Active Directory question (ASP.NET)

[bri189a]

(this is all ASP.NET related)

Ive never messed with AD using VBS before, but apparently the LAN team has and everything they do they can bind to a specific server. Now in my limited experiance using the DirectoryEntry and DirectorySearcher object there is a flag called ServerBind that you can use when connecting but MSDNs documentation on that is vague. And by that I mean what do they mean if you have a server specified in the LDAP path and if you do have it in your LDAP path does that mean you are already binding to a specific server?

Example:

LDAP://CN=Happy Gilmore,OU=Comedy,DC=movies,DC=entertainment,DC=com

Arent you specifying the movies.entertainment.com domain already? Or do they mean putting the server at the beginning of LDAP path which seems is what you have to do whenever youre passing in the username and password as part of the DirectoryEntry connection:

LDAP://movies/CN=Happy Gilmore,OU=Comedy,DC=movies,DC=entertainment,DC=com

I dont know why I have to specify the domain name at the beginning like that when using user name and password, but I do...otherwise I get a Server not found error. The first LDAP will only work if I have the impersonate attribute set to true in the web.config file, interestingly enough the second will work with impersonation also but it seems a lot slower.

So anyway, to my point/question...we cant move forward until we can tell the LAN guys what server our AD queries are going to...since my rootDSE is the entire path as above, or Im not using DirectorySearcher and going directly to the entry because I know where its at, I dont know what to tell them and cant find any documentation to support my theory that with the LDAP paths above I am specifying a server (movies).

Any help would be GREATLY appreciated. Thanks!

 

[IxiRancid]

Well, to be honest, Im not really sure what are you asking about, but I believe you use DirectoryEntry/Searcher object, and there is some fuss about user authentication and stuff


Do not use the object from toolbar for DirectoryEntry, do it manually! Im not sure what properties and side dependencies this object makes, just literally dim the Entry and log onto your LDAP like this:

Dim rootEntry As New DirectoryEntry("GC://CN=Happy Gilmore,OU=Comedy,DC=movies,DC=entertainment,DC=com")

        Dim searcher As New DirectorySearcher(rootEntry)
        searcher.PropertiesToLoad.Add("sn")
        searcher.PropertiesToLoad.Add("givenName")
        searcher.PropertiesToLoad.Add("telephoneNumber")
        searcher.PropertiesToLoad.Add("displayName")
        searcher.Sort.Direction = SortDirection.Ascending
        searcher.Sort.PropertyName = "sn"

        searcher.Filter = "(&(&(&(objectCategory=person)(objectClass=user))(department=*" + ddlOddelek.SelectedValue + "))(telephoneNumber=*))"

        Dim results As SearchResultCollection
        results = searcher.FindAll()

This is the code, notice the GC instead of LDAP, GC works in a "precahced" way and is a bit quicker.

Now the tricky part, which took me a couple of days... Impersonate True stuff:
put this into your web.config
<identity impersonate="true" userName="DOMAN\adminUSER" password="PASSWORD"/>
just before this line:
<authentication mode="Windows" />

This should get you into your AD server and use its functionality.
I really hope this was helpful, if you need any additional info on how to perform searches and things just ask

 

[bri189a]

Appreciate your comments...not having a problem talking with AD, Im already doing that, already using impersonation. What I was asking is that I need to specify the Active Directory Server that I query against. LAN says I can do that... they say they can do it in there VBS files... I think its a terminology difference, thats what Im trying to figure out.

What do you mean GC works in a pre-cached way?

And what do you mean by:
Do not use the object from toolbar for DirectoryEntry, do it manually!

What toolbar object? I do everything in code...I wasnt even aware there was a tool in the toolbar for connecting to active directory and cant seem to find one either.

 

[PlausiblyDamp]

What does the code from the VBS scripts look like for connectiong to AD?
Also why would you want to connect to a specific server to query AD? If the infrastructure is correctly setup then you should be connected to a convenient server anyway...

 

[bri189a]

From the examples Ive seen on the web it (VBS) looks similiar to when we use a DirectorySearcher object and I think what they think is binding to a specific server is just what we set the rootDSE to with a DS object, except Im only using the DE (DirectoryEntry) object because I already know the where the objects lye that I want - to your question, havent seen any code from the LAN group yet...

Anyway, I dont know enough about it, and even if I did I need a white paper or something other than my buddies on the message board said so, if you know what Im saying.

They want to connect to a specific server so that they can measure performance and know that this particular server is the server that is used by application X to query AD which is understandable from their point of view. The problem is that were not making headway because they only know AD from the world of VBS and I only know it from the world of .NET... Thanks PD for any advise you got on the matter.

 

[IxiRancid]

Under Components in the Toolbox (not Toolbar, my bad) are the DirectorySearcher and Entry controls you put on the page and set some properties.
I wasnt aware of your problem, well, I didnt understand it.

GC is made for faster browsing thru the AD, it also doesnt contain all of the attributes (nearely thousands ) as in LDAP connection. I believe you can check which attributes are in GC and which not... ask mom MSDN or dad Google

OK, you need to know where AD lies, on which server, in case you need to do a performance test on the server that hosts AD. Not exactly, but in the end its the server you are performance-testing.

Surely this VBS code would help, since DirectorySearcher/Entry are just wrappers for COM active directory libraries used in VBS.

 

[AsifCh]

Hi
Can you tell me how can I use the

	<identity impersonate="true" userName="DomainName\userName" password="password"/>

properties in the code instead of the web.config. What i means is i want that user enters the user Name and password which I want to use in the code instead hardcoding them to the web.config.

it is urgent please reply as soon as possible.

Thanks.