Last post Jan 25, 2012 07:29 AM by Danish Aleem Qureshi
Jun 24, 2008 11:36 PM|phanhoangduc|LINK
I am trying write function to check User in Active Directory
This my code :
DirectoryEntry de = new DirectoryEntry("LDAP://myDomain");
DirectorySearcher deSearch = new DirectorySearcher();
deSearch.SearchRoot = de;
deSearch.Filter = "(&(objectClass=user)(sAMAccountName=" + userName + "))";
deSearch.SearchScope = SearchScope.Subtree;
SearchResult results = deSearch.FindOne(); //-->Error here
if (results != null)
catch (Exception ex)
throw new Exception(ex.Message);
When I run on Localhost (with IP : 192.168.0.67) it very well, but I get other PC (in the same domain with IP : 192.168.0.68) connect to PC (192.168.0.67)
It throw exception : "An operations error occurred"
* Note this my webconfig file
<authentication mode="Windows"/> <identity impersonate="true"/>
I don't know why? Please help me! Thank you very much!
Jun 25, 2008 07:18 AM|johram|LINK
Are you running in IIS or in Visual Studio? When you run in Visual Studio, all AD operations will be performed in the context of your windows user. When you deploy it to an IIS, you need to configure the credentials with which the AD should be accessed.
It will not work out of the box in IIS, even if you change web.config. Read Ryan
Dunn's Common System.DirectoryServices Issues and Solutions to get an overview of the options you have.
Jun 25, 2008 09:24 PM|phanhoangduc|LINK
Thank for reply !
I use IIS5
I read dunnry's article but I don't understand
Q: How can I get my code running on the web then?
A: You have a variety of options, some better than others:
1. Explicitly specify credentials on the DirectoryEntry - use the constructor or .Username and .Password (don't forget your AuthenticationTypes.Secure).
2. Put your code into a COM+ component and run it with a domain user's identity <----- I don't understand here
3. Use delegation (<identity impersonate="true" />).
4. Run the process (IIS process or ASPNET process) as a domain user. This means setting an App Pool identity in IIS6 or changing the Anonymous account in IIS5 and using impersonation.
5. Programmatically impersonate a domain user when necessary.
Could you tell me about it. If possible send for me a small sample.
Thank you very much.
Jun 30, 2008 10:26 AM|johram|LINK
Easiest thing to do is to simply uncheck anonymous access in the security settings for your web site in IIS and also make sure you check integrated security. This will cause your web to run under the credentials of the visiting domain user, and subsequent
AD calls will run in the same context.
Dec 23, 2009 08:41 AM|rishi23|LINK
Hey I am having the same issue,I am quite not able to figure out how to deal with it, I followed your steps to Disable anonymous and enable impersonate in the IIS yet I get the same error when the site is on the box.
It is the same error operation cannot be performed.
Is there anything else I might be missing?
Mar 02, 2010 05:01 PM|rishi23|LINK
Removing the port number from the LDAP server ip address did solve the problem for me, i am not very sure why would it happen but read somewhere that it has something to do with some ports being dedicated and not being secure to process the invoke,invoke
get and invoke set functions.
Mar 29, 2011 09:12 AM|DaNuGai|LINK
I was having a similar issue and found that if you change the AppPool Identity for that application to
Network Service, you don't get the above error.
Jul 18, 2011 09:06 AM|vijay_sutaria|LINK
I was having the same issue.
I was getting this error only after deployed at webserver, it was working perfect on my machine.
I found that ,at server, in IIS, the Impersonation was remained check with Window Authentication.
and by removing this impersonation in IIS,,, the error gone...
Jan 25, 2012 07:29 AM|Danish Aleem Qureshi|LINK