Announcement

Collapse
No announcement yet.

Delegate Control Leads to Logon failure

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Delegate Control Leads to Logon failure

    Hi,

    We have a situation where the domain controllers are not available to us and we are only allowed access to an OU. We were told that the OU Admins were created by delegating control in AD to the OU. We set up a test environment and used the delegate control wizard.

    I have created an application (C#) that logs on to the LDAP server and gets/sets some information. If I log on with

    LDAP://dc=MyCompany,dc=com or
    LDAP://ou=DelegatedOrg,dc=MyCompany,dc=com

    I get an error "Logon Failure: unknown user name or bad password." But if I use

    LDAP://MyCompany.com

    with the same credentials I get in fine. I can see the whole tree, but I cannot change any information except that which I have been delegated. That is expected. But why can't I log in with the other notation?

    Thanks,

    Richard

  • #2
    Re: Delegate Control Leads to Logon failure

    My understanding in this is limited but I think that what you're doing is connecting to the LDAP server and then you run a query.

    e.g. LDAP://mycompany.com/ou=DelegatedOrg,dc=MyCompany,dc=com
    Regards,
    Jeremy

    Network Consultant/Engineer
    Baltimore - Washington area and beyond
    www.gma-cpa.com

    Comment


    • #3
      Re: Delegate Control Leads to Logon failure

      Yes, that is what I am doing. But I usually have gone to the root and used the

      LDAP://dc=MyCompany,dc=com

      notation, and it has worked this far. I would rather not have to change over my application to parse the LDAP string if I don't have to.

      The main thing is it doesn't make sense to me why the notation doesn't work once it uses an account that has delegated control.

      Thanks,

      Richard

      Comment


      • #4
        Re: Delegate Control Leads to Logon failure

        Yes, that is puzzling and I'm afraid we've reached the limits of my knowledge on the subject.
        Regards,
        Jeremy

        Network Consultant/Engineer
        Baltimore - Washington area and beyond
        www.gma-cpa.com

        Comment

        Working...
        X