Hello,
I was trying to copy 'n' number of users from my parent domain to the child domain. I have tried ADMT, but it moves the users(removes the user from parent domain and adds the user to the child domain). This is not the behavior that I was expecting to achieve. I would like the users to be present in both the domains, basically a clone of the user in parent domain should be present in child domain.
Is there anyway to achieve this?
Thanks
Regards, Akash
Hi All,
We have asp.net core 2.1 web application and for user authentication we are using AD (LDAP auth) and referring Novell.Directory.Ldap.NETStandard2_0 library.
So far, we are able to connect with our active directory and able to fetch the logged-in user details.
But getting exception while returning the user details at below code.
public override async Task<SignInResult> PasswordSignInAsync(string userName, string password, bool rememberMe, bool lockOutOnFailure)
{
var user = await this.UserManager.FindByNameAsync(userName);
if (user == null)
{
return SignInResult.Failed;
}
return await this.PasswordSignInAsync(user, password, rememberMe, lockOutOnFailure);
}
The exception is ----------------{LdapException: Unable to connect to server xyz.com:389 (91) Connect Error
System.IO.IOException: Unable to transfer data on the transport connection:
An existing connection was forcibly closed by the remote host. ---> System.Net.Sockets.SocketException:
An existing connection was forcibly closed by the remote host --- End of inner exception stack trace ---at
Novell.Directory.Ldap.AsyncExtensions.WaitAndUnwrap(Task task, Int32 timeout)
at Novell.Directory.Ldap.Connection.connect(String host, Int32 port, Int32 semaphoreId)}
PasswordSignInAsync+Connect Error
System.IO.IOException+Novell.Directory.LdapCould you please point why we are getting this exception.
Hi Everyone,
I am working on Asp.net core 2.1 MVC application, where I am authenticating internal AD users by Ldap and authentication is working fine.
My second requirement was to add successful authenticated users into Microsoft default identity table AspNetUsers for role based authorization management, and this also work fine.
Now, While adding resource against previously created role, I am facing issue, it just returns succeeded =false and does not assign user, please see below error description.
addUserTorole = {Failed : DuplicateUserName,DuplicateEmail} {Microsoft.AspNetCore.Identity.IdentityError}
0 - Description = "User name 'abc123' is already taken."
1- Description = "Email 'abc@gmail.com' is already taken."
Whereas I know there no record inside dbo.AspNetUserRoles table, and just one record with User name 'abc123' with said Email in stored in dbo.AspNetUsers table.
public async Task<IActionResult> EmployeeLogin(LoginViewModel loginViewModel)
{
if (!ModelState.IsValid)
return View(loginViewModel);
var user = await _userManager.FindByLdapNameAsync(loginViewModel.UserName);
if (user != null)
{
try
{
var result = await _signInManager.PasswordSignInAsync(user, loginViewModel.Password, false, false);
if (result.Succeeded)
{
var findUser = await _userManager.FindByNameAsync(loginViewModel.UserName);
if(findUser ==null)
{ // For storing users into indentity databse
var createIdenity = await _userManager.CreateAsync(user, "Welcome$123");
}var addUserTorole = await _userManager.AddToRoleAsync(user, "Administrators");
if (addUserTorole.Succeeded)
{ }
if (string.IsNullOrEmpty(loginViewModel.ReturnUrl))
{
return RedirectToAction("Index", "Customer");
}
return Redirect(loginViewModel.ReturnUrl);
}
}
catch (Exception e) { }
}
ModelState.AddModelError("", "Username/password not found");
return View(loginViewModel);
}Please help me out where i am doing mistake.
Thanks,
Sonu
We have a web application that connect to the domain server and check if the domain account is valid. In most cases it runs well. However, it doesn't work by chance (about once per month in the last four months). The error message from domain server is: Unknown error (0x80005000). It works again after we restart IIS manually. Please let me know what is the solution to fix the issue.
It is the same issue as the post https://forums.asp.net/t/1862718.aspx , but there's no solution in the post.
