G
George Durzi
Hi,
I'm having trouble fetching the AD groups a user belongs to after
authenticating them against Active Directory. My code is based on the How To
for using Forms Authentication to authenticate against AD
(http://support.microsoft.com/default.aspx?scid=kb;en-us;326340)
LDAP ConnectString:
LDAP://VN-SRV-DC01.corp.isacorp.com/DC=corp,DC=isacorp,DC=com
Domain Name: VN-SRV-DC01.corp.isacorp.com
Initially, when I use the DirectorySearcher to find cn=gdurzi, the path of
the results is:
LDAP://VN-SRV-DC01.corp.isacorp.com/CN=gdurzi,CN=Users,DC=corp,DC=isacorp,DC=com
My code does the following to get the users groups does the following:
DirectorySearcher oDS = new
DirectorySearcher("LDAP://VN-SRV-DC01.corp.isacorp.com/CN=gdurzi,CN=Users,DC=corp,DC=isacorp,DC=com");
oDS.Filter ="(cn=gdurzi)";
oDS.PropertiesToLoad.Add("memberOf");
try {
SearchResult oSR = oDS.FindOne();
I get an Exception on the call to FindOne. "The specified domain either does
not exist or could not be contacted"
After binding to the VN-SRV-DC01.corp.isacorp.com domain in ldp.exe, I can
do a search for cn=gdurzi successfully by using a Base DN of:
CN=Users,DC=corp,DC=isacorp,DC=com
***Searching...
ldap_search_s(ld, "CN=Users,DC=corp,DC=isacorp,DC=com", 1, "CN=gdurzi",
attrList, 0, &msg)
Result <0>: (null)
Matched DNs:
Getting 1 entries:4> objectClass: top; person; organizationalPerson; user;
1> cn: gdurzi;
1> distinguishedName: CN=gdurzi,CN=Users,DC=corp,DC=isacorp,DC=com;
1> name: gdurzi;
1> canonicalName: corp.isacorp.com/Users/gdurzi;
If I open the enterprise tree in ldp.exe and find my cn, here's what I get:
Expanding base 'CN=gdurzi,CN=Users,DC=corp,DC=isacorp,DC=com'...
Result <0>: (null)
Matched DNs:
Getting 1 entries:4> objectClass: top; person; organizationalPerson; user;
1> cn: gdurzi;
1> sn: Durzi;
1> givenName: George;
1> distinguishedName: CN=gdurzi,CN=Users,DC=corp,DC=isacorp,DC=com;
1> instanceType: 4;
1> whenCreated: 11/24/2004 22:38:51 US Mountain Standard Time US Mountain
Standard Time;
1> whenChanged: 12/16/2004 7:58:12 US Mountain Standard Time US Mountain
Standard Time;
1> displayName: George Durzi;
1> uSNCreated: 8471;
2> memberOf: CN=FrameworkAdmins,CN=Users,DC=corp,DC=isacorp,DC=com;
CN=Remote Desktop Users,CN=Builtin,DC=corp,DC=isacorp,DC=com;
1> uSNChanged: 349743;
1> name: gdurzi;
1> objectGUID: 2975a92e-fb4b-4141-a0de-482dca83d95b;
1> userAccountControl: 0x10200;
1> badPwdCount: 0;
1> codePage: 0;
1> countryCode: 0;
1> badPasswordTime: <ldp error <0x0>: cannot format time field;
1> lastLogon: <ldp error <0x0>: cannot format time field;
1> logonHours: <ldp: Binary blob>;
1> pwdLastSet: <ldp error <0x0>: cannot format time field;
1> primaryGroupID: 513;
1> userParameters: m: d ;
1> objectSid: S-1-5-21-1561616353-131408304-1539857752-1612;
1> accountExpires: 0;
1> logonCount: 12;
1> sAMAccountName: gdurzi;
1> sAMAccountType: 805306368;
1> userPrincipalName: gdurzi;
1> objectCategory:
CN=Person,CN=Schema,CN=Configuration,DC=corp,DC=isacorp,DC=com;
1> msNPAllowDialin: TRUE;
-----------
You can see that the memberOf property properly pulls the groups my cn is a
member of:
memberOf: CN=FrameworkAdmins,CN=Users,DC=corp,DC=isacorp,DC=com; CN=Remote
Desktop Users,CN=Builtin,DC=corp,DC=isacorp,DC=com;
Any idea why my code is error'ing at the call to FindOne?
