Trouble Accessing Active Directory Domain Controller

Discussion in 'ASP .Net Security' started by webbertsolutions@newsgroups.nospam, Mar 17, 2005.

  1. Guest

    I am having troubles accessing a different Domain Controller than the one
    I am currently in. Any help would be appreciated.

    Dave

    =================================================

    Access DC_1 Access DC_2
    Machine_1 in Domain_1 Works Exception
    Machine_2 in Domain_2 Exception Works


    The Exception is the same for both:
    ex.Message -> "[exception] Error occurred while retrieving Active Directory display name (displayname)."
    ex.InnerException -> "Handling of this ADSVALUE type is not yet implemented (type = 0xb)."



    AdminID Password
    =======================
    DC_1 Unknown Unknown
    DC_2 known known



    Code -- Use UserID and Password If known
    =================================================

    string ldapAdminID = ConfigurationSettings.AppSettings["User"];
    string ldapAdminPwd = ConfigurationSettings.AppSettings["Pwd"];
    AuthenticationTypes AD_TYPE = AuthenticationTypes.Secure;

    if ((ldapAdminID == null) || (ldapAdminID.Trim().Equals(String.Empty)))
    entry = new DirectoryEntry(path);
    else
    entry = new DirectoryEntry(path, ldapAdminID, ldapAdminPwd, AD_TYPE);


    DirectorySearcher searcher = new DirectorySearcher( entry );
    searcher.Filter = String.Format( AD_SEARCH_EXPRESSION, m_LogonID );

    searcher.PropertiesToLoad.AddRange(
    new string[] { displayNamePropertyName, groupsPropertyName } );

    SearchResult result = searcher.FindOne();
    if ( result != null )
    {
    // THIS LINE THROWS AN EXCEPTION
    displayName = result.Properties["displayname"][0].ToString();

    // ex.Message -> "[exception] Error occurred while retrieving Active Directory display name (displayname)."
    // ex.InnerException -> "Handling of this ADSVALUE type is not yet implemented (type = 0xb)."
    }




    Using the watch window, these are the values of the SearchResult
    ========================================================================
    result.Properties.Hashtable.KeyCollection._hashtable
    ["adspath"]
    ["displayname"]

    result.Properties["adspath"]
    Item -> <cannot view indexed property>
    System.Collections.ICollection.ReadOnlyCollectionBase
    list {Count=0x1}
    list[0] -> "LDAP://aaaa/CN=bbbbb,CN=Users,DC=aaaa,DC=com"


    result.Properties["displayname"]
    Item -> <cannot view indexed property>
    System.Collections.ICollection.ReadOnlyCollectionBase
    list {Count=0x1}
    list[0] -> {System.NotImplementedException}
    System.SystemException -> {"Handling of this ADSVALUE type is not yet implemented (type = 0xb)."}
    , Mar 17, 2005
    #1
    1. Advertising

  2. The path for the DirectoryEntry will control which LDAP server you access.
    Your code doesn't show what you are using there.

    The error you are getting is due to a problem with ADSI not being able to
    read the server's abstract schema. This is almost always a problem related
    to security context. Typically, the search is performed as an anonymous
    user and that user does not have access to read the subschemaSubentry
    object, so ADSI doesn't understand the server's data types. Sometimes you
    get this problem because it could not parse the schema, but that doesn't
    really seem to happen with AD or ADAM.

    Can you show a very simple sample that demonstrates the error?

    Joe K.