[Server environment]: Windows Server 2012 R2 Data Center
[Code]:
public static bool CheckLdapConnect(DomainInfo domainInfo)
{
bool success = false;
if (domainInfo.DomainUserName == null)
return false;
string adPath = "LDAP://" + domainInfo.Server + ":" + domainInfo.Port.ToString().Trim()
+ string.Format("/DC={0}", domainInfo.Domain.Replace(".", ",DC="));
string domainAndUsername = domainInfo.DomainUserName;
if (!domainInfo.DomainUserName.Contains(@"\") && !domainInfo.DomainUserName.Contains("@"))
domainAndUsername = domainInfo.Domain + @"\" + domainAndUsername;
DirectoryEntry deTest = new DirectoryEntry(adPath, domainAndUsername, domainInfo.DomainPassword);
deTest.AuthenticationType = AuthenticationTypes.ReadonlyServer | AuthenticationTypes.Secure | AuthenticationTypes.Sealing | AuthenticationTypes.ServerBind;
try
{
string dcName = deTest.Name;
success = true;
}
catch (Exception ex)
{
Logger.WriteLine(CIPACE.DateTimeUtility.Now.ToString("MM/dd/yyyy hh:mm:ss") + " " + ex.Message);
}
finally
{
deTest.Close();
deTest.Dispose();
}
return success;
}
public partial class DomainInfo : ModelBase
{
public const int LDAP_DEFAULT_PORT = 389;
public string Server; //Domain server
public string Domain; //Domain name
public int Port; //LDAP Port
public string DomainUserName; //Domain user name
public string DomainPassword //Domain user password
}
Hi all,
I am trying to connect to AD using LADP over SSL. I have following code, but I am getting exception (The LDAP server is unavailable). I can able to connect using LDAP test application on both 636 and 389 ports. I can able to connect using 389 port but not from 636 port from below code.
Please suggest me if I am doing something wrong in my code.
Dim ldapErrorInvalidCredentials As Integer = &H31
Dim activeDirectoryServer As String = "xyz.test.com:636"
Dim activeDirectpryDomain As String = "test.com"
Dim ldapConnection As LdapConnection = Nothing
Dim user As String = "testUser"
Dim ldapPort As String = "636"
Dim Success As Boolean = False
Try
ldapConnection = New System.DirectoryServices.Protocols.LdapConnection(activeDirectoryServer)
ldapConnection.SessionOptions.SecureSocketLayer = True
ldapConnection.SessionOptions.ProtocolVersion = 3
ldapConnection.AuthType = AuthType.Negotiate
' ldapConnection.SessionOptions.VerifyServerCertificate = New VerifyServerCertificateCallback(ldapConnection, cert)
ldapConnection.AutoBind = False
'ldapConnection.Credential = New NetworkCredential(username, password, activeDirectpryDomain)
Dim cert As X509Certificate = New X509Certificate()
cert.Import("C:\LDAP\cert.cer")
ldapConnection.ClientCertificates.Add(cert)
ldapConnection.Bind(New NetworkCredential(user , "testpassword", activeDirectpryDomain))
Console.WriteLine(("Successfully authenticated to ldap server " & activeDirectoryServer))
Catch ex As Exception
Console.WriteLine("Failed")
End Try
Please provide filter condition or C# code to fetch newly added users in AD last 48 hours.
Please provide filter condition or C# code to fetch modified users in AD last 48 hours.
I've setup an MVC C# web application with Windows Authentication using MS Visual Studio 2013 authentication mode="Windows"
It works as expected when the user is on the corporate network (CN). The authentication is automatic, seamless and totally transparent when the user goes to the web app in IE or Chrome. If the user uses Firefox, a popup requests the user's network credentials, which is fine... as long I don't have to manage usernames and passwords anymore. By the way the popup is an integrated part of the browser reacting to the response from the web app, I do not control this.