I'm having trouble fetching the AD groups a user belongs to after
authenticating them against Active Directory. My code is based on the How To
for using Forms Authentication to authenticate against AD
(http://support.microsoft.com/default.aspx?scid=kb;en-us;326340)
LDAP ConnectString:
LDAP://VN-SRV-DC01.corp.isacorp.com/DC=corp,DC=isacorp,DC=com
Domain Name: VN-SRV-DC01.corp.isacorp.com
Initially, when I use the DirectorySearcher to find cn=gdurzi, the path of
the results is:
LDAP://VN-SRV-DC01.corp.isacorp.com/CN=gdurzi,CN=Users,DC=corp,DC=isacorp,DC=com
My code does the following to get the users groups does the following:
DirectorySearcher oDS = new
DirectorySearcher("LDAP://VN-SRV-DC01.corp.isacorp.com/CN=gdurzi,CN=Users,DC=corp,DC=isacorp,DC=com");
oDS.Filter ="(cn=gdurzi)";
oDS.PropertiesToLoad.Add("memberOf");
try {
SearchResult oSR = oDS.FindOne();
I get an Exception on the call to FindOne. "The specified domain either does
not exist or could not be contacted"
After binding to the VN-SRV-DC01.corp.isacorp.com domain in ldp.exe, I can
do a search for cn=gdurzi successfully by using a Base DN of:
CN=Users,DC=corp,DC=isacorp,DC=com
***Searching...
ldap_search_s(ld, "CN=Users,DC=corp,DC=isacorp,DC=com", 1, "CN=gdurzi",
attrList, 0, &msg)
Result <0>: (null)
Matched DNs:
Getting 1 entries:4> objectClass: top; person; organizationalPerson; user;
1> cn: gdurzi;
1> distinguishedName: CN=gdurzi,CN=Users,DC=corp,DC=isacorp,DC=com;
1> name: gdurzi;
1> canonicalName: corp.isacorp.com/Users/gdurzi;
If I open the enterprise tree in ldp.exe and find my cn, here's what I get:
Expanding base 'CN=gdurzi,CN=Users,DC=corp,DC=isacorp,DC=com'...
Result <0>: (null)
Matched DNs:
Getting 1 entries:4> objectClass: top; person; organizationalPerson; user;
1> cn: gdurzi;
1> sn: Durzi;
1> givenName: George;
1> distinguishedName: CN=gdurzi,CN=Users,DC=corp,DC=isacorp,DC=com;
1> instanceType: 4;
1> whenCreated: 11/24/2004 22:38:51 US Mountain Standard Time US Mountain
Standard Time;
1> whenChanged: 12/16/2004 7:58:12 US Mountain Standard Time US Mountain
Standard Time;
1> displayName: George Durzi;
1> uSNCreated: 8471;
2> memberOf: CN=FrameworkAdmins,CN=Users,DC=corp,DC=isacorp,DC=com;
CN=Remote Desktop Users,CN=Builtin,DC=corp,DC=isacorp,DC=com;
1> uSNChanged: 349743;
1> name: gdurzi;
1> objectGUID: 2975a92e-fb4b-4141-a0de-482dca83d95b;
1> userAccountControl: 0x10200;
1> badPwdCount: 0;
1> codePage: 0;
1> countryCode: 0;
1> badPasswordTime: <ldp error <0x0>: cannot format time field;
1> lastLogon: <ldp error <0x0>: cannot format time field;
1> logonHours: <ldp: Binary blob>;
1> pwdLastSet: <ldp error <0x0>: cannot format time field;
1> primaryGroupID: 513;
1> userParameters: m: d ;
1> objectSid: S-1-5-21-1561616353-131408304-1539857752-1612;
1> accountExpires: 0;
1> logonCount: 12;
1> sAMAccountName: gdurzi;
1> sAMAccountType: 805306368;
1> userPrincipalName: gdurzi;
1> objectCategory:
CN=Person,CN=Schema,CN=Configuration,DC=corp,DC=isacorp,DC=com;
1> msNPAllowDialin: TRUE;
-----------
You can see that the memberOf property properly pulls the groups my cn is a
member of:
memberOf: CN=FrameworkAdmins,CN=Users,DC=corp,DC=isacorp,DC=com; CN=Remote
Desktop Users,CN=Builtin,DC=corp,DC=isacorp,DC=com;
Any idea why my code is error'ing at the call to FindOne?