I have been asked to write a small utility to copy users from an AD to another system.
I found this posting which looks perfect to get me going...
How can I get a list of users from active directory?
As I don't have an AD to work with, I went to my Azure portal and created one on there to test against...
Then, it looked like all I needed to do was insert my domain in this line....
using (var context = new PrincipalContext(ContextType.Domain, "yourdomain.com"))
My domain, as supplied by Azure is xxxx.onmicrosoft.com
but when I run the code, I keep getting
An unhandled exception of type 'System.DirectoryServices.AccountManagement.PrincipalServerDownException' occurred in System.DirectoryServices.AccountManagement.dll
Additional information: The server could not be contacted.
Can anyone see what I am missing please?
i borrowed my mates old server and built a local server 2012 and joined the domain.
probably not everyone's answer. but worked for me.
(if i had more time i would have liked to get the azure domain working... im sure i built it right. just didn't work.
so that's my answer.
Related
I'm working on an application that uses some kind of single sign on with Active Directory.
On my side, I'm trying to get some groups to see if the user is member of them.
Sometimes, I get the following error:
The server is not operational
The DirectoryEntry object is created like this:
using(DirectoryEntry ldapConnection = new DirectoryEntry(ldapDomain))
{ Path = ldapPath, AuthenticationType = AuthenticationTypes.Secure }
where ldapDomain is x.y.corp and the ldapPath is
LDAP://OU=someAppId,OU=someGroupName,OU=someClusterName,OU=someResourceName,DC=x,DC=y,DC=corp
After some analysis with the AD team we find out that the controller was removed from the x.y.corp domain but for some reason the Domain Controller is still redirecting to it but the server is down. This generates the error message shown above.
My questions are:
is there any possible retry mechanism or error handling on my side? (The exception is indeed catch now but is thrown further)
is there a way to tell the domain controller to not use the server anymore from backend code?
is there a problem with the construction of the DirectoryEntry? Is it possible to request the "DC" parameters one at a time and to redirect outside the domain...?
is there any cache on my side for domain controllers?
Thank you!
This is something your administrators need to fix. It sounds like DNS is still advertising the DC that is down. You can confirm this by typing this in the command line:
nslookup x.y.corp
The DNS lookup will show several IPs in a different order each time you do the lookup. Whichever one shows up first is the one that will be used.
If the IP address of the decommissioned DC still shows up in the list, then they need to fix that. Anything you do in code will just be a hack to get around something that shouldn't be happening in the first place.
I stumbled upon MantisBT recently and got it set up at my workplace for future bug tracking. I wanted to make a neat little library we can use in our applications so that users can report bugs to us directly from the application in question.
Currently in a sandbox application I made to try and understand MantisConnect. I consumed the webservice successfully and I can make a client. But if I try and do this:
MantisConnectPortTypeClient client = new MantisConnectPortTypeClient();
UserData usrData = client.mc_login("omitted", "omitted");
I get a FaultException and the message "Access Denied"
Currently running Mantis 1.3.rc-dev.02
Any ideas on why this simple call is denied? It doesn't matter what user I use. It gets denied regardless.
Okay I figured it out.
The WSDL file on the server was still pointing to mantisbt.org instead of our local server. Changed it to our local server address and it worked fine.
I had some problems with using the authorization before so I got a brand new everything - new computer, new OS, fresh installation of VS, new app and DB in a new resource group on the Azure. The whole shabang.
I can confirm that I can log in to the Azure DB as the screenshots below show.
I can see the databases, tables, users etc.
The problem is that, although it works locally (using the default connection string provided automagically for me), it doesn't perform very well in the Azure (although I'm using the publish file from there). It said something about the file not being found and according to this answer, I needed to change the connection string.
After I've altered it, I get the following error. Please note that the firewall is open and that I can access the DB when I run the code of my applications. I feel that there's something that goes wrong when the authentication part is automatically configured. I'm out of ideas on how to trouble-shoot it, though.
[SqlException (0x80131904): Login failed for user 'Chamster'.