My problem happens when the user tries to connect to the web app from home, through the use of a secure VPN. Once authenticated on our network, when the user opens up IE to go the web app, the authentication is not "automatic and seamless" anymore...a popup requests the user's network credentials...but that is not all, the user must prefix his username with the corporate network (CN) else the active directory will not recognize him (cn\jorion) because the user's domain name is different from the corporate network (CN).
I do not have control of the LDAP/Active Directory but I do have control of the web server (IIS) and the web apps.
I've done a bit of research trying to find a parameter I could set in the web.config to pre-set the [domain name] in the popup or force it to be the value I want it to be for authentication with the LDAP but to no avail. I found that I could do exactly that only if I switch from authentication mode="Windows" to authentication mode="Form" but then every user on the corporate network would have to login as well where right now they do not have to.
Is there a way I can set it so the user does not have to prefix his username with the corporate domain name (cn) for authentication when using VPN?
Dim strUser, strQuery, strservername, oConn, cmd, oRS,AuthenticateUser,
strPwd
strUser ="****"
strPwd ="****"
strservername ="DC=abc,DC=ds,DC=efg,DC=com"AuthenticateUser=False
strQuery ="SELECT givenName FROM 'LDAP://"& strservername &"'
WHERE OU='****' AND OU='****' AND OU='****' AND cn='****'"
oConn =CreateObject("ADODB.Connection")
oConn.Provider="ADsDSOOBJECT"
oConn.Properties("User ID")= strUser
oConn.Properties("Password")= strPwd
oConn.Properties("Encrypt Password")=True
oConn.open("ADs Provider", strUser, strPwd)
cmd =Server.CreateObject("ADODB.Command")
cmd.ActiveConnection= oConn
cmd.CommandText= strQuery
oRS = cmd.ExecuteIfErr.Number<>0ThenResponse.Redirect("Default.aspx?errvar="&Err.Number&Err.Description)EndIfIf oRS.bof Or oRS.eof ThenResponse.Write(oRS.fields("givenName").ToString())EndIfI'm getting System.__ComObject instead of active directory values . Please help me to solve this error .
</div> <div class="post-taglist grid gs4 gsy fd-column"></div>Hello,
In my current Core MVC project I am working on, I am using PrincipleSearchResult to get groups that a user is in. I am using Windows Authentication and and getting the user name that way. What I find interesting is that when I take a person in or our of a group it takes about 10 minutes for my application to see the change in AD. Does anyone know why that would be? Even though it essentially works, I am curious why there is a delay. It seems like the change would be detected from AD immediately when I run the method. Am I doing something wrong or is working differently than I think it should? I am still learning Core so I apologize in advance. Any insight is appreciated.
Here is my code for reference:
public class IntranetSecurityGroupHandler : AuthorizationHandler<IntranetSecurityGroupRequirement>
{
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, IntranetSecurityGroupRequirement requirement)
{
var username = context.User.Identity.Name;
string domain = IPGlobalProperties.GetIPGlobalProperties().DomainName;
using (var ctx = new PrincipalContext(ContextType.Domain, domain))
{
var user = UserPrincipal.FindByIdentity(ctx, username);
if (user == null)
{
return Task.CompletedTask;
}
else
{
PrincipalSearchResult<Principal> groups = user.GetAuthorizationGroups();
// iterate over all groups for user
foreach (GroupPrincipal group in groups)
{
//output to see what groups the user in
System.Diagnostics.Debug.WriteLine(group.Name);
if (requirement.IntranentSecurityGroup == group.Name)
{
context.Succeed(requirement);
}
}
}
}
return Task.CompletedTask;
}
}
}Thanks,
Tim
I am fetching the list of AD Groups in the DropDownList, however the I am trying to set the ObjectGUID property as value & Name property as text for the dropdownlist selections. I have created the function using System.Management.Automation library to interact directly with PowerShell commands. The problem is C# function's last third line has a string variable that is used for assigning 'value' and 'text' to dropdown list item. I want to store ObjectGUID in value & Name in text, so that when the user sees it only Name of the group would be visible and the value which is passed will be the ObjectGUID. Here's my C# Code.
