The specified domain either does not exist or could not be contact

Discussion in 'Active Directory' started by rick, Jun 23, 2005.

  1. rick

    rick Guest

    DirectoryEntry objRootDSE = new DirectoryEntry("LDAP://rootDSE");
    string strConfig =
    objRootDSE.Properties["configurationNamingContext"[0].ToStri();

    I have these two lines of code in a console app running on my local xp
    machine. They work fine. I moved them to a web app running IIS on my local
    machine and got the following error when I execute the second line.

    'The specified domain either does not exist or could not be contacted'

    Anyone have any idea what's going on here?

    thanks

    rick
     
    rick, Jun 23, 2005
    #1
    1. Advertisements

  2. The problem here is that your code runs under two different security
    contexts but uses an ADSI feature that assumes a security context that is
    only true in one of them.

    Your console app probably runs under your domain account when you run it.
    The ASP.NET code on XP runs under the ASPNET local machine account.

    Your code uses serverless binding (and default credential binding for that
    matter). Serverless binding figures out what domain controller to contact
    by looking at the domain membership of the account running the code. Since
    ASP.NET is running under a local machine account, it is not a domain member
    and no domain can be inferred.

    You can fix this by putting the DNS domain name of your domain in your
    binding string:
    LDAP://domain.com/RootDSE

    However, that will bring you to another problem which is the credentials
    thing I mentioned. Since you don't supply credentials in the constructor
    either, ASP.NET will use the current account to bind to the directory, but
    since that is not a domain account, it will not work and you will bind as
    anonymous to AD. This will mean that you probably can't actually access
    many objects in the domain.

    There are a variety of approaches for solving this problem and many of them
    are detailed here:
    http://support.microsoft.com/default.aspx?scid=kb;en-us;329986

    Joe K.
     
    Joe Kaplan \(MVP - ADSI\), Jun 23, 2005
    #2
    1. Advertisements

  3. rick

    rick Guest

    Thanks Joe. Your explaination and link really helped.

    rick

     
    rick, Jun 23, 2005
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.