me another way to do this? Thanks in advance.

- doug

---------------------------------------
<%

sUserAccountName = "user10"

Dim oRootDSE
Set oRootDSE = GetObject ("LDAP://rootDSE")
sADsPath = oRootDSE.Get("defaultNamingContext")
Set oRootDSE = Nothing

<!--END CALLOUT A-->


<!--BEGIN CALLOUT B-->

Dim oConnection, oCommand, oRecordSet
Set oConnection = CreateObject("ADODB.Connection")
oConnection.Provider = "ADsDSOObject"
'oConnection.Properties("User ID") = "user1"
'oConnection.Properties("Password") = "pass"
'oConnection.Properties("Encrypt Password") = True

oConnection.Open "Active Directory Provider"
Set oCommand = CreateObject("ADODB.Command")
Set oCommand.ActiveConnection = oConnection
oCommand.CommandText = _
"SELECT samAccountName,mail,displayname,userprincipalname
FROM 'LDAP://" & _
sADsPath & "'" & "WHERE samAccountName ='" & _
sUserAccountName & "' AND objectCategory='Person'"

Set oRecordSet = oCommand.Execute
If not oRecordSet.EOF Then
Response.Write oRecordSet.Fields("mail") & "<BR><BR>"
Response.Write oRecordSet.Fields("userprincipalname") &
"<BR><BR>"
Response.Write oRecordSet.Fields("displayname") & "<BR><BR>"
End If
oConnection.Close
Set oConnection=Nothing
Set oCommand=Nothing
Set oRecordSet=Nothing



%>

 

[Egbert Nierop \(MVP for IIS\)]

Hi, I have been stuck on something for a few days ... I
have some code that is working on a domain controller but
not a member server (running on a DC is not an option, so
I must get it to work on the member server). I figured no
problem, I will just provide domain user credentials in my
code .... well, it has not been so easy. I run into one
of two problems, when I don't provide credentials (when
running on the member server) I get:

Provider (0x80004005)
Unspecified error

when I do provide credentials, I get:

Provider (0x80040E09)
Permission denied.

You should make sure that your IWAM and your IUSR account have sufficient
privilige to access the active directory. Since these accounts default to
the local accounts database, they have not been granted access to the LDAP
database. So this requires resetting the IWAM & IUSR account
You can change them using the scripts in \inetpub\adminscripts\adsutil.vbs

An other, less efficient trick is to authenticate in code and not to use
anonymous LDAP connections...

 

[Doug Partridge]

Egbert,

Thanks for responding. I will look into the ADSUTIL option. You mentioned
that a less efficient option is authenticating via the code. I was
attempting to do this but could never successfully run the code. I would
like to know how to do this, or at least what I was doing incorrectly. Do
you have a code sample that might help (or show me using the code I
submitted in my original post)? Thanks, Doug