luckyinc
asked on
WINNT Connection to Active Directory Failed
I have an old application that is using a connection to Active Directory as follows:
Set AdminGroup = GetObject("WinNT://" & strDomain & "/" & strAdminGroup & ",group")
Set AdminUser = GetObject("WinNT://" & strDomain & "/" & strLogon & ",user")
IsMemberOfAdminGroup = AdminGroup.IsMember(AdminU
The company recently upgrading to Windows 2003 and upgraded the Exchange Server. Now this connection causes errors. I am trying to determine the problem. Any suggestions?
Set AdminGroup = GetObject("WinNT://" & strDomain & "/" & strAdminGroup & ",group")
Set AdminUser = GetObject("WinNT://" & strDomain & "/" & strLogon & ",user")
IsMemberOfAdminGroup = AdminGroup.IsMember(AdminU
The company recently upgrading to Windows 2003 and upgraded the Exchange Server. Now this connection causes errors. I am trying to determine the problem. Any suggestions?
ASKER
Microsoft VBScript runtime error '800a0046'
Permission denied: 'GetObject'
Then I changed to an LDAP:// Connectionstring and got the below error:
80072020
Permission denied: 'GetObject'
Then I changed to an LDAP:// Connectionstring and got the below error:
80072020
ASKER
It seems like it is having problems connecting to the Exchange server. I am guessing that maybe I am having a double hop issue or that there is not permission between servers to allow access to Active Directory.
Is the command running under the IUSR account or under a user account?
ASKER
The way it authenticates the user is:
Set AdminGroup = GetObject("WinNT://" & strDomain & "/" & strAdminGroup & ",group")
Set AdminUser = GetObject("WinNT://" & strDomain & "/" & strLogon & ",user")
IsMemberOfAdminGroup = AdminGroup.IsMember(AdminU
If the Client User opens their browser, the code passes the creditials based on the username. So I am not sure if this is using the IUSR account. I also tried checking the machine in Active Directory to Trust Delegation.
Set AdminGroup = GetObject("WinNT://" & strDomain & "/" & strAdminGroup & ",group")
Set AdminUser = GetObject("WinNT://" & strDomain & "/" & strLogon & ",user")
IsMemberOfAdminGroup = AdminGroup.IsMember(AdminU
If the Client User opens their browser, the code passes the creditials based on the username. So I am not sure if this is using the IUSR account. I also tried checking the machine in Active Directory to Trust Delegation.
The code you posted authenticates the user to the application but it does nothing as far as authenticating the user to the web server. So, yes, it's using the IUSR account unless the web site is set to use integrated authentication. Assuming for the moment that it is using the IUSR account, then that's probably the problem.
ASKER
Integrated Authentication is Checked in IIS
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
So where should I go from here to diagnose the problem? I was wondering if the web server was properly caching the AD schema after the upgrage. Any other suggestions? I thought about using a COM object, but at this current time, there is no developer avaliable to create one.
What's the error?
Cheers!