Re: System.DirectoryServices

From: Brian (bonei_at_vafb.com)
Date: 06/09/04 

Date: 9 Jun 2004 12:31:40 -0700

Thanks,
 I am using syntax "LDAP://" and then the name of the user to get his
SAMAccountName, etc..
 We have found this code works differently on different servers here.
Could be my question is voided by that. I have tried making myself the
anonymous user and gotten some success as well on some servers.
  The consistent problem is executing the looping over users in a
group as follows:

  Dim de As System.DirectoryServices.DirectoryEntry = _
           New DirectoryServices.DirectoryEntry(adPath,
domainAndUsername, strPassword)
        Dim ds As DirectorySearcher = New DirectorySearcher(de)
        ds.Filter = "((cn=" & strGroupName & "))"
        Dim dResults As SearchResultCollection = ds.FindAll()
        For Each dResult As SearchResult In dResults
            Dim resultPropColl As ResultPropertyCollection =
dResult.Properties
            For Each memberItem As Object In resultPropColl("member")
                Dim foundUser As DirectoryEntry = _
                    New DirectoryEntry("LDAP://" &
memberItem.ToString(), domainAndUsername, strPassword)
                Dim userProps As PropertyCollection =
foundUser.Properties
                If Not IsNothing(userProps("SAMAccountName").Value)
Then
                    stSorted.Add(userProps("SAMAccountName").Value,
userProps("Name").Value)
                End If
            Next
        Next

This chunk of code is the one that fails upon moving to varying
servers.
Is it possible that FINDALL requires more permission than simply "New
Entry"?

"Joe Kaplan \(MVP - ADSI\)" <joseph.e.kaplan@removethis.accenture.com> wrote in message news:<eRpTe7ESEHA.3628@TK2MSFTNGP12.phx.gbl>...
> No, you should be able to use the user's credentials to bind. Is this
> Active Directory or an NT4 domain? Are you using the LDAP provider (your
> _path variable doesn't make this clear)? What is the path you are using?
>
> Joe K.
>
> "Brian" <bonei@vafb.com> wrote in message
> news:d2129775.0406011420.17d94784@posting.google.com...
> > I have a few pages which authenticate a user to our site.
> >
> > Checking a login and password with syntax as below:
> >
> > Dim entry As New DirectoryEntry(_path, domainAndUsername, PWD)
> >
> > My problem is I can only do this if I elevate the anonymous user to
> > ADMINISTRATOR of my domain.
> >
> > Should my ASPX page have to be running the ADMIN account to use this
> > namespace.
> > Another task I need is to enumerate users in a GROUP using this
> > namespace.
> > That also only works with the ADMIN account.
> >
> > Thanks,
> > Brian

Relevant Pages

  • Re: Mucking with the calling scripts namespace (For a good reason, honest!)
    ... Thank you for your help Larry. ... creates a new not-really namespace, as the objects in the container ... > ConfigParser module. ... > class servers: ...
    (comp.lang.python)
  • Re: company.local or company.com
    ... Your AD Servers in the office will most likely be the choice for DNS ... using internal AD DNS for resolution, not the external DNS servers that host ... Having your AD namespace called company.local will not affect anything as it ...
    (microsoft.public.exchange.design)
  • Re: subdomain namespace question
    ... This is absolutely fine and called a disjoint namespace and is fully supported. ... There is a KB article on setting some specific permissions for machines this is ... > We are designing a new namespace for our new AD (2003 servers). ...
    (microsoft.public.windows.server.active_directory)
  • Re: Add server to SBS network?
    ... join those servers to the domain. ... >> using a local admin account on a member server. ... >> Microsoft SBS-MVP ... >> Take part in SBS forum: ...
    (microsoft.public.windows.server.sbs)
  • Re: Hack Attempt on Windows 2003 AD Native
    ... > Source IPs of machines trying to hack my servers... ... > My servers on the Internet are: ... > they were attempting to connect again but using the NEW Admin account I ...
    (microsoft.public.windows.server.active_directory)