Sign in to follow this  
Followers 0
Joystik59

Authenticating to second domain

9 posts in this topic

Hi all,

Have a problem with authenticating to a different domain. Have searched the forums, but could not find a solution.

Preliminary info:

DomainA - Server 2003 R2 - Functional Level 2003

DomainB - Server 2003 - Functional Level 2000

User ID and PW's are the same in both domains.

My XP workstation is in DomainA

Using the following code, I do get back an array of information for my user ID when using the vars for DomainA. If I switch the vars to DomainB, I get a return code of '0' (failure) on the _ad_open, and an error code of '8'. I did run Water's little script to get the $sAD_ConfigurationParam info on the DomainB DC, so I believe it is correct. I have been able to get information from both domains using an ADODB connection and setting the appropriate properties, however I would rather use the ad.au3 functions, as they are much simpler to use. Any assistance would be appreciated. Thanx in advance.

$strUserID = "myuserid"
$strPW = "mypassword"
$strDomain = "dc=DomainA,dc=org"
$strDomainController = "DC-A.DomainA.org"
;$strDomain = "dc=DomainB,dc=org"
;$strDomainController = "DC-B.DomainB.org"

$intADOpenRet = _AD_Open($strUserID, $strPW, $strDomain, $strDomainController, "CN=Configuration," & $strDomain)
$intADOpenErr = @Error
Consolewrite("$intADOpenRet = " & $intADOpenRet & @CRLF)
Consolewrite("$intADOpenErr = " & $intADOpenErr & @CRLF)
$aProperties = _AD_GetObjectProperties($strUserID)
_ArrayDisplay($aProperties)
_AD_Close()

Share this post


Link to post
Share on other sites



do you have a windows vista or windows 7 client in domain a? You can get detailed error information as described in the _ad_open example.


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-04-18 - Version 1.4.8.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-27 - Version 1.3.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

I ran the example script on a Windows 2008 server. Got @error 8; @extended -2147352567. I'll have to keep searching if you still want me to run it on Win 7.

BTW - thanx for the incredibly fast response.

Share this post


Link to post
Share on other sites

#4 ·  Posted (edited)

There seems to be a problem with OpenDsObject.

Could you please set line 159 to

Global Const $ADS_USE_ENCRYPTION = 0x0
and comment (deactivate) line
$oAD_Connection.Properties("Encrypt Password") = True ; Encrypts userid and password
Edited by water

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-04-18 - Version 1.4.8.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-27 - Version 1.3.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

There seems to be a problem with OpenDsObject.

Could you please set line 159 to

Global Const $ADS_USE_ENCRYPTION = 0x0
and comment (deactivate) line
$oAD_Connection.Properties("Encrypt Password") = True ; Encrypts userid and password

Same error.

Share this post


Link to post
Share on other sites

#6 ·  Posted (edited)

Could you please insert the following code before

$iAD_Debug = 2
Local $sAD_Hive = "HKLM"
If @OSArch = "IA64" Or @OSArch = "X64" Then $sAD_Hive = "HKLM64"
Local $sAD_OSVersion = RegRead($sAD_Hive & "\SOFTWARE\Microsoft\Windows NT\CurrentVersion", "CurrentVersion")
$sAD_OSVersion = StringSplit($sAD_OSVersion, ".")
Msgbox(0,"", "Osversion: " & $sAD_OSVersion)
and after your call to _AD_Open and post the results?

Global $aError = _AD_GetLastADSIError()
_ArrayDisplay($aError)

Edit: What comes to my mind: Could you please use the NetBIOS name to login?

$strUserID = "DomainB\myuserid"
Edited by water

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-04-18 - Version 1.4.8.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-27 - Version 1.3.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

Did some more playing. Seems to be the $bAD_BindFlags parm and encryption. I replaced

$bAD_BindFlags = BitOR($ADS_SECURE_AUTH, $ADS_SERVER_BIND, $ADS_USE_ENCRYPTION)

with

$bAD_BindFlags = BitOR($ADS_SECURE_AUTH, $ADS_SERVER_BIND)

And it seems to work fine.

Share this post


Link to post
Share on other sites

#8 ·  Posted (edited)

Did some more playing. Seems to be the $bAD_BindFlags parm and encryption. I replaced

$bAD_BindFlags = BitOR($ADS_SECURE_AUTH, $ADS_SERVER_BIND, $ADS_USE_ENCRYPTION)

with

$bAD_BindFlags = BitOR($ADS_SECURE_AUTH, $ADS_SERVER_BIND)

And it seems to work fine.

But removing the $ADS_USE_ENCRYPTION flag or setting it to 0x0 (as I suggested ) should yield the same result.

Don't understand the difference :x

The next version will include a new flag to use SSL and password encryption (as soon as I find a good docu on the internet - because M$s docu is very, very bad on this flags).

Edited by water

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-04-18 - Version 1.4.8.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-27 - Version 1.3.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

Did some more playing. Seems to be the $bAD_BindFlags parm and encryption. I replaced

$bAD_BindFlags = BitOR($ADS_SECURE_AUTH, $ADS_SERVER_BIND, $ADS_USE_ENCRYPTION)

with

$bAD_BindFlags = BitOR($ADS_SECURE_AUTH, $ADS_SERVER_BIND)

And it seems to work fine.

Thank you thank you! Spent all day trying to figure out why it wasn't working. I could get it working on same server using a simple vb script with same parameters, but _AD_Open() kept throwing errors like yours.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0