views:

52

answers:

3

Hi all

I have a Classic ASP page that made an LDAP call to our Domain Controllers to find out the group membership of the logged on user. Since our Network Admin demoted the two old Windows Server 2003 Domain Controllers and promoted two Windows Server 2008 R2 servers the page now fails at Set CurrentUser = GetObject("LDAP://" & ADSysInfo.UserName) (see code) with the error 800704bc.

Dim Strgroups

Const STAFF_GROUP = "cn=staff"
Const STUDENT_GROUP = "cn=student"

Set ADSysInfo = CreateObject("ADSystemInfo")
Set CurrentUser = GetObject("LDAP://" & ADSysInfo.UserName)

If IsArray(CurrentUser.MemberOf) Then
        strGroups = LCase(Join(CurrentUser.MemberOf))
Else
        strGroups = LCase(CurrentUser.MemberOf)
End If

Any help is appreciated. Thanks in advance.

A: 

I'm guessing it's not the code that's the problem, but rather a something to do with the new servers (obviously).

I don't know what error 800704bc is, but check and see that ADSysInfo is actually getting instantiated. If not, then maybe there's a module missing on the server or something.

mgroves
A: 

Do the new servers block unencrypted binds? If so, then this would make sense as you bind as LDAP not LDAPS nor StartTLS.

geoffc
How can I tell if they are blocking unencrypted binds?
tonyyeb
Usually you get an error 13, encryption required in the response.
geoffc
A: 

Not sure why but I needed to open the high ports (1024+) on the firewall between the server and the DCs. Must be an RPC thing.

tonyyeb