A
Arthur Penn
I've read a number of other postings trying to deal with this problem,
but none of the suggestions worked. I developed a SharePoint 2003
portal locally and built a web part for it that reads user data from
Active Directory. It works fine deployed to the SPS server in our
domain--the DC is on a separate machine from SPS, and I can even cross
domains and read the user data from other trusted domains locally.
When I restored the portal at the client site and deployed the web
part, the part fails to read data from Active Directory and gets the
following error:
Exception Details: System.Runtime.InteropServices.COMException:
Unknown error (0x80005000)
[COMException (0x80005000): Unknown error (0x80005000)]
System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
+512
System.DirectoryServices.DirectoryEntry.Bind() +10
System.DirectoryServices.DirectoryEntry.get_AdsObject() +10
System.DirectoryServices.DirectorySearcher.FindAll(Boolean
findMoreThanOne) +198
System.DirectoryServices.DirectorySearcher.FindAll() +10
Namespace.SharePoint.WebPartCode.findUsers(DirectoryEntry root)
Here are some relevant points about the environment and things I
tried:
1) The SPS server is a member server of the domain we are trying to
pull AD from, but is not a DC.
2) We audited directory info access on the DC the code should have
been hitting, and it does not log any entries when it fails. This
leads me to believe that it is a problem on the SPS server and not the
double-hop issue.
3) The SPS portal's web config has the following entries:
<authentication mode="Windows" />
<authorization>
<allow users="*" />
</authorization>
<identity impersonate="true" />
4) The domain the SPS server is in runs in native mode.
5) The web part passes credentials to the DirectoryEntry object to use
in performing the retrieval. We elevated the permissions of the passed
account to a domain admin, but this did not help. Relevant code
sections are as follows:
a) Get the DirectoryEntry object and pass the credentials specified in
the web part properties page:
DirectoryEntry root;
try
{
root = new DirectoryEntry(adPath,
this._adUserName, this._adPassword, AuthenticationTypes.Delegation);
b) Create the DirectorySearcher object and execute the LDAP query from
the web part properties:
DirectorySearcher searcher = new
DirectorySearcher(root);
SearchResultCollection results;
searcher.ServerTimeLimit = TimeSpan.FromMinutes(5);
searcher.Filter =
"(&(objectClass=user)(objectCategory=person)(manager=*))";
searcher.PropertiesToLoad.Add("cn");
searcher.PageSize = 800;
try
{
results = searcher.FindAll(); // error occurs
here
Does anyone have any ideas? It seems that the code cannot access the
AD COM objects underneath the System.DirectoryServices objects on the
local machine, but I don't know what to do to fix it.
Thanks so much for your time.
but none of the suggestions worked. I developed a SharePoint 2003
portal locally and built a web part for it that reads user data from
Active Directory. It works fine deployed to the SPS server in our
domain--the DC is on a separate machine from SPS, and I can even cross
domains and read the user data from other trusted domains locally.
When I restored the portal at the client site and deployed the web
part, the part fails to read data from Active Directory and gets the
following error:
Exception Details: System.Runtime.InteropServices.COMException:
Unknown error (0x80005000)
[COMException (0x80005000): Unknown error (0x80005000)]
System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
+512
System.DirectoryServices.DirectoryEntry.Bind() +10
System.DirectoryServices.DirectoryEntry.get_AdsObject() +10
System.DirectoryServices.DirectorySearcher.FindAll(Boolean
findMoreThanOne) +198
System.DirectoryServices.DirectorySearcher.FindAll() +10
Namespace.SharePoint.WebPartCode.findUsers(DirectoryEntry root)
Here are some relevant points about the environment and things I
tried:
1) The SPS server is a member server of the domain we are trying to
pull AD from, but is not a DC.
2) We audited directory info access on the DC the code should have
been hitting, and it does not log any entries when it fails. This
leads me to believe that it is a problem on the SPS server and not the
double-hop issue.
3) The SPS portal's web config has the following entries:
<authentication mode="Windows" />
<authorization>
<allow users="*" />
</authorization>
<identity impersonate="true" />
4) The domain the SPS server is in runs in native mode.
5) The web part passes credentials to the DirectoryEntry object to use
in performing the retrieval. We elevated the permissions of the passed
account to a domain admin, but this did not help. Relevant code
sections are as follows:
a) Get the DirectoryEntry object and pass the credentials specified in
the web part properties page:
DirectoryEntry root;
try
{
root = new DirectoryEntry(adPath,
this._adUserName, this._adPassword, AuthenticationTypes.Delegation);
b) Create the DirectorySearcher object and execute the LDAP query from
the web part properties:
DirectorySearcher searcher = new
DirectorySearcher(root);
SearchResultCollection results;
searcher.ServerTimeLimit = TimeSpan.FromMinutes(5);
searcher.Filter =
"(&(objectClass=user)(objectCategory=person)(manager=*))";
searcher.PropertiesToLoad.Add("cn");
searcher.PageSize = 800;
try
{
results = searcher.FindAll(); // error occurs
here
Does anyone have any ideas? It seems that the code cannot access the
AD COM objects underneath the System.DirectoryServices objects on the
local machine, but I don't know what to do to fix it.
Thanks so much for your time.