Results 1 to 4 of 4

Thread: Problems accessing AD Groups

  1. #1

    Thread Starter
    MS SQL Powerposter szlamany's Avatar
    Join Date
    Mar 2004
    Location
    Connecticut
    Posts
    18,263

    Problems accessing AD Groups

    I'm trying this code - what is in the IF 1=1 THEN block - trying to enhance this backend ASP.Net / IIS code to handle AD Group Membership and not just Username/Password validation. I am getting no where - returning an error of: 0x80005000 - which is some unexpected AD error. Well - I could of told them that - I'm clueless here. I want to see if the USERNAME that was just validated for credentials, also has a group of "Census App" - or maybe "domain\Census App".

    I tried IsMemberOf() method and got same error code.

    I am running this code on a production client server - so all debugging is taking place via LogOutput calls to write to a .Log file.

    Code:
    If Not UserValid Then
        Dim domainContext As PrincipalContext
        If pcUN = "" Then
            domainContext = New PrincipalContext(ContextType.Domain, pcDomain, pcContainer)
        Else
            domainContext = New PrincipalContext(ContextType.Domain, pcDomain, pcContainer, pcUN, pcPW)
        End If
        If domainContext.ValidateCredentials(credUN, credPW) Then
            If blnDebugLogin Then LogOutput("10b:@UserValid")
            If 1 = 1 Then
                Dim userContext As UserPrincipal = UserPrincipal.FindByIdentity(domainContext, credUN)
                LogOutput("10b2x")
                Dim groups As PrincipalSearchResult(Of Principal) = userContext.GetGroups()
                For Each p As Principal In groups
                    If TypeOf p Is GroupPrincipal Then
                        LogOutput("10b2:" & CType(p, GroupPrincipal).ToString())
                    End If
                Next
                UserValid = True
            Else
                UserValid = True
            End If
        Else
            If blnDebugLogin Then LogOutput("10c:@ValidateCredentials false")
            LogOutput("Log in failure (ValidateCredentials false): " & loginUsername & " " & credUN)
        End If
    End If
    End If

    *** Read the sticky in the DB forum about how to get your question answered quickly!! ***

    Please remember to rate posts! Rate any post you find helpful - even in old threads! Use the link to the left - "Rate this Post".

    Some Informative Links:
    [ SQL Rules to Live By ] [ Reserved SQL keywords ] [ When to use INDEX HINTS! ] [ Passing Multi-item Parameters to STORED PROCEDURES ]
    [ Solution to non-domain Windows Authentication ] [ Crazy things we do to shrink log files ] [ SQL 2005 Features ] [ Loading Pictures from DB ]

    MS MVP 2006, 2007, 2008

  2. #2
    PowerPoster
    Join Date
    Nov 2017
    Posts
    3,632

    Re: Problems accessing AD Groups

    What does your pcContainer variable contents look like? If you are specifying a full LDAP path using the LDAP:// prefix, make sure LDAP is in all caps.

  3. #3

    Thread Starter
    MS SQL Powerposter szlamany's Avatar
    Join Date
    Mar 2004
    Location
    Connecticut
    Posts
    18,263

    Re: Problems accessing AD Groups

    I left the container blank - the un/pw check was working - I thought I was good enough.

    Other client sites I do put a container value in WEB.CONFIG as well.

    Are GROUPS in a container? Like I even know what I'm asking - this is not my realm.

    *** Read the sticky in the DB forum about how to get your question answered quickly!! ***

    Please remember to rate posts! Rate any post you find helpful - even in old threads! Use the link to the left - "Rate this Post".

    Some Informative Links:
    [ SQL Rules to Live By ] [ Reserved SQL keywords ] [ When to use INDEX HINTS! ] [ Passing Multi-item Parameters to STORED PROCEDURES ]
    [ Solution to non-domain Windows Authentication ] [ Crazy things we do to shrink log files ] [ SQL 2005 Features ] [ Loading Pictures from DB ]

    MS MVP 2006, 2007, 2008

  4. #4

    Thread Starter
    MS SQL Powerposter szlamany's Avatar
    Join Date
    Mar 2004
    Location
    Connecticut
    Posts
    18,263

    Re: Problems accessing AD Groups

    I put the container in - a few . levels and some / levels.

    domain.xxxx.local/Locations/Central Office/Staff Groups

    So the pcDomain is "domain"
    The pcContainer is "xxxx.local...and so on..."

    I can add or remove as many these container values and the .ValidateCredentials always works.

    The looping through groups - is not working at all...

    It is the .FindByIdentity() that is not working, I believe.

    I am going to have to test this on a domain laptop and get away from running this in IIS remotely - no way to debug!

    *** Read the sticky in the DB forum about how to get your question answered quickly!! ***

    Please remember to rate posts! Rate any post you find helpful - even in old threads! Use the link to the left - "Rate this Post".

    Some Informative Links:
    [ SQL Rules to Live By ] [ Reserved SQL keywords ] [ When to use INDEX HINTS! ] [ Passing Multi-item Parameters to STORED PROCEDURES ]
    [ Solution to non-domain Windows Authentication ] [ Crazy things we do to shrink log files ] [ SQL 2005 Features ] [ Loading Pictures from DB ]

    MS MVP 2006, 2007, 2008

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width