I-eye
asked on
0x80072020 error when trying to access the Active Directory using LDAP within ASP
Hi Experts,
I'm creating a script that queries the AD to find all our employees and f.e. their phonenumbers. The script works fine locally on my Win2000 machine. When another user tries the open the page he/she gets the 0x80072020 error on the line 7 (marked in the code). In the IIS properties IWA has been selected as authentication method.
[code]
Set conn = CreateObject("ADODB.Connec tion")
Set rs = CreateObject("ADODB.Record set")
Set oRoot = GetObject("LDAP://rootDSE" )
sDomain = oRoot.Get("defaultNamingCo ntext")
Set oDomain = GetObject("LDAP://" & sDomain) <------ the line that results in an error
sBase = "<" & oDomain.ADsPath & ">"
sFilter = "(&(objectCategory=person) (objectCla ss=user)(d escription =*)(!descr iption=Mai lbox)(sn=* )(!Descrip tion=Built *))"
sAttribs = "adsPath"
sDepth = "subTree"
sQuery = sBase & ";" & sFilter & ";" & sAttribs & ";" & sDepth
conn.Provider = "ADsDSOObject"
conn.Open "Data Source=Active Directory Provider"
rs.Open conn.Execute(sQuery)
If Not rs.EOF Then
'do stuff
End If
rs.Close
Set rs = Nothing
Set conn = Nothing
Set oRoot = Nothing
Set oDomain = Nothing
[/code]
Using google I found out that this most likely has something to do with access-rights within the Active Directory, but I can't seem to find the correct answer how to solve this. Could someone explain to me what rights (policy?) need to be added to all the users so that they can query our AD using the ASP page?
I've posted this question in the OS/W2k3 selection, because I suspect the solution lies here and not within the ASP-page I've created.
I'm creating a script that queries the AD to find all our employees and f.e. their phonenumbers. The script works fine locally on my Win2000 machine. When another user tries the open the page he/she gets the 0x80072020 error on the line 7 (marked in the code). In the IIS properties IWA has been selected as authentication method.
[code]
Set conn = CreateObject("ADODB.Connec
Set rs = CreateObject("ADODB.Record
Set oRoot = GetObject("LDAP://rootDSE"
sDomain = oRoot.Get("defaultNamingCo
Set oDomain = GetObject("LDAP://" & sDomain) <------ the line that results in an error
sBase = "<" & oDomain.ADsPath & ">"
sFilter = "(&(objectCategory=person)
sAttribs = "adsPath"
sDepth = "subTree"
sQuery = sBase & ";" & sFilter & ";" & sAttribs & ";" & sDepth
conn.Provider = "ADsDSOObject"
conn.Open "Data Source=Active Directory Provider"
rs.Open conn.Execute(sQuery)
If Not rs.EOF Then
'do stuff
End If
rs.Close
Set rs = Nothing
Set conn = Nothing
Set oRoot = Nothing
Set oDomain = Nothing
[/code]
Using google I found out that this most likely has something to do with access-rights within the Active Directory, but I can't seem to find the correct answer how to solve this. Could someone explain to me what rights (policy?) need to be added to all the users so that they can query our AD using the ASP page?
I've posted this question in the OS/W2k3 selection, because I suspect the solution lies here and not within the ASP-page I've created.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
yes, the variable is being declared. This is just the codesnipped that does the actual work.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
For now it's my desktop. Win2000 with IIS enabled. I've disabled the anonymous access on the site that hosts the script that accesses the AD. So, correct me if i'm wrong, the authentication towards the AD is done with the useraccount that logs on to the site and not with the IUSR_machinename account.
The thing I don't understand is when a user that is member of the administrator-group tries to access the site gets this error-message also.
The thing I don't understand is when a user that is member of the administrator-group tries to access the site gets this error-message also.
ASKER
The AD-administrator has set the property "Trusted for delegation" in his account settings tab. But that doesn't solve the problem. He still gets the errormessage when trying to open the site.
ASKER
also my computer has been set to "Trusted for delegation"... doesn't work
check your dcs for errors and post back.
Dim sDomain ??
If not you should!!