RE: Using Active Directory

From: Steven Cheng[MSFT] (stcheng_at_online.microsoft.com)
Date: 09/20/05

  • Next message: NG: "Login Application" 
    Date: Tue, 20 Sep 2005 07:36:53 GMT

    Hi Sharmasu,

    Welcome to ASPNET newsgroup.
    Regarding on the two questions you mentioned, here are some of my
    suggestions;
    1. For AD query, generally there may occur some secuirty related issues
    when performing AD query in ASP.NET application since the security context
    in asp.net is different from desktop apps like winform or console. So I
    think we can first try testing the same code in winform or console app with
    proper logon user to see whethe the same rpoblem occurs. If the same
    problem remain, that means this is a AD specific problem, I'd recommend you
    try posting in the public.ADSI or public .ADSI.general newsgroup.

    2. Do you means you'd like to allow your asp.net application to create new
    directory on remote machine? If so, I'm afraid this is not quite a good
    idea since we need to consider many security things in such scenario.
    First, for manipulate directory on remote machine, we'll need to expose the
    remote directory (at least the most top level directory) through UNC share
    or WebDav share. Then, we can access or modify that directory from the
    asp.net application on separate machine. Also, we need to grant the
    ASP.NET's process identity the sufficient permissions on the remote
    macine(for that remote shared folder).

    Thanks,

    Steven Cheng
    Microsoft Online Support

    Get Secure! www.microsoft.com/security
    (This posting is provided "AS IS", with no warranties, and confers no
    rights.)

    --------------------
    | Thread-Topic: Using Active Directory
    | thread-index: AcW9XPjaG4kI1EAVQtG9u1BTsm403A==
    | X-WBNR-Posting-Host: 12.109.44.8
    | From: "=?Utf-8?B?c2NzaGFybWE=?=" <sharmasu@noemail.nospam>
    | Subject: Using Active Directory
    | Date: Mon, 19 Sep 2005 13:59:05 -0700
    | Lines: 25
    | Message-ID: <C1503C3D-7E8D-4951-904E-00252081771D@microsoft.com>
    | MIME-Version: 1.0
    | Content-Type: text/plain;
    | charset="Utf-8"
    | Content-Transfer-Encoding: 7bit
    | X-Newsreader: Microsoft CDO for Windows 2000
    | Content-Class: urn:content-classes:message
    | Importance: normal
    | Priority: normal
    | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
    | Newsgroups: microsoft.public.dotnet.framework.aspnet.security
    | NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
    | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
    | Xref: TK2MSFTNGXA01.phx.gbl
    microsoft.public.dotnet.framework.aspnet.security:6627
    | X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
    |
    | Hi,
    | I am new to active directory world but based on what i know i am trying
    to
    | achieve following:
    | 1. Look for user/groups on a windows 2000 machine which is not a
    PDC(primary
    | domain controller). I created Directory entry object as follows:
    | DirectoryEntry group = new
    | DirectoryEntry("LDAP://CN=guests,DC=XXX.XXX.XX.X");
    | where "X" is actual IP Address of machine.
    |
    | I ran into issues where i got exception saying "A referral was returned
    | from the server" when following line was executed:
    | object members = group.Invoke("Members",null);
    | I am not sure if i can query PDC to look for users/groups on some other
    | machine running in same domain. Can some one verify if that's possible.
    If
    | yes then can you please direct me.
    |
    | 2. I am trying to create a user interface which will allow user to create
    a
    | subdirectory on machine running windows 2000 machine. Please note that my
    | application would be running on windows XP. Using my UI user will,
    specify
    | the ipaddress of windows 2000 on which finally subfolder will be created
    and
    | users from that machines would be given permission on those folders.
    | Is above requirement possible using C# in .net.
    | --
    | Thanks
    | SCS
    |

  • Next message: NG: "Login Application"

    Relevant Pages

    • RE: Win32: RPC server is unavailable
      ... The RPC server is unavailable" when remote manage the computer. ... can I assume that the remote computer is Windows ... Microsoft CSS Online Newsgroup Support ...
      (microsoft.public.windows.server.sbs)
    • RE: Sp1, DCOM and remote debugging
      ... Thank you for posting to the SBS Newsgroup. ... I understand that when you trying to use the remote debug on the Windows XP ... start debugging on the web server. ...
      (microsoft.public.windows.server.sbs)
    • RE: Win 2K and Win XP connections via VPN - grr....!!
      ... Thank you for posting to the SBS Newsgroup. ... I understand that you have two remote client workstations, one is Windows ...
      (microsoft.public.windows.server.sbs)
    • Re: Time-Limited License on Remote Desktop Client (for Mac)
      ... I don't boot up my old Mac ... Jeffrey Randow (Windows Net. ... Remote Networking Technology Support Site - ... you may want to look at the microsoft.public.mac.rdc newsgroup ...
      (microsoft.public.windowsxp.work_remotely)
    • Re: ExecQueryAsync Fails on XPSP2
      ... my ConnectServer method correctly connects to the remote ... >> To retrieve information from a remote workstation, ... >> execute the query it never returns any information. ... This worked on Windows XP ...
      (microsoft.public.win32.programmer.wmi)