Authenticating to second domain

[Joystik59]

Hi all,

Have a problem with authenticating to a different domain. Have searched the forums, but could not find a solution.

Preliminary info:

DomainA - Server 2003 R2 - Functional Level 2003

DomainB - Server 2003 - Functional Level 2000

User ID and PW's are the same in both domains.

My XP workstation is in DomainA

Using the following code, I do get back an array of information for my user ID when using the vars for DomainA. If I switch the vars to DomainB, I get a return code of '0' (failure) on the _ad_open, and an error code of '8'. I did run Water's little script to get the $sAD_ConfigurationParam info on the DomainB DC, so I believe it is correct. I have been able to get information from both domains using an ADODB connection and setting the appropriate properties, however I would rather use the ad.au3 functions, as they are much simpler to use. Any assistance would be appreciated. Thanx in advance.

$strUserID = "myuserid"
$strPW = "mypassword"
$strDomain = "dc=DomainA,dc=org"
$strDomainController = "DC-A.DomainA.org"
;$strDomain = "dc=DomainB,dc=org"
;$strDomainController = "DC-B.DomainB.org"

$intADOpenRet = _AD_Open($strUserID, $strPW, $strDomain, $strDomainController, "CN=Configuration," & $strDomain)
$intADOpenErr = @Error
Consolewrite("$intADOpenRet = " & $intADOpenRet & @CRLF)
Consolewrite("$intADOpenErr = " & $intADOpenErr & @CRLF)
$aProperties = _AD_GetObjectProperties($strUserID)
_ArrayDisplay($aProperties)
_AD_Close()

[water]

do you have a windows vista or windows 7 client in domain a? You can get detailed error information as described in the _ad_open example.

[Joystik59]

I ran the example script on a Windows 2008 server. Got @error 8; @extended -2147352567. I'll have to keep searching if you still want me to run it on Win 7.

BTW - thanx for the incredibly fast response.

[water]

There seems to be a problem with OpenDsObject.

Could you please set line 159 to

Global Const $ADS_USE_ENCRYPTION = 0x0

and comment (deactivate) line

$oAD_Connection.Properties("Encrypt Password") = True ; Encrypts userid and password

Edited January 19, 2011 by water

[Joystik59]

There seems to be a problem with OpenDsObject.

Could you please set line 159 to

Global Const $ADS_USE_ENCRYPTION = 0x0

and comment (deactivate) line

$oAD_Connection.Properties("Encrypt Password") = True ; Encrypts userid and password

Same error.

[water]

Could you please insert the following code before

$iAD_Debug = 2
Local $sAD_Hive = "HKLM"
If @OSArch = "IA64" Or @OSArch = "X64" Then $sAD_Hive = "HKLM64"
Local $sAD_OSVersion = RegRead($sAD_Hive & "\SOFTWARE\Microsoft\Windows NT\CurrentVersion", "CurrentVersion")
$sAD_OSVersion = StringSplit($sAD_OSVersion, ".")
Msgbox(0,"", "Osversion: " & $sAD_OSVersion)

and after your call to _AD_Open and post the results?

Global $aError = _AD_GetLastADSIError()
_ArrayDisplay($aError)

Edit: What comes to my mind: Could you please use the NetBIOS name to login?

$strUserID = "DomainB\myuserid"

Edited January 19, 2011 by water

[Joystik59]

Did some more playing. Seems to be the $bAD_BindFlags parm and encryption. I replaced

$bAD_BindFlags = BitOR($ADS_SECURE_AUTH, $ADS_SERVER_BIND, $ADS_USE_ENCRYPTION)

with

$bAD_BindFlags = BitOR($ADS_SECURE_AUTH, $ADS_SERVER_BIND)

And it seems to work fine.

[water]

Did some more playing. Seems to be the $bAD_BindFlags parm and encryption. I replaced

$bAD_BindFlags = BitOR($ADS_SECURE_AUTH, $ADS_SERVER_BIND, $ADS_USE_ENCRYPTION)

with

$bAD_BindFlags = BitOR($ADS_SECURE_AUTH, $ADS_SERVER_BIND)

And it seems to work fine.

But removing the $ADS_USE_ENCRYPTION flag or setting it to 0x0 (as I suggested ) should yield the same result.

Don't understand the difference

The next version will include a new flag to use SSL and password encryption (as soon as I find a good docu on the internet - because M$s docu is very, very bad on this flags).

Edited January 23, 2011 by water

[bluechipps]

Did some more playing. Seems to be the $bAD_BindFlags parm and encryption. I replaced

$bAD_BindFlags = BitOR($ADS_SECURE_AUTH, $ADS_SERVER_BIND, $ADS_USE_ENCRYPTION)

with

$bAD_BindFlags = BitOR($ADS_SECURE_AUTH, $ADS_SERVER_BIND)

And it seems to work fine.

Thank you thank you! Spent all day trying to figure out why it wasn't working. I could get it working on same server using a simple vb script with same parameters, but _AD_Open() kept throwing errors like yours.