2 line Active Directory call fails for offshore contractors using VPN to connect to our company network.

Question

we have offshore contractors that are tryingt o run an app that performs the following Active Directory call, shown below in VB.NET

  Dim objRootDSE As New DirectoryEntry("LDAP://RootDSE")
  Return "GC://" & Replace(Replace(objRootDSE.Properties("rootDomainNamingContext").Value().ToString, ",", "."), "DC=", "") 'DC=uis,DC=unisys,DC=com  

The code returns an error on the function return line, indicating that it could not contact the server, which, when it works for me locally, is "DC=uis,DC=unisys,DC=com "

The contractors connect to our company's internal network via VPN and in general have access to the full network, so I don't know why they shouldn't be able to contact this server.

Other offshore users in other locations have no problem with the same code.

I know almost nothing about AD. Can someone give me a clue?

Answer 1

The code works for you because you're running it on a computer joined to your domain (uis.unisys.com) and you're logged in as a user in that domain. When you access the DirectoryEntry on line two you do that in the context of the user executing the program. Because the consultants don't use/have accounts in your domain they won't have access.

Simplified explanation: You'll find it difficult to get the code above to work on any computer that isn't domain-joined to your network (because finding the RootDSE relies on that). The purpose of your code is to get the domain name and do a Global Catalog (GC) search. You'll most likely find that there's other code further down in your program which won't work on systems not connected to your domain.

I would suggest this instead:

Dim objRootDSE As New DirectoryEntry("GC://uis.unisys.com", "username", "password")

Where the username and password matches an service account in your domain. That way the consultants can connect to your domain under the context of that user and perform the work required.