public List<SelectListItem> PowerShellExecutorLst(string scriptPath, string arg)
{
string outString = "";
var shell = PowerShell.Create();
shell.Commands.AddCommand(scriptPath).AddArgument(arg);
var results = shell.Invoke();
if (results.Count > 0)
{
var builder = new StringBuilder();
foreach (var psObj in results)
{
builder.Append(psObj.BaseObject.ToString() + "\r\n");
}
outString = Server.HtmlEncode(builder.ToString());
}
List<string> strLst = outString.Split(new char[] { '\n' }).ToList();
List<SelectListItem> listItems = strLst.Select(s => new SelectListItem { Value = s, Text=s }).ToList();
shell.Dispose();
return listItems;
}Because my script is giving output of 2 properties Name & ObjectGUID, the outString variable is not able to determine proper value. Just for reference this is my script:
Get-ADGroup -Filter {Name -eq 'TestGroup'} -Properties Name, ObjectGUID |
Select Name, ObjectGUID
I have created an HTML Table that fills the details from Active Directory Group and introduced paging in it however, sometimes there could be 1000 records & sometimes there would be none I want to toggle between paging feature on a button click depending on user, if he wants to interact with table by clicking on pages he can do that or just have all records in single page & scroll. However, can't find an efficient solution. Most of the answers are on data table from the database. I am not using any third party tools or scripts just simple jQuery to manage paging.
Here's my code:
$.ajax({
type: "POST",
url: "/Group/FillMembers",
data: { GroupName: $("#ddlGroup option:selected").text().trim() },
success: function (response) {$.each(response.message, function (key, value) {
var tr = $("<tr></tr>");
var tbody = $("#tbody");
var arr = value.split(";");$.each(arr, function (i, obj) {
var temp = arr[i].trim().split("=")[1];
td = $("<td></td>");
td.append(temp);
tr.append(td);
})
//DropDownlist for required adjustments
tr.append("<td><select id='ddlReqdAdjustment' class='form-control'> \<option>Keep</option> \<option>Remove</option> \<option>Remove After</option> \</select> \</td>");
//Textbox with Validation to allow only integers
tr.append("<td><input type='number' class='form-control myText' disabled max='366' oninput='maxLimit(this)'\
onkeypress = 'return (event.charCode != 8 && event.charCode == 0 \
|| (event.charCode >= 48 && event.charCode <= 57))' /> \</td >");
tr.append("<td><input type='radio' class='fakeRadio form-control' id='myChk' value='0'/> \<label for='chk'/>\</td>");
tbody.append(tr);
});
// Pagination of HTML Table$(document).ready(function () {$(document).ajaxComplete(function () {
paginate('#data', 8); // Manage Number of Records Per Page
function paginate(tableName, RecordsPerPage) {$('#nav').remove();$(tableName).after('<div id="nav" style="text-align:center; "></div>');
var rowsShown = RecordsPerPage;
var rowsTotal = $(tableName + ' tbody tr').length;
var numPages = rowsTotal / rowsShown;
for (i = 0; i < numPages; i++) {
var pageNum = i + 1;$('#nav').append('<a onmouseover="this.style.textDecoration=\'underline\';" \
onmouseout="this.style.textDecoration=\'none\';" \
style="border: 1px solid #ddd; display: inline-block; border-radius: 5px; \
padding: 5px; font-family: Helvetica; " href = "#" rel = " ' + i + ' ">' + pageNum + '</a>');
}$(tableName + ' tbody tr').hide();$(tableName + ' tbody tr').slice(0, rowsShown).show();$('#nav a:first').addClass('active');$('#nav a').bind('click', function () {$('#nav a').removeClass('active');$(this).addClass('active');
var currPage = $(this).attr('rel');
var startItem = currPage * rowsShown;
var endItem = startItem + rowsShown;$(tableName + ' tbody tr').css('opacity', '0.0').hide().slice(startItem, endItem).
css('display', 'table-row').animate({ opacity: 1 }, 300);
});
}
});
});
}
});Assuming that I keep a button to turn on/off paging how should I manage to allow both views? Please find the screenshot of my work here. Any dummy data can be filled in blank entries.
