We help IT Professionals succeed at work.

0x80072020 error when trying to access the Active Directory using LDAP within ASP

I-eye
I-eye asked
on
10,537 Views
Last Modified: 2007-12-19
Hi Experts,

I'm creating a script that queries the AD to find all our employees and f.e. their phonenumbers. The script works fine locally on my Win2000 machine. When another user tries the open the page he/she gets the 0x80072020 error on the line 7 (marked in the code). In the IIS properties IWA has been selected as authentication method.

[code]
Set conn = CreateObject("ADODB.Connection")
Set rs = CreateObject("ADODB.Recordset")

Set oRoot = GetObject("LDAP://rootDSE")
sDomain = oRoot.Get("defaultNamingContext")
Set oDomain = GetObject("LDAP://" & sDomain) <------ the line that results in an error

sBase = "<" & oDomain.ADsPath & ">"
sFilter = "(&(objectCategory=person)(objectClass=user)(description=*)(!description=Mailbox)(sn=*)(!Description=Built*))"
sAttribs = "adsPath"
sDepth = "subTree"

sQuery = sBase & ";" & sFilter & ";" & sAttribs & ";" & sDepth

conn.Provider = "ADsDSOObject"
                   
conn.Open "Data Source=Active Directory Provider"
 
rs.Open conn.Execute(sQuery)

If Not rs.EOF Then
   'do stuff
End If

rs.Close

Set rs = Nothing
Set conn = Nothing
Set oRoot = Nothing
Set oDomain = Nothing
[/code]
Using google I found out that this most likely has something to do with access-rights within the Active Directory, but I can't seem to find the correct answer how to solve this. Could someone explain to me what rights (policy?) need to be added to all the users so that they can query our AD using the ASP page?

I've posted this question in the OS/W2k3 selection, because I suspect the solution lies here and not within the ASP-page I've created.
Comment
Watch Question

This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
John Gates, CISSPLead IT Security Analyst, Global Threat Management
CERTIFIED EXPERT

Commented:
Are you dimming that variable?


Dim sDomain ??


If not you should!!

Author

Commented:
yes, the variable is being declared. This is just the codesnipped that does the actual work.
Lead IT Security Analyst, Global Threat Management
CERTIFIED EXPERT
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
For now it's my desktop. Win2000 with IIS enabled. I've disabled the anonymous access on the site that hosts the script that accesses the AD. So, correct me if i'm wrong, the authentication towards the AD is done with the useraccount that logs on to the site and not with the IUSR_machinename account.

The thing I don't understand is when a user that is member of the administrator-group tries to access the site gets this error-message also.

Author

Commented:
The AD-administrator has set the property "Trusted for delegation" in his account settings tab. But that doesn't solve the problem. He still gets the errormessage when trying to open the site.

Author

Commented:
also my computer has been set to "Trusted for delegation"... doesn't work
John Gates, CISSPLead IT Security Analyst, Global Threat Management
CERTIFIED EXPERT

Commented:
check your dcs for errors and post back.
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.