Code works in Windows app. but not in ASP.Net

[Rolf Barbakken]

I get this error in the webbrowser:
"The specified domain either does not exist or could not be contacted"

The code for the procedure is:
Sub ListUsers(ByVal DOMAIN As String, ByVal OU As String)
Dim srch As System.DirectoryServices.DirectorySearcher
Dim result As System.DirectoryServices.SearchResult
Dim de, dir As System.DirectoryServices.DirectoryEntry

de = New System.DirectoryServices.DirectoryEntry("LDAP://" & DOMAIN
& "/" & OU)
srch = New System.DirectoryServices.DirectorySearcher(de)
srch.Filter = "(&(objectClass=user)(objectCategory=person))"

For Each result In srch.FindAll()
dir = result.GetDirectoryEntry
txtTest.Text = txtTest.Text &
dir.Properties("distinguishedName").Value & vbCrLf
Next
End Sub

I use the exact same code and the exact same call to the procedure in a test
Windows-app with no problems. So I am guessing some rights problem. Which
rights are needed and which user needs them?

Thanks.

 

[Joe Kaplan \(MVP - ADSI\)]

This depends a great deal on the actual value of the path you are using.
Can you show that?

Note also that since your code does not supply credentials to the
DirectoryEntry, you will be using the current security context in ASP.NET to
connect to AD. That will nearly always be different there than in a console
app, so different results are to be anticipated.

Joe K.

 

[Rolf Barbakken]

The following is the actual code, minus actual username and password,
obviously:

de = New
System.DirectoryServices.DirectoryEntry("LDAP://OU=admintest,DC=qutopia,DC=questus,DC=no")
de.Username = "qutopia\username"
de.Password = "userpassword"

I have tried replacing username with just "username", and tried reversing
the slash. I also tried specifying the entire domain name
"qutopia.questus.no\username" but I just get the following error:
"The specified domain either does not exist or could not be contacted"

I guessed that the context is a bit different for a Windows-app than a
webpage, but as the directoryentry have properties for both username and
password I thought I could get around that.

 

[Joe Kaplan \(MVP - ADSI\)]

This looks like a serverless binding problem. That requires a domain
security context to work, and you may not have that in ASP.NET. What if you
path looks like this:

LDAP://qutopia.questus.no/OU=admintest,DC=qutopia,DC=questus,DC=no

The username format you are using should be fine.

Joe K.

 

[Michael Wise]

Joe,

I was having the same problem with my intranet webserver, but adding
the fully qualified domain at the beginning of the LDAP path worked for
me.
This is not the first time I've benefitted from your freely given
advice. Thanks for taking time to help others!

-- Mike

 

[Joe Kaplan \(MVP - ADSI\)]

Glad to help! We have a book coming out in May called the .NET Developer's
Guide to Directory Services Programming that actually covers a lot of the
stuff we've learned over the years (including this stuff regarding
serverless binding and security contexts) that you might find useful if you
do LDAP programming in .NET and get stuck often.

I'm hopeful the community will find it useful. We'll also a have a web site
with all the code from the book (and probably other stuff as time
progresses) at www.directoryprogramming.net .

Joe K.