I would like to have a single LDAP command that would delete an entire OU atomically, including all children. I see there's a command for the windows command-line: Delete an Organizational Unit dsrm <OrganizationalUnitDN> [-subtree] That -subtree option deletes children too. Is there a way to do that using LDAP? Bonus points, if som...
We have an existing Web application and we want to migrate from a custom authentication solution to Active Directory Federation Services so that our partner organizations can manage the authorization of their users on their side. Right now the site is using custom database tables to manage users and custom logic to manage authentication...
I have a security group in AD. I want to assign Administrator role to members of that security group. What is the best way to do it? ...
I'm using the following code to get the members of a group on my domain: Dim de As New DirectoryEntry("LDAP://" & GroupDN) For Each user As String In CType(de.Properties("member"), IEnumerable) GroupCollection.Add(Username, Username) Next My problem is that when GroupDN (the distinguishedname of the group) is "CN=Do...
I have the following code to convert a distinguishedName to a sAMAccountName: Dim de As New DirectoryEntry("LDAP://" & stringDN) Return CType(de.Properties("samaccountname")(0), String) It works great for every DN I pass it, except for one. We have an AD group on our domain that has a "/" in it - call it "Programmers/DBAs". The DN for...
I have an ADSI connection in my SQL Server (2005) and I'm able to query it using openquery. Is there any way to create new accounts (and/or) edit existing ones? Also, I'd like to have to use openquery to get to the data, but it looks like it's the only solution. Here's a sample query that I'm using: SELECT samaccountname, depar...
I can setup a connection manager that uses the Directory Services OLE provider and points to one of our domain controllers. Then, in the Data Flow area, I create a OLE DB Source and set the Data Access Mode to "SQL Command". I then use this query to pull data from Active Directory: Select employeeid, sAMaccountName From 'LDAP://MyComp...
I would like to configure Tomcat to use Kerberos authentification against Active Directory, but also to use Impersonating (i.e. the Java's worker thread should be running under the credentials of the authentificated user, so that I can then call some SharePoint webservices and pass them the Kerberos ticket with the delegation right) ...
For security purposes, is the primary identifier of an Active Directory user the 'logonname' attribute? For example a user with the logonname "bob" is first created then removed from AD, then an another user is created again with the logonname "bob" - is this new user, from a security perspective, equivalent? The reason I ask this que...
I'd like to have my desktop Java application to have single sign on related to Active Directory users. In two steps, I'd like to : Be sure that the particular user has logged in to Windows with some user entry. Check out some setup information for that user from the Active Directory With http://stackoverflow.com/questions/31394/java...
I have some "kiosks" that run under machine specific AD accounts that I would like to deploy reports on. For security reasons I need to verify individual user credentials before allowing access to the reports. Is there a way to do this with reporting services?We are running Reporting Services 2005, but will be upgrading fairly soon. ...
Using quest powershell on a Windows 2003 Server running Exchange 2003, is there a way to query a user's activesync or oma is enabled or disabled? EDIT: This is arguably a duplicate of your own question from Dec. 3, 2008. ...
Can anyone point me to a resource that defines the maximum allowable length of the LDAP filter string in Active Directory? ...
How can I delete a security group from Active directory in .NET? ...
I need to access information in my Active Directory domain using domain credentials. The DirectorySearcher class does not have user and password arguments. How can I specify them? ...
Using any .NET framework I am able to create security groups, however when I try to add users from within the same domain I get an error. Using System.DirectoryServices.AccountManagement: TheGroup = GroupPrincipal.FindByIdentity(SecurityContext, "GROUPNAME") TheGroup.Members.Add(SecurityContext, IdentityType.SamAccountName, "username"...
We logon users to Active Directory via LDAP using the Java LDAP API. We want to enhance our logon functionality to further check if the user is in a given AD group. Does anyone know how to do this? Current code: import javax.naming.*; import javax.naming.ldap.*; LdapContext ctx = null; Hashtable env = new Hashtable(); env.put(Contex...
Using a JSP page I get username and password. How do I check this in active directory. Please give example with some code. ...
Is there a way to use a credential coming from the user's saved password list and use that instead of the local Windows credentials? I need to look up a user's email address based on their Active Directory username to allow them to register for email updates via an intranet site. This seems easy enough if the user is actually logged int...
My application takes the currently logged-in user and uses an a DirectoryServices.DirectorySearcher to pull a few additional detail about them (some properties we have stored in a few custom AD fields, as well as their email address). This works great, though I've always though it was a little slow - my single-threaded code could only ma...