Re: Query AD using Integrated Authentication?

From: Joe Kaplan \(MVP - ADSI\) (joseph.e.kaplan_at_removethis.accenture.com)
Date: 07/29/04 

Date: Thu, 29 Jul 2004 09:21:47 -0500

You can definitely use a fixed account to query AD. You can do that by
specifying explicit credentials in your DirectoryEntry binds or by changing
the identity of the process or impersonated account to the appropriate
domain account. You can also put all your S.DS code in a COM+ component and
set it up with its own identity, so you have a LOT of options, must like you
do with SQL server. I can provide more specific samples if you need them,
or you can probably dig them up with a Google groups search.

The original question had to do with why impersonation wasn't working in a
machine hopping scenario, in which case the answer was related to Kerberos
delegation.

Joe K.

"HG" <hg@nospam.websolver.dk> wrote in message
news:eGU4E8TdEHA.2544@TK2MSFTNGP10.phx.gbl...
> Hi there
>
> Couldn't help myself... I am having a similar problem..
>
> The article that Joe refers to, says that you have to change browser
> settings (Enable Integrated Authentication), that is, each of the browser
> clients. I do not know if this is a viable option for me.
>
> However.
>
> I use Integrated Authentication up until IIS, so far so good...The problem
> arises when you want to contact other servers/services as for example an
> Active Directory. Is this correct?
>
> Isn't it possible to user a fixed user account to query the AD, and
thereby
> NO need to setup browsers for IA, say:
> Use IA up until IIS (IA + impersonate, no anonymous), in you ASP.NET page
> autheticate to the AD by using a predefined user, retrieve the settings
you
> want (fx. the full name of the user), and process the ASP.NET page
further.
> Is this possible?
>
> Must be, because how does IIS handle connections to MSSQL?
>
> Anyone..Please
>
> Best regards
>
> Henrik
>
>

Relevant Pages

  • Re: How to populate a list box based on user input?
    ... associated with that account pop up in a list box. ... click "View" and a query come up showing all those orders on separate ... I get stuck on what the SQL should look like in the Control Source ... Private Sub txtAccountNo_AfterUpdate ...
    (microsoft.public.access.modulesdaovba)
  • Re: Access query
    ... account ID and a flag. ... Only when the output of some query is generated will there ... If you sort on some other column by ...
    (microsoft.public.data.odbc)
  • Re: Passing values
    ... threshold for that account. ... made by account and then amount. ... Successive selections would ... the query I had language in the criteria column "! ...
    (microsoft.public.access.adp.sqlserver)
  • Re: Delegate Control?
    ... To my surprise it turns out that the account is also able to query all of the other OU's in my domain. ... Why if I did a delegate of control and gave read access to a low level account to the Africa OU would it also be able to read from America? ...
    (microsoft.public.windows.server.active_directory)
  • Re: Subform and Form
    ... The second query is already based on all 3 tables, ... Policy Number in the Account Information table, ... > Each query for the form on its own will show the Account Name and Policy ... But when I try and join these 2 queries together, ...
    (microsoft.public.access.forms)