Authenticating to second domain

Joystik59 · January 18, 2011

Hi all,

Have a problem with authenticating to a different domain. Have searched the forums, but could not find a solution.

Preliminary info:

DomainA - Server 2003 R2 - Functional Level 2003

DomainB - Server 2003 - Functional Level 2000

User ID and PW's are the same in both domains.

My XP workstation is in DomainA

Using the following code, I do get back an array of information for my user ID when using the vars for DomainA. If I switch the vars to DomainB, I get a return code of '0' (failure) on the _ad_open, and an error code of '8'. I did run Water's little script to get the $sAD_ConfigurationParam info on the DomainB DC, so I believe it is correct. I have been able to get information from both domains using an ADODB connection and setting the appropriate properties, however I would rather use the ad.au3 functions, as they are much simpler to use. Any assistance would be appreciated. Thanx in advance.

$strUserID = "myuserid"
$strPW = "mypassword"
$strDomain = "dc=DomainA,dc=org"
$strDomainController = "DC-A.DomainA.org"
;$strDomain = "dc=DomainB,dc=org"
;$strDomainController = "DC-B.DomainB.org"

$intADOpenRet = _AD_Open($strUserID, $strPW, $strDomain, $strDomainController, "CN=Configuration," & $strDomain)
$intADOpenErr = @Error
Consolewrite("$intADOpenRet = " & $intADOpenRet & @CRLF)
Consolewrite("$intADOpenErr = " & $intADOpenErr & @CRLF)
$aProperties = _AD_GetObjectProperties($strUserID)
_ArrayDisplay($aProperties)
_AD_Close()

water · January 18, 2011

do you have a windows vista or windows 7 client in domain a? You can get detailed error information as described in the _ad_open example.

Joystik59 · January 18, 2011

I ran the example script on a Windows 2008 server. Got @error 8; @extended -2147352567. I'll have to keep searching if you still want me to run it on Win 7.

BTW - thanx for the incredibly fast response.

water · January 19, 2011

There seems to be a problem with OpenDsObject.

Could you please set line 159 to

Global Const $ADS_USE_ENCRYPTION = 0x0

and comment (deactivate) line

$oAD_Connection.Properties("Encrypt Password") = True ; Encrypts userid and password

Edited January 19, 2011 by water

Joystik59 · January 19, 2011

There seems to be a problem with OpenDsObject.
Could you please set line 159 to
Global Const $ADS_USE_ENCRYPTION = 0x0
and comment (deactivate) line
$oAD_Connection.Properties("Encrypt Password") = True ; Encrypts userid and password

Same error.

water · January 19, 2011

Could you please insert the following code before

$iAD_Debug = 2
Local $sAD_Hive = "HKLM"
If @OSArch = "IA64" Or @OSArch = "X64" Then $sAD_Hive = "HKLM64"
Local $sAD_OSVersion = RegRead($sAD_Hive & "\SOFTWARE\Microsoft\Windows NT\CurrentVersion", "CurrentVersion")
$sAD_OSVersion = StringSplit($sAD_OSVersion, ".")
Msgbox(0,"", "Osversion: " & $sAD_OSVersion)

and after your call to _AD_Open and post the results?

Global $aError = _AD_GetLastADSIError()
_ArrayDisplay($aError)

Edit: What comes to my mind: Could you please use the NetBIOS name to login?

$strUserID = "DomainB\myuserid"

Edited January 19, 2011 by water

Joystik59 · January 19, 2011

Did some more playing. Seems to be the $bAD_BindFlags parm and encryption. I replaced

$bAD_BindFlags = BitOR($ADS_SECURE_AUTH, $ADS_SERVER_BIND, $ADS_USE_ENCRYPTION)

with

$bAD_BindFlags = BitOR($ADS_SECURE_AUTH, $ADS_SERVER_BIND)

And it seems to work fine.

water · January 20, 2011

Did some more playing. Seems to be the $bAD_BindFlags parm and encryption. I replaced
$bAD_BindFlags = BitOR($ADS_SECURE_AUTH, $ADS_SERVER_BIND, $ADS_USE_ENCRYPTION)
with
$bAD_BindFlags = BitOR($ADS_SECURE_AUTH, $ADS_SERVER_BIND)
And it seems to work fine.

But removing the $ADS_USE_ENCRYPTION flag or setting it to 0x0 (as I suggested ) should yield the same result.

Don't understand the difference

The next version will include a new flag to use SSL and password encryption (as soon as I find a good docu on the internet - because M$s docu is very, very bad on this flags).

Edited January 23, 2011 by water

bluechipps · February 7, 2011

Did some more playing. Seems to be the $bAD_BindFlags parm and encryption. I replaced
$bAD_BindFlags = BitOR($ADS_SECURE_AUTH, $ADS_SERVER_BIND, $ADS_USE_ENCRYPTION)
with
$bAD_BindFlags = BitOR($ADS_SECURE_AUTH, $ADS_SERVER_BIND)
And it seems to work fine.

Thank you thank you! Spent all day trying to figure out why it wasn't working. I could get it working on same server using a simple vb script with same parameters, but _AD_Open() kept throwing errors like yours.

Sign In

Authenticating to second domain

Recommended Posts

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Create an account or sign in to comment

Create an account

Sign in

Recently Browsing 0 members