    <> wrote in message
    news:...
    >I am having troubles accessing a different Domain Controller than the one
    > I am currently in. Any help would be appreciated.
    >
    > Dave
    >
    > =================================================
    >
    > Access DC_1 Access DC_2
    > Machine_1 in Domain_1 Works Exception
    > Machine_2 in Domain_2 Exception Works
    >
    >
    > The Exception is the same for both:
    > ex.Message -> "[exception] Error occurred while retrieving Active
    > Directory display name (displayname)."
    > ex.InnerException -> "Handling of this ADSVALUE type is not yet
    > implemented (type = 0xb)."
    >
    >
    >
    > AdminID Password
    > =======================
    > DC_1 Unknown Unknown
    > DC_2 known known
    >
    >
    >
    > Code -- Use UserID and Password If known
    > =================================================
    >
    > string ldapAdminID = ConfigurationSettings.AppSettings["User"];
    > string ldapAdminPwd = ConfigurationSettings.AppSettings["Pwd"];
    > AuthenticationTypes AD_TYPE = AuthenticationTypes.Secure;
    >
    > if ((ldapAdminID == null) || (ldapAdminID.Trim().Equals(String.Empty)))
    > entry = new DirectoryEntry(path);
    > else
    > entry = new DirectoryEntry(path, ldapAdminID, ldapAdminPwd, AD_TYPE);
    >
    >
    > DirectorySearcher searcher = new DirectorySearcher( entry );
    > searcher.Filter = String.Format( AD_SEARCH_EXPRESSION, m_LogonID );
    >
    > searcher.PropertiesToLoad.AddRange(
    > new string[] { displayNamePropertyName, groupsPropertyName } );
    >
    > SearchResult result = searcher.FindOne();
    > if ( result != null )
    > {
    > // THIS LINE THROWS AN EXCEPTION
    > displayName = result.Properties["displayname"][0].ToString();
    >
    > // ex.Message -> "[exception] Error occurred while retrieving Active
    > Directory display name (displayname)."
    > // ex.InnerException -> "Handling of this ADSVALUE type is not yet
    > implemented (type = 0xb)."
    > }
    >
    >
    >
    >
    > Using the watch window, these are the values of the SearchResult
    > ========================================================================
    > result.Properties.Hashtable.KeyCollection._hashtable
    > ["adspath"]
    > ["displayname"]
    >
    > result.Properties["adspath"]
    > Item -> <cannot view indexed property>
    > System.Collections.ICollection.ReadOnlyCollectionBase
    > list {Count=0x1}
    > list[0] -> "LDAP://aaaa/CN=bbbbb,CN=Users,DC=aaaa,DC=com"
    >
    >
    > result.Properties["displayname"]
    > Item -> <cannot view indexed property>
    > System.Collections.ICollection.ReadOnlyCollectionBase
    > list {Count=0x1}
    > list[0] -> {System.NotImplementedException}
    > System.SystemException -> {"Handling of this ADSVALUE type is
    > not yet implemented (type = 0xb)."}
    >
    >
    >
    Joe Kaplan \(MVP - ADSI\), Mar 17, 2005
    #2
    1. Advertising

  3. Guest

    Joe,

    Happy to get you what you want, just not sure what you want.
    The code listed below is the ACTUAL code that I am using. Just
    didn't include the entire source code due to size.

    You said it could be a permission issue. Let me explain what I am doing.

    I have logged in my machine (m_1) with my domain account. I am authenticated
    against my corp dc (dc_1).

    If I run the code on my machine (m_1) against (dc_1) everything works fine.
    If I run the code on a dev machine (dev_2) against (dev_dc_2) everything works fine.

    If I run the code on my machine (m_1) against (dev_dc_2) using the admin id / pwd of
    dev_dc_2 it throws the exception described below.

    Let me know what you are looking for and I will get it to you.

    Thanks,
    Dave

    On Thu, 17 Mar 2005 09:20:05 -0600, "Joe Kaplan \(MVP - ADSI\)" <> wrote:

