Trouble Accessing Active Directory Domain Controller

W

webbertsolutions

I am having troubles accessing a different Domain Controller than the one
I am currently in. Any help would be appreciated.

Dave

=================================================

Access DC_1 Access DC_2
Machine_1 in Domain_1 Works Exception
Machine_2 in Domain_2 Exception Works


The Exception is the same for both:
ex.Message -> "[exception] Error occurred while retrieving Active Directory display name (displayname)."
ex.InnerException -> "Handling of this ADSVALUE type is not yet implemented (type = 0xb)."



AdminID Password
=======================
DC_1 Unknown Unknown
DC_2 known known



Code -- Use UserID and Password If known
=================================================

string ldapAdminID = ConfigurationSettings.AppSettings["User"];
string ldapAdminPwd = ConfigurationSettings.AppSettings["Pwd"];
AuthenticationTypes AD_TYPE = AuthenticationTypes.Secure;

if ((ldapAdminID == null) || (ldapAdminID.Trim().Equals(String.Empty)))
entry = new DirectoryEntry(path);
else
entry = new DirectoryEntry(path, ldapAdminID, ldapAdminPwd, AD_TYPE);


DirectorySearcher searcher = new DirectorySearcher( entry );
searcher.Filter = String.Format( AD_SEARCH_EXPRESSION, m_LogonID );

searcher.PropertiesToLoad.AddRange(
new string[] { displayNamePropertyName, groupsPropertyName } );

SearchResult result = searcher.FindOne();
if ( result != null )
{
// THIS LINE THROWS AN EXCEPTION
displayName = result.Properties["displayname"][0].ToString();

// ex.Message -> "[exception] Error occurred while retrieving Active Directory display name (displayname)."
// ex.InnerException -> "Handling of this ADSVALUE type is not yet implemented (type = 0xb)."
}




Using the watch window, these are the values of the SearchResult
========================================================================
result.Properties.Hashtable.KeyCollection._hashtable
["adspath"]
["displayname"]

result.Properties["adspath"]
Item -> <cannot view indexed property>
System.Collections.ICollection.ReadOnlyCollectionBase
list {Count=0x1}
list[0] -> "LDAP://aaaa/CN=bbbbb,CN=Users,DC=aaaa,DC=com"


result.Properties["displayname"]
Item -> <cannot view indexed property>
System.Collections.ICollection.ReadOnlyCollectionBase
list {Count=0x1}
list[0] -> {System.NotImplementedException}
System.SystemException -> {"Handling of this ADSVALUE type is not yet implemented (type = 0xb)."}
 
J

Joe Kaplan \(MVP - ADSI\)

The path for the DirectoryEntry will control which LDAP server you access.
Your code doesn't show what you are using there.

The error you are getting is due to a problem with ADSI not being able to
read the server's abstract schema. This is almost always a problem related
to security context. Typically, the search is performed as an anonymous
user and that user does not have access to read the subschemaSubentry
object, so ADSI doesn't understand the server's data types. Sometimes you
get this problem because it could not parse the schema, but that doesn't
really seem to happen with AD or ADAM.

Can you show a very simple sample that demonstrates the error?

Joe K.

I am having troubles accessing a different Domain Controller than the one
I am currently in. Any help would be appreciated.

Dave

=================================================

Access DC_1 Access DC_2
Machine_1 in Domain_1 Works Exception
Machine_2 in Domain_2 Exception Works


The Exception is the same for both:
ex.Message -> "[exception] Error occurred while retrieving Active
Directory display name (displayname)."
ex.InnerException -> "Handling of this ADSVALUE type is not yet
implemented (type = 0xb)."



AdminID Password
=======================
DC_1 Unknown Unknown
DC_2 known known



Code -- Use UserID and Password If known
=================================================

string ldapAdminID = ConfigurationSettings.AppSettings["User"];
string ldapAdminPwd = ConfigurationSettings.AppSettings["Pwd"];
AuthenticationTypes AD_TYPE = AuthenticationTypes.Secure;

if ((ldapAdminID == null) || (ldapAdminID.Trim().Equals(String.Empty)))
entry = new DirectoryEntry(path);
else
entry = new DirectoryEntry(path, ldapAdminID, ldapAdminPwd, AD_TYPE);


DirectorySearcher searcher = new DirectorySearcher( entry );
searcher.Filter = String.Format( AD_SEARCH_EXPRESSION, m_LogonID );

searcher.PropertiesToLoad.AddRange(
new string[] { displayNamePropertyName, groupsPropertyName } );

