Directory Programming .NET

Active Directory and ADAM programming support for .NET developers
Welcome to Directory Programming .NET Sign in | Join | Help
in Search
Home Forums Files Roller
Directory Programming .NET » General Discussions » Active Directory/ADAM LDAP Dis... » Unauthorized exception

Unauthorized exception

Last post 09-30-2010, 3:40 PM by chris128. 2 replies.
Sort Posts: Previous Next

  •  04-06-2010, 6:37 PM 8157

    Unauthorized exception

    Normal 0 false false false EN-US X-NONE X-NONE MicrosoftInternetExplorer4
    I am trying to the use method called  "moveto" to move a user from one container to another in C#.

    DirectoryEntry dirEntry = new DirectoryEntry( "LDAP://CN=test test,OU=Cap,DC=adc,DC=xyz");
    DirectoryEntry dirEntry1 = new DirectoryEntry("LDAP:// OU=App,    DC=adc,DC=xyz");
     dirEntry.MoveTo(dirEntry1);

     On my local machine everything works perfectly but on the server 2003 machine display this message

      General access denied error

    This is Unauthorized exception error  

       at System.DirectoryServices.Interop.UnsafeNativeMethods.IAdsContainer.MoveHere(String sourceName, String newName)

       at System.DirectoryServices.DirectoryEntry.MoveTo(DirectoryEntry newParent, String newName)

       at System.DirectoryServices.DirectoryEntry.MoveTo(DirectoryEntry newParent)

       at BridgeActiveDirectoryLibs.ADHelper.MoveUserOneContainertoTheNext(DirectoryEntry Entry, String newContainer, String oldContainer, String loginName) in

    The wired thing about this issue is that all the rest of my method are work perfectly both on the server and local. Can anyone figure out what's wrong??

  •  09-22-2010, 4:45 AM 8569 in reply to 8157

    Re: Unauthorized exception

    To move Active Directory objects from one OU/container to another, you need the following permissions:

    1) 'Write All Properties' and 'Delete' permissions on the object being moved.
    2) 'Create All child Objects' on the target OU/container.

    By default builtin Administrators group members having these permissions.

    The DirectoryEntry constructors allow us to initialize the DirectoryEntry object with alternate credentials like

    DirectoryEntry entry = new DirectoryEntry("LDAP://DC=domain,DC=com", UserName, Passwordl, AuthenticationTypes.Secure);

    //Bharath//

  •  09-30-2010, 3:40 PM 8593 in reply to 8569

    Re: Unauthorized exception

    Yeah I have sometimes encountered some strange permissions errors that have been resolved by using the Secure authentication method as shown in bharaths post (even if you just pass in the same credentials that you were logged on with anyway - the key part is the last argument that specifies that the authentication type is Secure).
    The downside of the constructor mentioned is that you need to provide a username and password... but you can just set the AuthenticationType property manually like so:

    Dim entry As New DirectoryEntry("LDAP://DC=domain,DC=com")
    entry.AuthenticationType = AuthenticationTypes.Secure

    or if you prefer one liners:

    Dim entry As New DirectoryEntry("DC=Domain,DC=com") With {.AuthenticationType = AuthenticationTypes.Secure}

    My website: cjwdev.co.uk
    My blog: cjwdev.wordpress.com
View as RSS news feed in XML
© Dunn & Kaplan, 2011