    >The path for the DirectoryEntry will control which LDAP server you access.
    >Your code doesn't show what you are using there.
    >
    >The error you are getting is due to a problem with ADSI not being able to
    >read the server's abstract schema. This is almost always a problem related
    >to security context. Typically, the search is performed as an anonymous
    >user and that user does not have access to read the subschemaSubentry
    >object, so ADSI doesn't understand the server's data types. Sometimes you
    >get this problem because it could not parse the schema, but that doesn't
    >really seem to happen with AD or ADAM.
    >
    >Can you show a very simple sample that demonstrates the error?
    >
    >Joe K.
    >
    ><> wrote in message
    >news:...
    >>I am having troubles accessing a different Domain Controller than the one
    >> I am currently in. Any help would be appreciated.
    >>
    >> Dave
    >>
    >> =================================================
    >>
    >> Access DC_1 Access DC_2
    >> Machine_1 in Domain_1 Works Exception
    >> Machine_2 in Domain_2 Exception Works
    >>
    >>
    >> The Exception is the same for both:
    >> ex.Message -> "[exception] Error occurred while retrieving Active
    >> Directory display name (displayname)."
    >> ex.InnerException -> "Handling of this ADSVALUE type is not yet
    >> implemented (type = 0xb)."
    >>
    >>
    >>
    >> AdminID Password
    >> =======================
    >> DC_1 Unknown Unknown
    >> DC_2 known known
    >>
    >>
    >>
    >> Code -- Use UserID and Password If known
    >> =================================================
    >>
    >> string ldapAdminID = ConfigurationSettings.AppSettings["User"];
    >> string ldapAdminPwd = ConfigurationSettings.AppSettings["Pwd"];
    >> AuthenticationTypes AD_TYPE = AuthenticationTypes.Secure;
    >>
    >> if ((ldapAdminID == null) || (ldapAdminID.Trim().Equals(String.Empty)))
    >> entry = new DirectoryEntry(path);
    >> else
    >> entry = new DirectoryEntry(path, ldapAdminID, ldapAdminPwd, AD_TYPE);
    >>
    >>
    >> DirectorySearcher searcher = new DirectorySearcher( entry );
    >> searcher.Filter = String.Format( AD_SEARCH_EXPRESSION, m_LogonID );
    >>
    >> searcher.PropertiesToLoad.AddRange(
    >> new string[] { displayNamePropertyName, groupsPropertyName } );
    >>
    >> SearchResult result = searcher.FindOne();
    >> if ( result != null )
    >> {
    >> // THIS LINE THROWS AN EXCEPTION
    >> displayName = result.Properties["displayname"][0].ToString();
    >>
    >> // ex.Message -> "[exception] Error occurred while retrieving Active
    >> Directory display name (displayname)."
    >> // ex.InnerException -> "Handling of this ADSVALUE type is not yet
    >> implemented (type = 0xb)."
    >> }
    >>
    >>
    >>
    >>
    >> Using the watch window, these are the values of the SearchResult
    >> ========================================================================
    >> result.Properties.Hashtable.KeyCollection._hashtable
    >> ["adspath"]
    >> ["displayname"]
    >>
    >> result.Properties["adspath"]
    >> Item -> <cannot view indexed property>
    >> System.Collections.ICollection.ReadOnlyCollectionBase
    >> list {Count=0x1}
    >> list[0] -> "LDAP://aaaa/CN=bbbbb,CN=Users,DC=aaaa,DC=com"
    >>
    >>
    >> result.Properties["displayname"]
    >> Item -> <cannot view indexed property>
    >> System.Collections.ICollection.ReadOnlyCollectionBase
    >> list {Count=0x1}
    >> list[0] -> {System.NotImplementedException}
    >> System.SystemException -> {"Handling of this ADSVALUE type is
    >> not yet implemented (type = 0xb)."}
    >>
    >>
    >>

    >
    , Mar 21, 2005
    #3
  4. Essentially what I'm asking for is a stripped down code sample with hard
    coded values (changed to protect the innocent) so that I don't have to try
    to figure out what all those variables mean. It is especially important to
    see an example of what you are using for the path and the syntax you are
    using for username and password.

    Once I see that, I think I can diagnose it. Another thing I suggest you do
    is add AuthenticationTypes.Secure to your DirectoryEntry constructors as you
    really don't want to be passing plaintext credentials on the network, right?
    That's generally bad form, especially when you have the domain admin
    account.

    Thanks!

    Joe K.