SearchResult result = searcher.FindOne();
if ( result != null )
{
// THIS LINE THROWS AN EXCEPTION
displayName = result.Properties["displayname"][0].ToString();

// ex.Message -> "[exception] Error occurred while retrieving Active
Directory display name (displayname)."
// ex.InnerException -> "Handling of this ADSVALUE type is not yet
implemented (type = 0xb)."
}




Using the watch window, these are the values of the SearchResult
========================================================================
result.Properties.Hashtable.KeyCollection._hashtable
["adspath"]
["displayname"]

result.Properties["adspath"]
Item -> <cannot view indexed property>
System.Collections.ICollection.ReadOnlyCollectionBase
list {Count=0x1}
list[0] -> "LDAP://aaaa/CN=bbbbb,CN=Users,DC=aaaa,DC=com"


result.Properties["displayname"]
Item -> <cannot view indexed property>
System.Collections.ICollection.ReadOnlyCollectionBase
list {Count=0x1}
list[0] -> {System.NotImplementedException}
System.SystemException -> {"Handling of this ADSVALUE type is
not yet implemented (type = 0xb)."}
 
W

webbertsolutions

Joe,

Happy to get you what you want, just not sure what you want.
The code listed below is the ACTUAL code that I am using. Just
didn't include the entire source code due to size.

You said it could be a permission issue. Let me explain what I am doing.

I have logged in my machine (m_1) with my domain account. I am authenticated
against my corp dc (dc_1).

If I run the code on my machine (m_1) against (dc_1) everything works fine.
If I run the code on a dev machine (dev_2) against (dev_dc_2) everything works fine.

If I run the code on my machine (m_1) against (dev_dc_2) using the admin id / pwd of
dev_dc_2 it throws the exception described below.

Let me know what you are looking for and I will get it to you.

Thanks,
Dave

The path for the DirectoryEntry will control which LDAP server you access.
Your code doesn't show what you are using there.

The error you are getting is due to a problem with ADSI not being able to
read the server's abstract schema. This is almost always a problem related
to security context. Typically, the search is performed as an anonymous
user and that user does not have access to read the subschemaSubentry
object, so ADSI doesn't understand the server's data types. Sometimes you
get this problem because it could not parse the schema, but that doesn't
really seem to happen with AD or ADAM.

Can you show a very simple sample that demonstrates the error?

Joe K.

I am having troubles accessing a different Domain Controller than the one
I am currently in. Any help would be appreciated.

Dave

=================================================

Access DC_1 Access DC_2
Machine_1 in Domain_1 Works Exception
Machine_2 in Domain_2 Exception Works


The Exception is the same for both:
ex.Message -> "[exception] Error occurred while retrieving Active
Directory display name (displayname)."
ex.InnerException -> "Handling of this ADSVALUE type is not yet
implemented (type = 0xb)."



AdminID Password
=======================
DC_1 Unknown Unknown
DC_2 known known



Code -- Use UserID and Password If known
=================================================

string ldapAdminID = ConfigurationSettings.AppSettings["User"];
string ldapAdminPwd = ConfigurationSettings.AppSettings["Pwd"];
AuthenticationTypes AD_TYPE = AuthenticationTypes.Secure;

if ((ldapAdminID == null) || (ldapAdminID.Trim().Equals(String.Empty)))
entry = new DirectoryEntry(path);
else
entry = new DirectoryEntry(path, ldapAdminID, ldapAdminPwd, AD_TYPE);


DirectorySearcher searcher = new DirectorySearcher( entry );
searcher.Filter = String.Format( AD_SEARCH_EXPRESSION, m_LogonID );

searcher.PropertiesToLoad.AddRange(
new string[] { displayNamePropertyName, groupsPropertyName } );

SearchResult result = searcher.FindOne();
if ( result != null )
{
// THIS LINE THROWS AN EXCEPTION
displayName = result.Properties["displayname"][0].ToString();

// ex.Message -> "[exception] Error occurred while retrieving Active
Directory display name (displayname)."
// ex.InnerException -> "Handling of this ADSVALUE type is not yet
implemented (type = 0xb)."
}




Using the watch window, these are the values of the SearchResult
========================================================================
result.Properties.Hashtable.KeyCollection._hashtable
["adspath"]
["displayname"]

result.Properties["adspath"]
Item -> <cannot view indexed property>
System.Collections.ICollection.ReadOnlyCollectionBase
list {Count=0x1}
list[0] -> "LDAP://aaaa/CN=bbbbb,CN=Users,DC=aaaa,DC=com"


result.Properties["displayname"]
Item -> <cannot view indexed property>
System.Collections.ICollection.ReadOnlyCollectionBase
list {Count=0x1}
list[0] -> {System.NotImplementedException}
System.SystemException -> {"Handling of this ADSVALUE type is
not yet implemented (type = 0xb)."}
 
J

Joe Kaplan \(MVP - ADSI\)

Essentially what I'm asking for is a stripped down code sample with hard
coded values (changed to protect the innocent) so that I don't have to try
to figure out what all those variables mean. It is especially important to
see an example of what you are using for the path and the syntax you are
using for username and password.

