Active Directory question (ASP.NET)

[bri189a]

(this is all ASP.NET related)

 

I've never messed with AD using VBS before, but apparently the LAN team has and everything they do they can 'bind' to a specific server. Now in my limited experiance using the DirectoryEntry and DirectorySearcher object there is a flag called ServerBind that you can use when connecting but MSDNs documentation on that is vague. And by that I mean what do they mean if you have a server specified in the LDAP path and if you do have it in your LDAP path does that mean you are already binding to a specific server?

 

Example:

 

LDAP://CN=Happy Gilmore,OU=Comedy,DC=movies,DC=entertainment,DC=com

 

Aren't you specifying the movies.entertainment.com domain already? Or do they mean putting the server at the beginning of LDAP path which seems is what you have to do whenever you're passing in the username and password as part of the DirectoryEntry connection:

 

LDAP://movies/CN=Happy Gilmore,OU=Comedy,DC=movies,DC=entertainment,DC=com

 

I don't know why I have to specify the domain name at the beginning like that when using user name and password, but I do...otherwise I get a Server not found error. The first LDAP will only work if I have the impersonate attribute set to true in the web.config file, interestingly enough the second will work with impersonation also but it seems a lot slower.

 

So anyway, to my point/question...we can't move forward until we can tell the LAN guys what server our AD 'queries' are going to...since my rootDSE is the entire path as above, or I'm not using DirectorySearcher and going directly to the entry because I know where it's at, I don't know what to tell them and can't find any documentation to support my theory that with the LDAP paths above I am specifying a server (movies).

 

Any help would be GREATLY appreciated. Thanks!

[IxiRancid]

Well, to be honest, I'm not really sure what are you asking about, but I believe you use DirectoryEntry/Searcher object, and there is some fuss about user authentication and stuff

:)

 

Do not use the object from toolbar for DirectoryEntry, do it manually! I'm not sure what properties and side dependencies this object makes, just literally dim the Entry and log onto your LDAP like this:

 

Dim rootEntry As New DirectoryEntry("GC://CN=Happy Gilmore,OU=Comedy,DC=movies,DC=entertainment,DC=com")

       Dim searcher As New DirectorySearcher(rootEntry)
       searcher.PropertiesToLoad.Add("sn")
       searcher.PropertiesToLoad.Add("givenName")
       searcher.PropertiesToLoad.Add("telephoneNumber")
       'searcher.PropertiesToLoad.Add("displayName")
       searcher.Sort.Direction = SortDirection.Ascending
       searcher.Sort.PropertyName = "sn"

       searcher.Filter = "(&(&(&(objectCategory=person)(objectClass=user))(department=*" + ddlOddelek.SelectedValue + "))(telephoneNumber=*))"

       Dim results As SearchResultCollection
       results = searcher.FindAll()

 

This is the code, notice the GC instead of LDAP, GC works in a "precahced" way and is a bit quicker.

 

Now the tricky part, which took me a couple of days... Impersonate True stuff:

put this into your web.config

<identity impersonate="true" userName="DOMAN\adminUSER" password="PASSWORD"/>

just before this line:

<authentication mode="Windows" />

 

This should get you into your AD server and use it's functionality.

I really hope this was helpful, if you need any additional info on how to perform searches and things just ask :D

[bri189a]

Appreciate your comments...not having a problem talking with AD, I'm already doing that, already using impersonation. What I was asking is that I need to specify the Active Directory Server that I query against. LAN says I can do that... they say they can do it in there VBS files... I think it's a terminology difference, that's what I'm trying to figure out.

 

What do you mean GC works in a pre-cached way?

 

And what do you mean by:

Do not use the object from toolbar for DirectoryEntry, do it manually!

 

What toolbar object? I do everything in code...I wasn't even aware there was a tool in the toolbar for connecting to active directory and can't seem to find one either.

[PlausiblyDamp]

What does the code from the VBS scripts look like for connectiong to AD?

Also why would you want to connect to a specific server to query AD? If the infrastructure is correctly setup then you should be connected to a convenient server anyway...

[bri189a]

From the examples I've seen on the web it (VBS) looks similiar to when we use a DirectorySearcher object and I think what they think is 'binding to a specific server' is just what we set the rootDSE to with a DS object, except I'm only using the DE (DirectoryEntry) object because I already know the where the objects lye that I want - to your question, haven't seen any 'code' from the LAN group yet...

 

Anyway, I don't know enough about it, and even if I did I need a white paper or something other than 'my buddies on the message board' said so, if you know what I'm saying.

 

They want to connect to a specific server so that they can measure performance and know that this 'particular' server is the server that is used by application X to query AD which is understandable from their point of view. The problem is that we're not making headway because they only know AD from the world of VBS and I only know it from the world of .NET... Thanks PD for any advise you got on the matter.

[IxiRancid]

Under Components in the Toolbox (not Toolbar, my bad) are the DirectorySearcher and Entry controls you put on the page and set some properties.

I wasn't aware of your problem, well, I didn't understand it.

 

GC is made for faster browsing thru the AD, it also doesn't contain all of the attributes (nearely thousands :) ) as in LDAP connection. I believe you can check which attributes are in GC and which not... ask mom MSDN or dad Google :D

 

OK, you need to know where AD lies, on which server, in case you need to do a performance test on the server that hosts AD. Not exactly, but in the end it's the server you are performance-testing.

 

Surely this VBS code would help, since DirectorySearcher/Entry are just wrappers for COM active directory libraries used in VBS.

[AsifCh]

Hi

Can you tell me how can I use the

 

	<identity impersonate="true" userName="DomainName\userName" password="password"/>

 

properties in the code instead of the web.config. What i means is i want that user enters the user Name and password which I want to use in the code instead hardcoding them to the web.config.

 

it is urgent please reply as soon as possible.

 

Thanks.