connecting problem in vb.net with ldap to active directory

Question

I am upgrading our servers and .net application from windows 2000 to the newly-purchased windows 2012R2 servers.  There is one function which works in windows 2000 but doesn’t work in windows 2012R2. 

I am running an .net 2.0 internal application in windows 2000 and IIS 5.0 using Visual Studio professional 2015.  There is one function in this application which will make a function call to an AD server using LDAP to check the login id and password in Active Directory.  It is running perfectly fine before. However, once I upgrade to this new window2012R2 server running .net 2.0, it doesn’t work. The function in the application is not able to get authorization in the Active Directory. The function as below:

            Private Function IsAuthenticatedByAD(ByVal sUid As String, ByVal sPwd As String) As Boolean

            Dim direntRoot As DirectoryEntry, direntUsr As DirectoryEntry
            Dim sDomain As String, sDomainAndUid As String
            Dim dirsrchUsr As DirectorySearcher, oNative As Object

            direntRoot = New DirectoryEntry("LDAP://rootDSE")
            sDomain = direntRoot.Properties("DefaultNamingContext")(0)

            sDomainAndUid = String.Format("{0}\{1}", sDomain, sUid)
            direntUsr = New DirectoryEntry(direntRoot.Path, sDomainAndUid, sPwd)

            Try
                oNative = direntUsr.NativeObject
            Catch ex As Exception
                Return False
            End Try

            Return True

            End Function


The username existed in AD and the password is correct for sure. I received error message in the "Try" section when run oNative = ....
The error message as below:

"System.DirectoryServices.DirectoryServicesCOMException (0x8007052E): The user name or password is incorrect." & vbCrLf & vbCrLf & "   at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)" & vbCrLf & "   at System.DirectoryServices.DirectoryEntry.Bind()" & vbCrLf & "   at System.DirectoryServices.DirectoryEntry.get_NativeObject()" & vbCrLf & "   at ums.business.UsrMgmtBus.IsAuthenticatedByAD(String sUid, String sPwd) in C:\inetpub\wwwroot\ums\business\UsrMgmtBus.vb:line 127"

Please help. Thanks a lot.

Answer 1

Well if the issue has nothing to do with the configuration of the Windows Server 2012 r2 regarding LDAP and Directory Services or Security or something else misconfigured causing the issue I have no idea.

Active Directory Lightweight Directory Services Overview - Updated: February 29, 2012 - Applies To: Windows Server 2012

However at this link in C# Howto: (Almost) Everything In Active Directory via C# (from 2008) I found code converted to VB.Net using Telerik. It is the code, below your code, in the code window below. It seems much different from your code. Whether it will work or not or if it does the same thing your code does I don't know that either.

My suspicion would be the Windows Server 2012 r2 system is not configured correctly somewhere.

' Below code is your code.


            Private Function IsAuthenticatedByAD(ByVal sUid As String, ByVal sPwd As String) As Boolean

             Dim direntRoot As DirectoryEntry, direntUsr As DirectoryEntry
             Dim sDomain As String, sDomainAndUid As String
             Dim dirsrchUsr As DirectorySearcher, oNative As Object

             direntRoot = New DirectoryEntry("LDAP://rootDSE")
             sDomain = direntRoot.Properties("DefaultNamingContext")(0)

             sDomainAndUid = String.Format("{0}\{1}", sDomain, sUid)
             direntUsr = New DirectoryEntry(direntRoot.Path, sDomainAndUid, sPwd)

             Try
                 oNative = direntUsr.NativeObject
             Catch ex As Exception
                 Return False
             End Try

             Return True

             End Function


' Below code converted from C# to VB.Net from link provided.


Private Function Authenticate(userName As String, password As String, domain As String) As Boolean
	Dim authentic As Boolean = False
	Try
		Dim entry As New DirectoryEntry(Convert.ToString("LDAP://") & domain, userName, password)
		Dim nativeObject As Object = entry.NativeObject
		authentic = True
	Catch generatedExceptionName As DirectoryServicesCOMException
	End Try
	Return authentic
End Function

---

La vida loca

Answer 2

Thanks for your advice. I will check and try. Cheers.

Answer 3

Hi, 

Thanks. I have tried your code and still got error. I believe it is something mis-configure in the new server running windows 2012 R2.  I have selected the application running with .net 2.0 classic and 32 bit mode. Really desperate. Would you think of anything from the server side? 

Answer 4

Hi, 

Thanks. I have tried your code and still got error. I believe it is something mis-configure in the new server running windows 2012 R2.  I have selected the application running with .net 2.0 classic and 32 bit mode. Really desperate. Would you think of anything from the server side? 

Well if there is an issue with the Windows Server 2012 r2 configuration perhaps rather than display code you should describe the issue you are having with your program in that it works for Windows 2000 but not Windows Server 2012 r2 in one of these two forums Windows Server 2012 General or Windows Server 2012 Essentials but not both just because you want an answer. I don't know what the Essentials forum is for.

Maybe in one of those forums somebody will know why a program that could do something on Windows 2000 can not on Windows Server 2012 r2.

---

La vida loca

Answer 5

Try using System.DirectoryServices.AccountManagement instead. Keep it simple at first to troubleshoot:

        Dim isValid As Boolean = False

        Try
            Dim principalContextObject = New PrincipalContext(System.DirectoryServices.AccountManagement.ContextType.Domain)
            isValid = principalContextObject.ValidateCredentials(userID, password)
        Catch ex As Exception
            '...
        End Try

---

Paul ~~~~ Microsoft MVP (Visual Basic)