Hi guys ,,,
I have a PDC and RODC in multiple branches , in my case i have to create a policy for each branch , that policy should add a specific IP's in Internet Explorer Trusted sites such as :
Branch 01 => 10.10.10.1 - 10.10.10.2
Branch 02 => 11.11.11.1 - 11.11.11.2
etc ,,,
so should i make a policy for each branch with theses specific IP's ? which i see it not logical at all to create 30 policy or 100 policy just for adding a specific IP for each branch .
or is there another way to do that without manual interruption from the IT Guys ?
Thank you
hello
i have an application of Sales Orders management in asp.net mvc 4 project, and i want to apply LDAP authentication on that application, i haven't any idea about how to apply authorization on database table records affected to user so that:
the user that have admin role or groupe, can view/ create/ edit/delete all orders of all Departments
the user with role authenticated user can only view/create/edit/delete the orders of its Department or subordinated Departments of its Department
any help please?
Can anyone tell me what I am doing wrong. I get the following error on the objMailbox.CreateMailbox line. I am useing VS 2005 C# and exchange server 2003. I have the Exchange tools installed locally and get the same error if I try to run it on the Exchange Server.
An operations error occurred. (Exception from HRESULT: 0x80072020)
I am using CDOEXM object
using
ActiveDs;using CDO;
using
CDOEXM;publicvoid CreateEmailAccount()
{
string sEmpID ="12345";string sUsername ="Test";DirectoryEntry de = Conn.GetDirectoryEntry("EmpTest","x");DirectorySearcher ds =newDirectorySearcher(de); ds.Filter = "(&(objectCategory=Person)(objectClass=user)(employeeID="+ sEmpID +"))";ds.SearchScope =
SearchScope.Subtree;SearchResult results = ds.FindOne();if (results !=null){
DirectoryEntry dey = Conn.GetDirectoryEntry("OneTest", results.Path);
ActiveDs.
IADsUser objUser; objUser = (ActiveDs.IADsUser)dey.NativeObject;objUser.SetInfo();
CDOEXM.IMailboxStore objMailbox;objMailbox = (CDOEXM.
IMailboxStore)objUser; objMailbox.CreateMailbox("LDAP//CN=(myStore,CN=(myGroup),CN=InformationStore,CN=(myServer),CN=Servers,CN=(myAdmingroup),CN=Administrative Groups,CN=(myVariable),CN=Microsoft Exchange,CN=Services,CN=Configuration,dc=mystuff,dc=com");objUser.SetInfo();
objUser.PutEx(2, "proxyAddresses", sUsername +"@mystuff.com");objUser.SetInfo();
}
}
Thanks in advance
~IronDraco
Hi Everyone,
I am trying to use a Active setup functionality in a MSI package for the product installation. If anyone has the experience to create a Active setup please guide me.
Regards,
Sai
hello
in my web application mvc4 i want to authorize to authenticated user (Active Directory membeship) to access a depatments data record where he belongs. for that, in controller action methode i would implement Where linq clause Where(x=>x.username == User.Identity.Name)
but what if we have tow accounts with the same name how i can distinguish between them?
I'm still kind of new to LDAP. We have users that have left the company but I find there uid= is still in the member list of the groups. Is there a utility that can list the deleted users from the member list? I tried playing with the LDAP search command but with no luck. I'm hoping there's a utility to clean this up, but if not maybe a way to create a list easily.
Thanks!
Brent
I am using a .NET 46 MVC app to query an AD Group structure that reflects an organisation :
Contoso Global
-Contoso Asia
+ Contoso China
etc.....
-Contoso Europe
- Contoso UK
+Contoso Birmingham
etc.
-Contoso London
Ian Jones - the boss in London
+Contoso UK HR
etc.
