[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Problem specifying right Active Directory path

Posted on 2005-04-21
8
Medium Priority
?
221 Views
Last Modified: 2010-04-16
Hi guys,

I am getting the following error when I try to run my application "domain name either does not exist or could not be contacted". Any help from any one who have come across this error? Please reply soon and save my life.....

Thanks,
0
Comment
Question by:maheejas
  • 3
  • 3
6 Comments
 
LVL 20

Expert Comment

by:ihenry
ID: 13844066
I guess this is about the same problem in the other question. So here it is my suggestion:

An LDAP ADsPath would have the following format:

LDAP://HostName[:PortNumber][/DistinguishedName]

The "HostName" can be a computer name, an IP address or also can be a NETBIOS name or short DNS name. If your LDAP ADsPath looks like this:

LDAP://machine01/CN=xxx,CN=xxx,DC=xxx,DC=xxx

First thing to do is to ping to the machine name from a client workstation machine, or anywhere on which your code is running. Then by default LDAP uses port number 389 even if you don't explicitly set in the path. So second thing to do is to telnet from the remote machine to your active directory server.

telnet machine01 389

Let me know what's the result.
0
 

Author Comment

by:maheejas
ID: 13860497
Hi Henry,

I did that. And nothing happened. I first typed in the command prompt "ping (and the machine name where AD is setup)".
It brought me up the IPaddress etc. And second, I typed "telnet (machine name where AD is setup) 389. It opened me up a new command window with just one line prompt c:/documents and settings. That's all. Why did ask me to do that. Is it a way to find the path to active directory?

Thanks, Please reply,
0
 
LVL 20

Expert Comment

by:ihenry
ID: 13860704
What I know is that you just finished setup your win2k3 box, and a fresh installation of win2k3 doesn't open almost known port number. That might be the reason your binding to AD to fail. But if pinging causes the win2k3 echoes back with its ip addresses and telneting brought you to a blank command prompt window, that means you're good to go.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 

Author Comment

by:maheejas
ID: 13861413
Actually, right now the application is on development machine. Let's say, it is my local machine. And I am contacting a server which has Windows 2000 Server(not 2003) to access AD. It is setup on that. There are no firewalls inbetween. And my machine is part of network.

So, when I run the application from my machine, the first thing it does is contacting the server that has AD. So, based upon the error, I think it is not able to locate the server. In that case, I got doubt whether I am giving right path to AD. I am not sure how far I am right.

Or, as I am trying to access AD to check the credentials of the user, are there any other specific settings(security) need to be taken care of on my machine and also on my IIS?
Thanks for all your help, I am not a network person, and so, I don't understand lot of these things. Please don't mind if any of my concerns or questions look novice to you. Please reply,
0
 
LVL 20

Accepted Solution

by:
ihenry earned 2000 total points
ID: 13910952
It is weird...I didn't get email notification from you last reply. Anyway, about your problem, I don't know how it is going right now. But assuming your AD site/subnet is defined correctly, this is how System.DirectoryServices APIs handles user credentials and use it as security context.

If you login to the domain via a client machine, IIS anonymous access is enabled, and impersonation set to false. Your web application will be running under aspnet user account. With the same settings but impersonation is set to true, IUSR_MACHINE user account will be used in the security context. In return, binding process without explicitly specifying user name and password will fail as none of aspnet or IUSR_MACHINE user account has privilege to access to AD.

But you should be able to run the following code:
   Dim de As New DirectoryEntry()
   de.Path = "LDAP://<server_name>/rootDSE"
   de.Username = "myDomain\user1".
   de.Password = "xxxxxxx"
   Dim dnsHost as String = de.Properties("defaultNamingContext").Value

Server name in the above ldap path is optional, that means you can perform serverless binding and specify the ldap path to just:
   de.Path = "LDAP://rootDSE"
but that only works if you're in the domain.

And if you're outside domain, the <server_name> is then required in the ldap path. You can set it to AD machine name, ip address or AD domain dns name. And user name and password is also required to be specified like shown in the code above.

Hope that could help you
0
 

Author Comment

by:maheejas
ID: 13931425
Hi ihenry,

Actually, I could figure out the problem. In the context of creating a "least privileged user account", everywhere it is said simply to create but no where it is specified in detail like how. I tried to create an administrator account in IIS which is present in AD also, and now the machine is talking to AD as administrator. So, it is able to work and also pulling all the groups that user belongs to.

But, still, I appreciate your active effort and thank you a lot for helping me. Your answers still helped me in leading to the point that I could get the solution.
***Points are yours.*** Thanks and see you again for any other challenge that I come across.

Good luck,
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction Hi all and welcome to my first article on Experts Exchange. A while ago, someone asked me if i could do some tutorials on object oriented programming. I decided to do them on C#. Now you may ask me, why's that? Well, one of the re…
This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…
Suggested Courses

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question