tags:

views:

471

answers:

1
+1  Q: 

Using ASP.NET ActiveDirectoryMembershipProvider with a Forest...

I'm trying to setup an ActiveDirectoryMembershipProvider to go against a Forest and I can't seem to get it working. One of our AD Admins suggested I refer to the global catalog but it seems that is not supported. Anyone know if you can and if so how do you configure the AD Membership Provider to go against a Forest?

Here are some of the permutations I've tried and the resultant errors.

<add name="ADConnectionString1"
    connectionString="LDAP://domain.org/DC=domain,DC=org:3268" />

"A referral was returned from the server"

<add name="ADConnectionString2"
    connectionString="LDAP://domain.org/DC=domain,DC=org:" />

A null reference exception.

<add name="ADConnectionString3"
    connectionString="LDAP://domain.org" />

A null reference exception

<add name="ADConnectionString4"
    connectionString="LDAP://domain.org:3268" />

"LDAP connections on the GC port are not supported against Active Directory."

<add name="ADConnectionString5"
    connectionString="LDAP://domain.org:3268/DC=domain,DC=org:3268" />

"LDAP connections on the GC port are not supported against Active Directory."

<add name="ADConnectionString6"
    connectionString="LDAP://domain.org:3268/DC=domain,DC=org" />

"LDAP connections on the GC port are not supported against Active Directory."

+1  A: 

I don't have access to test an ActiveDirectoryMembershipProvider at the moment but global catalog searches are usually performed using the GC:// moniker. E.g.

    using (DirectoryEntry searchRoot = new DirectoryEntry("GC://DC=yourdomain,DC=com"))
    using (DirectorySearcher ds = new DirectorySearcher(searchRoot))
    {
        ds.Filter = "(sAMAccountName=userID1)";
        ds.SearchScope = SearchScope.Subtree;
        using (SearchResultCollection src = ds.FindAll())
        {
            foreach (SearchResult sr in src)
            {
                uxFred.Content = sr.Path;
            }
        }
    }

My suggestion when working in ASP.NET is always to get your search filters, etc. working using LDP or just a plain console/winform/wpf app.

serialhobbyist  2009-08-13 05:46:24
Couldn't get the membership provider to go against a GC but this worked for my purposes.
CptSkippy  2009-08-25 20:18:45

related questions

Querying Active Directory with "SQL"?
Can I get more than 1000 records from a DirectorySearcher in Asp.Net?
How to get AD User Groups for user in Asp.Net?
Attempting to update a user's "connect to:" home directory path in AD using C#
Monitoring group membership in Active Directory more efficiently (C# .NET)
How do I speed up data retrieval from .NET AD within ColdFusion
How do you authenticate against an Active Directory server using Spring Security?
Managing large user databases for single-signon.
Move Active Directory Group to Another OU using Powershell
How to move SharePoint sites from one active directory domain to another?
When did I last talk to my Domain Server?
Using ActiveDirectoryMembershipProvider with two domain controllers
I am having trouble getting phpBB to authenticate with our Active Directory
How do I use ADAM to run unit tests?
COMException "Library not registered." while using System.DirectoryServices
Caching Active Directory Data
Windows / Active Directory - User / Groups
Get a list of available domains (NT4 and Active Directory)
How do I use NTLM authentication with Active Directory
I/O permission settings using .net installer
quoting System.DirectoryServices.ResultPropertyCollection
How do you impersonate an Active Directory user in Powershell?
Setting Group Type for new Active Directory Entry in VB.NET
Is there a way for MS Access to grab the current Active Directory user?
Checklist for IIS 6/ASP.NET Windows Authentication?