- Contoso UK Finance
Fred Blogs
Helen Brown
Each AD Group is made up of both people ( EG Managers ) and other 'child' AD groups
In the example above, 'Contoso London' would include
I can find out all the groups that 'Helen Brown' belongs to both directly and via nested groups.
How do I take a group as the start point, using .NET Framework 4.6C # . to find out the groups it belongs to, and the groups and members who belong to
I suspect this will be two distinct queries to find out
a) What groups and people belong to 'Contoso London' ( desired answer : Contoso UK HR, Contoso UK Finance, Ian Jones, Fred Blogs,Helen Brown) ?
b) What groups is 'Contoso London' a member of (desired answer : Contoso global, Contoso Europe, Contoso UK) ?
Any ideas gratefully received.
Thanks , Richard
Hello, I am trying to connect to the LDAP server and my goal is to change user password through the application. My working application is hosted inside the domain and the following code works fine to change password.
using (PrincipalContext principalContext = new PrincipalContext
(ContextType.Domain, DomainName, DomainDN, ContextOptions.Negotiate, AdminUserName, AdminUserPassword))
{
UserPrincipal userPrincipal = UserPrincipal.FindByIdentity(principalContext, IdentityType.SamAccountName, userName);
dnuser = userPrincipal.DistinguishedName;
currentdc = principalContext.ConnectedServer;
DirectoryEntry directoryEntry = (DirectoryEntry)userPrincipal.GetUnderlyingObject();
userPrincipal.ChangePassword(oldPassword, newPassword);
userPrincipal.Dispose();
}
Now I need to move the application to a new server which is outside the domain (DMZ server) of the DC. So I am having to use LDAP connection over SSL. I am trying to connect to the LDAP server with the following code but getting error "The server is not operational" on the line deSearch.FindOne().
string ldapString = "LDAP://123.45.678.123:636/DC=mydomain,DC=com";
DirectoryEntry de = new DirectoryEntry(ldapString, adminUser, adminPass, AuthenticationTypes.Secure);
//DirectoryEntry de = new DirectoryEntry(ldapString, adminUser, adminPass);
DirectorySearcher deSearch = new DirectorySearcher(de) { SearchRoot = de, Filter = "(&(objectCategory=user)(cn=" + "xar22" + "))" };
var directoryEntry = deSearch.FindOne();
Can someone please help me understanding what I am doing wrong?
Thanks!
Hi, I have several scripts in Vbs to make queries, add and remove groups to computer objects through ldap through port 389, but I want to pass them to ldaps through port 636. When changing the structure to LDAP: //MY.DOMAIN: 636, I never get to connect to my domain through that port, but through LDAP: //MY.DOMAIN I have no problem. Where am i wrong, for example:
Dim adoConnection, adoCommand, adoRecordset
Dim strADBase, strADFilter, strADAttributes, strADQueryDL
Dim objADComputer
set BuscarEquipoEnAD = Nothing
' find computer to AD for get the OU
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Properties("User ID") = strADUserUsername
adoConnection.Properties("Password") = strADUserPassword
adoConnection.Properties("Encrypt Password") = True
adoConnection.Properties("ADSI Flag") = &H201 'ADS_SERVER_BIND o ADS_SECURE_AUTHENTICATION
adoConnection.Open "Active Directory Provider"
' i create aquery string to search for the device to Active Directory
strADBase = "<LDAP://" & strADFQDN & ">"
strADFilter = "(&(objectCategory=Computer)(" & strADCampoNombre & "=" & strADCampoValor & "))"
strADAttributes="sAMAccountName,distinguishedName,serialNumber,cn"
strADQueryDL = strADBase & ";" & strADFilter & ";" & strADAttributes & ";subtree"
' make a objecto comand and i have query to AD
Set adoCommand = CreateObject("ADODB.Command")
adoCommand.ActiveConnection = adoConnection
adoCommand.CommandText = strADQueryDL
Set adoRecordset = adoCommand.Execute
Never i can't connect to AD, where is my fail.
Please i need your help, thanks.