?
Solved

WINNT Connection to Active Directory Failed

Posted on 2005-04-18
9
Medium Priority
?
432 Views
Last Modified: 2008-02-01
I have an old application that is using a connection to Active Directory as follows:

      Set AdminGroup = GetObject("WinNT://" & strDomain & "/" & strAdminGroup & ",group")
    Set AdminUser = GetObject("WinNT://" & strDomain & "/" & strLogon & ",user")
       IsMemberOfAdminGroup = AdminGroup.IsMember(AdminUser.ADsPath)

The company recently upgrading to Windows 2003 and upgraded the Exchange Server.  Now this connection causes errors.  I am trying to determine the problem.  Any suggestions?

0
Comment
Question by:luckyinc
  • 5
  • 4
9 Comments
 
LVL 76

Expert Comment

by:David Lee
ID: 13813636
Hi luckyinc,

What's the error?

Cheers!
0
 

Author Comment

by:luckyinc
ID: 13815064
Microsoft VBScript runtime error '800a0046'
Permission denied: 'GetObject'

Then I changed to an LDAP:// Connectionstring and got the below error:
80072020
0
 

Author Comment

by:luckyinc
ID: 13815085
It seems like it is having problems connecting to the Exchange server.  I am guessing that maybe I am having a double hop issue or that there is not permission between servers to allow access to Active Directory.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 76

Expert Comment

by:David Lee
ID: 13829604
Is the command running under the IUSR account or under a user account?
0
 

Author Comment

by:luckyinc
ID: 13833171
The way it authenticates the user is:

Set AdminGroup = GetObject("WinNT://" & strDomain & "/" & strAdminGroup & ",group")
Set AdminUser = GetObject("WinNT://" & strDomain & "/" & strLogon & ",user")
IsMemberOfAdminGroup = AdminGroup.IsMember(AdminUser.ADsPath)

If the Client User opens their browser, the code passes the creditials based on the username.  So I am not sure if this is using the IUSR account.  I also tried checking the machine in Active Directory to Trust Delegation.
0
 
LVL 76

Expert Comment

by:David Lee
ID: 13838877
The code you posted authenticates the user to the application but it does nothing as far as authenticating the user to the web server.  So, yes, it's using the IUSR account unless the web site is set to use integrated authentication.  Assuming for the moment that it is using the IUSR account, then that's probably the problem.  
0
 

Author Comment

by:luckyinc
ID: 13842485
Integrated Authentication is Checked in IIS
0
 
LVL 76

Accepted Solution

by:
David Lee earned 2000 total points
ID: 13845610
With Integrated Authentication the account being used is that of the person logged in at the PC, not the account of the user who authenticated with your code.
0
 

Author Comment

by:luckyinc
ID: 13845647
So where should I go from here to diagnose the problem?  I was wondering if the web server was properly caching the AD schema after the upgrage.  Any other suggestions?  I thought about using a COM object, but at this current time, there is no developer avaliable to create one.
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Have you ever needed to get an ASP script to wait for a while? I have, just to let something else happen. Or in my case, to allow other stuff to happen while I was murdering my MySQL database with an update. The Original Issue This was written…
This demonstration started out as a follow up to some recently posted questions on the subject of logging in: http://www.experts-exchange.com/Programming/Languages/Scripting/JavaScript/Q_28634665.html and http://www.experts-exchange.com/Programming/…
This Micro Tutorial will teach you how to add a cinematic look to any film or video out there. There are very few simple steps that you will follow to do so. This will be demonstrated using Adobe Premiere Pro CS6.
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…
Suggested Courses
Course of the Month13 days, 18 hours left to enroll

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question