ActiveDirectory query doesn’t work from server

0

I’m trying to get user details based on group membership from ActiveDirectory. This works on my local machine, but not when I run it on the server.

What I don’t understand is that it will return the number of members of the group correctly (although it has to be in a specific way, see comments in code), but not any details of the members of the group. I end up with a [DirectoryServicesCOMException (0x80072020): An operations error occurred.] whatever I do.

//DirectoryEntry DEntry = new DirectoryEntry("LDAP://DOMAIN"); //works only locally
DirectoryEntry DEntry = new DirectoryEntry("LDAP://DOMAIN", "Account", "Password"); //works locally and on the server

DirectorySearcher DSearcher = new DirectorySearcher();
DSearcher.SearchRoot = DEntry;
DSearcher.Filter = "(&(objectClass=group)(cn=GroupName))";
SearchResult SResult = DSearcher.FindOne();
DirectoryEntry DEGroup = new DirectoryEntry(SResult.Path);
System.DirectoryServices.PropertyCollection PCollection = DEGroup.Properties;

//Label1.Text = PCollection["member"].Count.ToString(); //works only locally
Label1.Text = SResult.GetDirectoryEntry().Properties["member"].Count.ToString(); //works locally and on the server

//DirectoryEntry DEUser = new DirectoryEntry("LDAP://DOMAIN/" + PCollection["member"][0].ToString()); //works only locally
DirectoryEntry DEUser = new DirectoryEntry("LDAP://DOMAIN/" + SResult.GetDirectoryEntry().Properties["member"][0].ToString()); //works locally and on the server

//Label2.Text = DEUser.Properties["sAMAccountName"][0].ToString(); //works only locally

DEUser.Close();
DEntry.Close();
DEGroup.Close();

The App Pool Identity is Network Service, and web.config contains

<authentication mode="Windows">
<identity impersonate="true" />
c#
active-directory
asked on Stack Overflow Aug 14, 2012 by enneacross • edited Aug 14, 2012 by burning_LEGION

1 Answer

1

I suspect its working on your machine because you're running in a Debugger as yourself. Depending on your ActiveDirectory setup, you can't query the directory as an anonymous user (which is what Network Service presents itself as).

Easiest test is to the Application Pool Identity to a user in your domain (yours as a test), and you'll confirm root cause if it works.

answered on Stack Overflow Aug 14, 2012 by M Afifi

User contributions licensed under CC BY-SA 3.0