    <> wrote in message
    news:...
    > Joe,
    >
    > Happy to get you what you want, just not sure what you want.
    > The code listed below is the ACTUAL code that I am using. Just
    > didn't include the entire source code due to size.
    >
    > You said it could be a permission issue. Let me explain what I am doing.
    >
    > I have logged in my machine (m_1) with my domain account. I am
    > authenticated
    > against my corp dc (dc_1).
    >
    > If I run the code on my machine (m_1) against (dc_1) everything works
    > fine.
    > If I run the code on a dev machine (dev_2) against (dev_dc_2) everything
    > works fine.
    >
    > If I run the code on my machine (m_1) against (dev_dc_2) using the admin
    > id / pwd of
    > dev_dc_2 it throws the exception described below.
    >
    > Let me know what you are looking for and I will get it to you.
    >
    > Thanks,
    > Dave
    >
    > On Thu, 17 Mar 2005 09:20:05 -0600, "Joe Kaplan \(MVP - ADSI\)"
    > <> wrote:
    >
    >>The path for the DirectoryEntry will control which LDAP server you access.
    >>Your code doesn't show what you are using there.
    >>
    >>The error you are getting is due to a problem with ADSI not being able to
    >>read the server's abstract schema. This is almost always a problem
    >>related
    >>to security context. Typically, the search is performed as an anonymous
    >>user and that user does not have access to read the subschemaSubentry
    >>object, so ADSI doesn't understand the server's data types. Sometimes you
    >>get this problem because it could not parse the schema, but that doesn't
    >>really seem to happen with AD or ADAM.
    >>
    >>Can you show a very simple sample that demonstrates the error?
    >>
    >>Joe K.
    >>
    >><> wrote in message
    >>news:...
    >>>I am having troubles accessing a different Domain Controller than the one
    >>> I am currently in. Any help would be appreciated.
    >>>
    >>> Dave
    >>>
    >>> =================================================
    >>>
    >>> Access DC_1 Access DC_2
    >>> Machine_1 in Domain_1 Works Exception
    >>> Machine_2 in Domain_2 Exception Works
    >>>
    >>>
    >>> The Exception is the same for both:
    >>> ex.Message -> "[exception] Error occurred while retrieving Active
    >>> Directory display name (displayname)."
    >>> ex.InnerException -> "Handling of this ADSVALUE type is not yet
    >>> implemented (type = 0xb)."
    >>>
    >>>
    >>>
    >>> AdminID Password
    >>> =======================
    >>> DC_1 Unknown Unknown
    >>> DC_2 known known
    >>>
    >>>
    >>>
    >>> Code -- Use UserID and Password If known
    >>> =================================================
    >>>
    >>> string ldapAdminID = ConfigurationSettings.AppSettings["User"];
    >>> string ldapAdminPwd = ConfigurationSettings.AppSettings["Pwd"];
    >>> AuthenticationTypes AD_TYPE = AuthenticationTypes.Secure;
    >>>
    >>> if ((ldapAdminID == null) || (ldapAdminID.Trim().Equals(String.Empty)))
    >>> entry = new DirectoryEntry(path);
    >>> else
    >>> entry = new DirectoryEntry(path, ldapAdminID, ldapAdminPwd, AD_TYPE);
    >>>
    >>>
    >>> DirectorySearcher searcher = new DirectorySearcher( entry );
    >>> searcher.Filter = String.Format( AD_SEARCH_EXPRESSION, m_LogonID );
    >>>
    >>> searcher.PropertiesToLoad.AddRange(
    >>> new string[] { displayNamePropertyName, groupsPropertyName } );
    >>>
    >>> SearchResult result = searcher.FindOne();
    >>> if ( result != null )
    >>> {
    >>> // THIS LINE THROWS AN EXCEPTION
    >>> displayName = result.Properties["displayname"][0].ToString();
    >>>
    >>> // ex.Message -> "[exception] Error occurred while retrieving Active
    >>> Directory display name (displayname)."
    >>> // ex.InnerException -> "Handling of this ADSVALUE type is not yet
    >>> implemented (type = 0xb)."
    >>> }
    >>>
    >>>
    >>>
    >>>
    >>> Using the watch window, these are the values of the SearchResult
    >>> ========================================================================
    >>> result.Properties.Hashtable.KeyCollection._hashtable
    >>> ["adspath"]
    >>> ["displayname"]
    >>>
    >>> result.Properties["adspath"]
    >>> Item -> <cannot view indexed property>
    >>> System.Collections.ICollection.ReadOnlyCollectionBase
    >>> list {Count=0x1}
    >>> list[0] -> "LDAP://aaaa/CN=bbbbb,CN=Users,DC=aaaa,DC=com"
    >>>
    >>>
    >>> result.Properties["displayname"]
    >>> Item -> <cannot view indexed property>
    >>> System.Collections.ICollection.ReadOnlyCollectionBase
    >>> list {Count=0x1}
    >>> list[0] -> {System.NotImplementedException}
    >>> System.SystemException -> {"Handling of this ADSVALUE type
    >>> is
    >>> not yet implemented (type = 0xb)."}
    >>>
    >>>
    >>>

    >>

    >
    Joe Kaplan \(MVP - ADSI\), Mar 22, 2005
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Juleke
    Replies:
    2
    Views:
    2,264
    Juleke
    Apr 12, 2004
  2. =?Utf-8?B?VENEb2xwaGluLg==?=

    Webserver needs to be domain controller or just joind to domain?

    =?Utf-8?B?VENEb2xwaGluLg==?=, Sep 22, 2005, in forum: ASP .Net
    Replies:
    7
    Views:
    469
    =?Utf-8?B?VENEb2xwaGluLg==?=
    Sep 22, 2005
  3. Michael Earls
    Replies:
    3
    Views:
    3,270
    MBUnit
    Mar 24, 2009
  4. Deepak Mehta
    Replies:
    0
    Views:
    152
    Deepak Mehta
    Oct 5, 2004
  5. Jerry Hill
    Replies:
    0
    Views:
    71
    Jerry Hill
    May 6, 2014
Loading...

Share This Page