This session has been assigned a tracing ID of '09121235-87f3-4a92-a371-50bc475306ca'. Provide this tracing ID to customer support when you need assistance.]
The connection string I'm using is this.
Server=tcp:f8goq0bvq7.database.windows.net,1433;
Database=Squicker;
User ID=Chamster#f8goq0bvq7;
Password=Abc123();
Encrypt=True;
TrustServerCertificate=False;
Connection Timeout=10;
This issue's bothered me for a while and I'll be bounting it in two days. Any suggestion's warmly appreciated.
I believe I've managed to resolve this weird issue. It appears that the user I'm using, despite being admin with all bells and whistles isn't recognized as admin when used in the connection string and trying to create the tables (which is the case at the first registration).
My solution was to create two logins - one with db_owner role and one with db_datareader and db_datawriter. First, I've used the elevated user in my connection string and registered a single user. That created the tables in the database as shown below.
Then, while able to continue as admin, I realized that we should try the demoted user and tada!, it worked perfectly. Once the tables were there, the whole shabeling behaved as expected.
To be perfectly sure, I dropped the tables from the database and there it was - the same issues as before. When I changed to the elevated user, the tables were restored allowing me to get back to the demoted one.
I also tried dropping the tables, confirming the issues to re-appear and then creating the tables manually. That works too! So basically,the only gotcha that caused it all was the original admin who's not treated as admin.
It might have to do with the fact that my Azure account's getting a bit old, LiveID used there is ancient and that didn't have an updated version of DB in Azure (the pull-up to v12 was carried out the 18th of December, so it's possible that it also was a requirement to get it working). I'm too tired and lazy to check that out and I realize that I've no idea how to get an "old" type of account. Besides, the issue will decrease and gradually vanish because the old accounts get upgraded eventually.
I know in Windows 2008 AD, we have msTsProfilePath AD attribute using which we can directly set the terminal service profile path.
But we have windows 2003 AD and i need to set terminal service profile path using C#.
I came across following article and have come to know from some other articles that terminal service profile path gets stored in userParameters property.
http://www.selfadsi.org/user-attributes-w2k3.htm#List
Can somebody tell me how to set CtxWFProfilePath in userParameters through C# ?
Thanks,
Nikhil.
Update: Please refer to this MSDN forum where this gentleman "Konrad Neitzel" directed me to some useful links. But as mentioned in the thread, i am finding difficulties in using WTSSetUserConfig method. Any idea ?
I battled with this one too but finally was able to put together a working solution from dozens of different sites. I'm not sure is this exactly what you are needing but hopefully it helps
PrincipalContext domainContext = new PrincipalContext(ContextType.Domain, "name", "container");
UserPrincipals user = UserPrincipals.FindByIdentity(domainContext, "ad_user_name");
DirectoryEntry dirEntry = (user.GetUnderlyingObject() as DirectoryEntry);
dirEntry.InvokeSet("TerminalServicesProfilePath", "yourpath");
dirEntry.CommitChanges();
You can find all the attributes from this site (another tough thign to find out)
http://www.virtualizationadmin.com/articles-tutorials/terminal-services/scripting/scripting-server-based-computing-terminal-services-attributes-active-directory-user-objects.html
I am working on development machine without making any user account [i have three of four account who comes when i installed them].
so i open the connection everywhere by a globals variable who hold the connectionstring off-course value of variable can not be changed it's constant.
i open the connection using root account who come by default in mysql server. they work fine everywhere.
but my code try to run a command then server return the error that
The user specified as a definer ('admin'#'localhost') does not exist
i don't know why i got this error even in debug i found that connection open by root and they work fine everywhere else.
so the problem is why they tell me about admin#localhost even the connection my code open by root.
are their anything my code try to do who need authentication or need admin account even they not have then give me exception.
Are you know that what is gone wrong.
I got this error after DB was moved to another server.
There no such user 'admin' so I got the error.
Solution:
log into mysql as root
grant all on *.* to admin#localhost identified by "s!5_superp#ss!";
flush privileges;