Once I see that, I think I can diagnose it. Another thing I suggest you do
is add AuthenticationTypes.Secure to your DirectoryEntry constructors as you
really don't want to be passing plaintext credentials on the network, right?
That's generally bad form, especially when you have the domain admin
account.

Thanks!

Joe K.

Joe,

Happy to get you what you want, just not sure what you want.
The code listed below is the ACTUAL code that I am using. Just
didn't include the entire source code due to size.

You said it could be a permission issue. Let me explain what I am doing.

I have logged in my machine (m_1) with my domain account. I am
authenticated
against my corp dc (dc_1).

If I run the code on my machine (m_1) against (dc_1) everything works
fine.
If I run the code on a dev machine (dev_2) against (dev_dc_2) everything
works fine.

If I run the code on my machine (m_1) against (dev_dc_2) using the admin
id / pwd of
dev_dc_2 it throws the exception described below.

Let me know what you are looking for and I will get it to you.

Thanks,
Dave

The path for the DirectoryEntry will control which LDAP server you access.
Your code doesn't show what you are using there.

The error you are getting is due to a problem with ADSI not being able to
read the server's abstract schema. This is almost always a problem
related
to security context. Typically, the search is performed as an anonymous
user and that user does not have access to read the subschemaSubentry
object, so ADSI doesn't understand the server's data types. Sometimes you
get this problem because it could not parse the schema, but that doesn't
really seem to happen with AD or ADAM.

Can you show a very simple sample that demonstrates the error?

Joe K.

I am having troubles accessing a different Domain Controller than the one
I am currently in. Any help would be appreciated.

Dave

=================================================

Access DC_1 Access DC_2
Machine_1 in Domain_1 Works Exception
Machine_2 in Domain_2 Exception Works


The Exception is the same for both:
ex.Message -> "[exception] Error occurred while retrieving Active
Directory display name (displayname)."
ex.InnerException -> "Handling of this ADSVALUE type is not yet
implemented (type = 0xb)."



AdminID Password
=======================
DC_1 Unknown Unknown
DC_2 known known



Code -- Use UserID and Password If known
=================================================

string ldapAdminID = ConfigurationSettings.AppSettings["User"];
string ldapAdminPwd = ConfigurationSettings.AppSettings["Pwd"];
AuthenticationTypes AD_TYPE = AuthenticationTypes.Secure;

if ((ldapAdminID == null) || (ldapAdminID.Trim().Equals(String.Empty)))
entry = new DirectoryEntry(path);
else
entry = new DirectoryEntry(path, ldapAdminID, ldapAdminPwd, AD_TYPE);


DirectorySearcher searcher = new DirectorySearcher( entry );
searcher.Filter = String.Format( AD_SEARCH_EXPRESSION, m_LogonID );

searcher.PropertiesToLoad.AddRange(
new string[] { displayNamePropertyName, groupsPropertyName } );

SearchResult result = searcher.FindOne();
if ( result != null )
{
// THIS LINE THROWS AN EXCEPTION
displayName = result.Properties["displayname"][0].ToString();

// ex.Message -> "[exception] Error occurred while retrieving Active
Directory display name (displayname)."
// ex.InnerException -> "Handling of this ADSVALUE type is not yet
implemented (type = 0xb)."
}




Using the watch window, these are the values of the SearchResult
========================================================================
result.Properties.Hashtable.KeyCollection._hashtable
["adspath"]
["displayname"]

result.Properties["adspath"]
Item -> <cannot view indexed property>
System.Collections.ICollection.ReadOnlyCollectionBase
list {Count=0x1}
list[0] -> "LDAP://aaaa/CN=bbbbb,CN=Users,DC=aaaa,DC=com"


result.Properties["displayname"]
Item -> <cannot view indexed property>
System.Collections.ICollection.ReadOnlyCollectionBase
list {Count=0x1}
list[0] -> {System.NotImplementedException}
System.SystemException -> {"Handling of this ADSVALUE type
is
not yet implemented (type = 0xb)."}
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,483
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top