Solved

Unable To Write to Active Directory Via ASP.NET Web Application

Posted on 2013-11-28
1
591 Views
Last Modified: 2014-03-20
Problem: After upgrading from Windows 2003 (IIS 6)to Windows 2008 R2 (IIS 7.5) .NET ASP.NET Utility used to add remove users from Active Directory via .NET Web Application is  no longer working.

Question1: As for as security is concerned would this be best practices?
Question2: Would there be a better solution than using ASP.NET Impersonation with an AD service account?

Additional Info:  The Admin utility is used to add/remove AD users (Group Memberships) for the web application. The utility calls a DLL (located in C:\Windows\assembly called “COVNET.Corp.AD”) to interface to AD.
The AD utility is unable to write to AD (but able to read).
All servers involved are member of the same AD Domain.

Current Bypass Solution: Configure Application to use ASP.NET Impersonation with an AD user account (domain\xyz). Ultimately configure this at site level so all applications could be managed by utility.


Detailed Error received when adding/removing user to AD via utility:
An operations error occurred.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Runtime.InteropServices.COMException: An operations error occurred.


Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[COMException (0x80072020): An operations error occurred.
]
   System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) +378094
   System.DirectoryServices.DirectoryEntry.Bind() +36
   System.DirectoryServices.DirectoryEntry.get_AdsObject() +31
   System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne) +78
   System.DirectoryServices.DirectorySearcher.FindAll() +9
   COVNET.Corp.AD.AdAdapter.PopulateSearchResults(String filter) +215

[ADException: An operations error occurred.
]
   COV.Corp.HazardousMaterialTracking.Web.Admin.gdvUser_RowCommand(Object sender, GridViewCommandEventArgs e) in C:\JaredWorkspace\HazardousMaterialTracking\HMT\Main\Source\HMT\COV.Corp.HazardousMaterialTracking.Web\Admin.aspx.cs:181
   System.Web.UI.WebControls.GridView.OnRowCommand(GridViewCommandEventArgs e) +108
   System.Web.UI.WebControls.GridView.HandleEvent(EventArgs e, Boolean causesValidation, String validationGroup) +112
   System.Web.UI.WebControls.GridView.OnBubbleEvent(Object source, EventArgs e) +95
   System.Web.UI.Control.RaiseBubbleEvent(Object source, EventArgs args) +37
   System.Web.UI.WebControls.GridViewRow.OnBubbleEvent(Object source, EventArgs e) +123
   System.Web.UI.Control.RaiseBubbleEvent(Object source, EventArgs args) +37
   System.Web.UI.WebControls.LinkButton.OnCommand(CommandEventArgs e) +118
   System.Web.UI.WebControls.LinkButton.RaisePostBackEvent(String eventArgument) +135
   System.Web.UI.WebControls.LinkButton.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument) +10
   System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +13
   System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) +175
   System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +1565
0
Comment
Question by:COV-Webmaster
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 10

Accepted Solution

by:
Pramod Ubhe earned 500 total points
ID: 39684803
Question1: depends on your company policy but not a recommend method.
Question2: Yes, using a service account is a common/recommended/helpful method.
0

Featured Post

Secure Your Active Directory - April 20, 2017

Active Directory plays a critical role in your company’s IT infrastructure and keeping it secure in today’s hacker-infested world is a must.
Microsoft published 300+ pages of guidance, but who has the time, money, and resources to implement? Register now to find an easier way.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
It was really hard time for me to get the understanding of Delegates in C#. I went through many websites and articles but I found them very clumsy. After going through those sites, I noted down the points in a easy way so here I am sharing that unde…
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question