I need to query AD to determine if a users account is disabled. Using a similar query used in the answers here SELECT * FROM OPENQUERY(ADSI, 'SELECT sAMAccountName FROM ''LDAP://DC=MyDC,DC=com,DC=uk'' WHERE objectCategory = ''Person'' AND objectClass = ''user'') I believe to determine if an account is disabled I have to use the user...
I'm trying to come up with a plan to allow users to auth with a MySQL database (many, actually) using LDAP. More specifically, ActiveDirectory. Database will likely be accessed through applications, not web. What are my options? EDIT: Okay. It seems that there is no "official" way to allow authentication on MySQL using LDAP. What othe...
We are building an intranet application that would use integrated windows authentication. The application would require custom actions and roles to secure different parts and functions. My current idea is to extend active directory by storing the roles and actions in a different database linked to an active directory user using the SID....
I've been asked to provide support for authenticating users against an Active Directory in our existing client server application. At the moment a user supplies a user name and password from a client machine, passed over the wire (encrypted) to our server process and matched against a user name/password stored in a database. Initiall...
My SharePoint site uses Active Directory authentication. The Site Visitors SharePoint group contains the AD group of all users. I have a subsite which Site Visitors have Read access to. Inside this subsite, I have a document library which I don't want visitors to have read access to and so I have made the permissions unique for this do...
Hello i try to put the user password check to never expire. When i create the user, the check is always uncheck. I try many twist to execute that but noting work. There is my code. DirectoryEntry user = root.Children.Add(adUserName, "user"); // NOTE(cboivin): Documentation : http://msdn.microsoft.com/en-us/library/aa746340(VS...
I cannot query AD via SQL Server. I add the linked server referencing the active directory both via SQL (see below) and through the SSMS GUI but I cannot figure out the security issues. EXEC sp_addlinkedserver @server = 'ADSI', @srvproduct = 'Active Directory Services 2.5', @provider = 'ADSDSOObject', @datasrc = 'adsdatasource' ...
This morning, something wierd happened with our Active Directory. We have a website that authenticates users against our Active Directory. It has worked flawlessly for weeks. The code involving this has never changed. When I launch a copy of the website on my local computer within the IDE (VS2008), it authenticates users correctly, and ...
I have a WCF service that is performing some updates across a couple of databases and Active Directory. Since Active Directory is not able to support transactions, I want to implement then in a "DirectoryRepository" class that will perform a compensating action when a rollback occurs. my code is using TransactionScope... using(var scop...
I've possible got to implement SAML for a couple of sites we have and I was wondering if this kind of requirement can be implemented in infrastructure technologies like Active Directory or do I have to implement the solution in application code? Cheers Ollie ...
Hello, We want to implement SSO functionality in our organization, but we're not really sure what our options are, and what the benefits / disadvantages for the different solutions might be. -We have multiple old ASP(Active Server Pages) sites which should use SSO -We have multiple ASP.net web-Applications which should use SSO -We wa...
I am building a self-service group management web-app that will allow users to create and manage groups in our Active Directory under a particular OU. I have successfully written a PHP application that accomplishes most of this by binding as an admin user and creating new group objects in the appropriate OU, then adding and removing 'm...
Hey everyone, I have an interesting problem, I am writing a password management webpage/service and I am trying to find a way to determine when a user's password is going to expire so I can manually reset their other passwords with it and send out an email, etc. The problem I'm having is that when trying to loop through my users I'm ge...
I want only a (faculty) group of users to be able to access a certain web page on my website. This page is only meant to be seen by faculty. Within active directory, we have a group called "faculty" Here is a snippet of code I have to authenticate users via ldap/active directory, but I want to only authenicate users that are within th...
I've made a small application that reads out all the departments in our AD, and saves it as an xml file for each company that the departments belong to. But I also need to add all the groups that users in each department in each company is member of. Here is a snippet of one of the xml files that my code produces. I want to add the grou...
Given a username, how would I go about writing an LDAP query that will return all groups that the user is a member of? ...
I have the following code that loads a user's Active Directory DirectoryEntry object from the user's SID: public static DirectoryEntry GetUserDirectoryEntry(SecurityIdentifier sid) { return new DirectoryEntry(string.Format("LDAP://<SID={0}>", sid.Value)); } Is there a more efficient way to do this? I'm having to optimize my code b...
adding more info on @serialhobbyist's request hi all. we're (= me and my colleagues) using PrincipalContext from System.DirectoryServices.AccountManagement to retrieve some authentication info (make sure a user belongs to a group etc). Important: our client is a service running as LocalSystem. this does not happen when we run in a normal...
Hi, I'm currently integrating a CMS (developed in PHP) authentication with Active Directory. This specific Active Directory only allows authentication through Kerberos, or ldaps:// (but this last one is not the most wanted since I'll have to use absolute paths). I've been searching the web for anything about PHP AD Kerberos Authenticat...
Currently I authenticate users against some AD using the following code: DirectoryEntry entry = new DirectoryEntry(_path, username, pwd); try { // Bind to the native AdsObject to force authentication. Object obj = entry.NativeObject; DirectorySearcher search = new DirectorySearcher(entry) { Filter = "(sAMAccountName=" + us...