Question : I need assistance Accessing the Active Directory through my ASP.Net page from IIS.

Hi experts,
I need assistance accessing the Active Directory throught my ASP.Net page.  I am able to do so when I run the application from my machine, but when I try to do through IIS I get the following error:

System.Runtime.InteropServices.COMException: The specified domain either does not exist or could not be contacted.

What am I doing wrong?  I have posted my code, which I originally found in the internet.  The security settings in my IIS are:

anonymous access is disabled
Integrated Windows authentication is enabled

I have also attached the error message to this post.

Thanks in advance,
mrotor
Code Snippet: 
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:

protected void GetUserEmailAddress()
    {
        userName = System.Threading.Thread.CurrentPrincipal.Identity.Name;
       userAccountName = userName.Split(new string[] { "\\" }, StringSplitOptions.None)[1];
       
        // search 
        System.DirectoryServices.DirectorySearcher ds = new DirectorySearcher();
        //filter 
        ds.Filter = string.Format("(&(objectClass=user)(sAMAccountName={0}))", userAccountName);
        // find users 
        SearchResultCollection resCollection = ds.FindAll();
 
        foreach (SearchResult result in resCollection)
        {
            DirectoryEntry entry = result.GetDirectoryEntry();
            foreach (PropertyValueCollection prop in entry.Properties)
            {
                string strPropertyName = prop.PropertyName;
                foreach (object val in prop)
                {
                    if (strPropertyName == "mail")
                    {
                        txtUserEmailHidden.Text = Convert.ToString(val);
                    }
                }
            }
        }
    }
Open in New Window
Select All

Answer : I need assistance Accessing the Active Directory through my ASP.Net page from IIS.


By default every user account has read access to AD, so you wouldn't even need an administrative account. That will let you search for email adresses, etc, etc, very few restrictions on that (by default).

Putting that in code it means you can do something like this...

Chris
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:

string Username = "yourdomain\username";  // Any user account with access to AD
string Password = "somepassword";         // Password for that account
 
 
System.DirectoryServices.DirectoryEntry de = new 
  DirectoryEntry("LDAP://gad.com", Username, Password);
 
System.DirectoryServices.DirectorySearcher ds = new DirectorySearcher();
ds.SearchRoot = de;
ds.Filter = "(&(objectClass=user)(objectCategory=person))";
 
// find users 
SearchResultCollection resCollection = ds.FindAll();
 
foreach (SearchResult resUser in resCollection)
{
  // Get the e-mail address
  Console.WriteLine(resUser.Properties["mail"][0].ToString());
  // Get the street address
  Console.WriteLine(resUser.Properties["streetaddress"][0].ToString();
  // Get the phone number
  Console.WriteLine(resUser.Properties["telephonenumber"][0].ToString();
}
Open in New Window
Select All
Random Solutions  
 
programming4us programming4us