I'm writing an intranet application for a client and I want to give them the ability to configure through an admin interface, which users and user groups can access certain areas. What I'd like to know is the best way of storing the reference to the user or group that is assigned to an area of the intranet. Should I be using the domain...
I'm using SQL Server ADSI to import data from Active Directory and using the whenChanged field to control if I need to reimport the members of a group. Problem is the date is being returned in GMT and I'm currently in BST. So, did a member change at 9:50 this morning, the AD tools I have say 9:50, but the ADSI query returns 8:50. This...
I need to be able to logoff any user from his windows session from a program. I know I could log in as an admin and force a remote logoff. Is there any other way to force a logoff without logging in? The tool will run as admin so that's not a problem, being able to remote logoff without logging in is. Tool is in .NET, but any other ...
I'm implementing a plugin architecture to implement authentication an external authentication mechanism for a web site. One of the plugins I plan to provide is an ActiveDirectory plugin. I'd like to implement some of the features of a MembershipProvider, including MinRequiredPasswordLength, but don't want to fully implement or configur...
My application runs under tomcat. It is using GSS API (JNDI) to connect to Active Directory LDAP Server using Kerberos. It allows the user to define AD servers and try to connect to them. However, once the first Kerberos using connect attempt is done, the application does not read Kerberos configuration again (/etc/krb5.conf). Hence, any...
How do I get a list of domain user accounts with win32 api? In particular, I can't get this list when the computer is not the domain controller. Instead it is a member of the domain. ...
I'm working on trouble shooting an application under development that uses information from Active Directory in a multi-forest environment and I have the current problem down to figuring out if forest trusts are transitive, and if so under what conditions. The setup: Using Active Directory 2003, ForestA has a two-way forest trust with F...
My application enables defining several LDAP servers to work with. One might want to define Kerberos access to more than one LDAP server. Can it be done? Can a single host juggle between Active Directory servers with Kerberos as the connection method? ...
I'm writing a web application which uses windows authentication and I can happily get the user's login name using something like: string login = User.Identity.Name.ToString(); But I don't need their login name I want their DisplayName. I've been banging my head for a couple hours now... Can I access my organisation's AD via a web ap...
We had a bad day yesterday. One of our Domain Admins deleted an OU containing 700+ users and the same amount of computers as well as assorted other useful things like groups etc. We restored from a backup, but it wasn't pretty. I know that ADUC asks you if you're sure etc... but I'd like it if it was not possible to delete this partic...
There are a couple of questions similar to this on stack overflow but not quite the same. I want to open, or create, a local group on a win xp computer and add members to it, domain, local and well known accounts. I also want to check whether a user is already a member so that I don't add the same account twice, and presumably get an e...
What design pattern should I use to handle both forms authentication and active directory? (Administrative setting will allow you to chose either one of them). From what I know, .NET membership provider only has forms right? ...
Hi On our TFS source control server, a lot of source files are checked out by people, which are not employed any more. Is there a central way where I can undo check out on all files in TFS? I'm not even sure that they exists in Active Directory anymore. ...
In short - How do I translate a NETBIOS domain to a FQDN ? Details: Assuming I'm in domain A and I have user credentials for domain B which has a trust relationship with domain A (I can authenticate the credentials). How do I get domain B's FQDN when all I have are the credentials of some authenticated user from that domain, including t...
Is it possible to replicate selected objects (accounts) in an Active Directory Domain. We have a need to replicate selected accounts through our firewall to a DC sitting in the DMZ. We don't want to replicate all accounts to this machine, in case it is compromised. Any suggestions, help or products suggested most appreciated. ...
I've created a c# webservice that allows our front end support teams to view and update a few selected Active Directory values using system.directoryservices Fields that I want to update are [job] title, department, telephone and employeeid. I can use a service account with "delegates rights" to update [job] title, department, telephon...
We have an internal application that is using a service account and fine-grained table and field control is controlled by permissions tables in the application. If we wanted to use pass-through security with Active Directory, we have a problem in that a user with odbc access could modify tables outside of business rules that exist in t...
Hi, If a company often requires users to be created in a partner's active directory, and vice versa, does it make sense to set up a federated / trusted relationship between the AD instances? If so, what should be considered? Does the ACL for users in the partner AD still work the same way? What security risks does this expose? Thanks! ...
UDDI is for locating services on the Internet. Is there anything similar for locating services in a corporate or enterprise environment? For example I might want my program to be able to find a central reporting or policy server without configuration. Is this something I can do with Active Directory? Or do I need to do something else? ...
I am writing an application that is linked to Active Directory, and I need to store the userPrincipalName in a database table, but I do not know how big the field would need to be. On MSDN, no Length is given, and neither in RFC 822. Now, before I revert to the DOMAIN\Username that has a defined Length (sAMAccountName is less than 20 ch...