views:

623

answers:

2

We have an ASP.NET application running at a customer site that uses ActiveDirectory for user login via the ActiveDirectoryMembershipProvider. Their primary domain controller that we were pointing to went down this morning, and in getting everything set back up the client was wondering if we could have a redundant connection to two domain controllers; i.e. specifying a primary and a backup AD server. A Google search proved fruitless - does anyone know if this can be done?

A: 

It can be done, it will just take some work.

You will need to create a class that inherits off of the ActiveDirectoryMemberhsipProvider and use it has your provider instead. That way you can maintain most of the functionality. Then setup a way to specify two connectionStringName properties, one for primary and one for secondary. You will also need to create the code to read the information from the config since you are changing it. Then just override the methods where you need to catch when the primary is down and switch to the secondary. This will be the most reusable way of doing it.

There's probably other ways of doing it, but it will probably be hacky and not very reusable. Like testing the connection before each request and then setting the connectionstring that way.

Based on the MSDN documentation on the class, this will probably be the only way to do it. They don't provide the functionality internal.

Dale Ragan
I was afraid of that, although I've subclassed ADMP before and it wasn't too bad. I am curious if there is an answer to what the LDAP string would look like if pointing to the domain rather than the server.
glaxaco
Every LDAP connection string I have ever seen contained the server then you would supply the domain which to authenticate on.
Dale Ragan
+2  A: 

If ActiveDirectory couldn't handle multiple domain controllers then it wouldn't be a very good technology.

You just need to make sure in your Membership configuration you are pointing to the 'Domain' rather than the 'Server' and then add two or more controllers to your domain.

Generally if you are referring to the domain as "LDAP://server/DC=domain,DC=com" then you should be able to remove the "server" part and refer simply to "LSAP://DC=domain,DC=com"

The following code project gives a long list of things you can do in Active Directory from C#: http://www.codeproject.com/KB/system/everythingInAD.aspx#7

samjudson
What would the LDAP connection string look like if you point it to the domain and not the server?
Dale Ragan
I'm sure your 2nd connection string was meant to be "LDAP://DC=domain,DC=com" not "LSAP://DC=domain,DC=com".
Timothy Walters