Hi everybody,

I am using the code given by Microsoft (link: https://www.microsoft.com/en-us/download/details.aspx?id=13082 & https://msdn.microsoft.com/en-us/library/office/dn467395(v=exchg.150).aspx#bk_CodeExample) for SCP Record Lookup. Both links have same implementation. It works when the program is run from a computer in domain. But fails when the program is run from a computer not in domain. Kindly help me in solving this problem. Ask for clarifications if needed.

Thanks & regards,

Amit Jha

• Edited by jha.amit6666 Saturday, April 18, 2015 1:58 PM

To lookup Active Directory you will need LDAP access to a Domain Controller and also Active Directory credentials. That code already allows you pass in the name of the DC you want to access so you only need to modify

 List<string> scpUrls = GetScpUrls(null, domain);

like

 List<string> scpUrls = GetScpUrls("DCServername.domain.com", domain);

Then you need to change the code for the DirectoryEntry class that to use the Username and password see https://msdn.microsoft.com/en-us/library/system.directoryservices.directoryentry.username%28v=vs.110%29.aspx

Cheers
Glen

• Proposed as answer by Jason Johnston [MSFT]Microsoft employee, Moderator Monday, April 20, 2015 1:33 PM

To lookup Active Directory you will need LDAP access to a Domain Controller and also Active Directory credentials. That code already allows you pass in the name of the DC you want to access so you only need to modify

 List<string> scpUrls = GetScpUrls(null, domain);

like

 List<string> scpUrls = GetScpUrls("DCServername.domain.com", domain);

Then you need to change the code for the DirectoryEntry class that to use the Username and password see https://msdn.microsoft.com/en-us/library/system.directoryservices.directoryentry.username%28v=vs.110%29.aspx

Cheers
Glen

• Proposed as answer by Jason Johnston [MSFT]Microsoft employee, Moderator Monday, April 20, 2015 1:33 PM
• Unproposed as answer by jha.amit6666 Thursday, April 23, 2015 1:47 PM

Hi Glen,

Using ADExplorer, I can login and search all containers in all three Active Directory.

More information:

Active directory is installed in the servers in colored boxes.

1) If I run the program for SCP Record Lookup, in child1.parent1.com for parent1.com domain, then everything is fine.

2) If I run the program for SCP Record Lookup, in child1.parent1.com for child2.parent1.com domain, then error is "There is no such object on the server."

3) If I run the program for SCP Record Lookup, in child1.parent1.com for parent2.com domain, then error is "A referral was returned from the server."

4) If I run the program for SCP Record Lookup, in child2.parent1.com for child2.parent1.com domain, then everything is fine.

5) If I run the program for SCP Record Lookup, in child2.parent1.com for parent1.com domain, then error is "A referral was returned from the server."

6) If I run the program for SCP Record Lookup, in child2.parent1.com for parent2.com domain, then error is "A referral was returned from the server."

7) If I run the program for SCP Record Lookup, in child.parent2.com for parent2.com domain, then everything is fine.

8) If I run the program for SCP Record Lookup, in child.parent2.com for parent1.com domain, then error is "A referral was returned from the server."

9) If I run the program for SCP Record Lookup, in child.parent2.com for child2.parent1.com domain, then error is "A referral was returned from the server."

• Edited by jha.amit6666 1 hour 25 minutes ago

Hi Glen,

Using ADExplorer, I can login and search all containers in all three Active Directory.

More information:

Active directory is installed in the servers in colored boxes.

1) If I run the program for SCP Record Lookup, in child1.parent1.com for parent1.com domain, then everything is fine.

2) If I run the program for SCP Record Lookup, in child1.parent1.com for child2.parent1.com domain, then error is "There is no such object on the server."

3) If I run the program for SCP Record Lookup, in child1.parent1.com for parent2.com domain, then error is "A referral was returned from the server."

4) If I run the program for SCP Record Lookup, in child2.parent1.com for child2.parent1.com domain, then everything is fine.

5) If I run the program for SCP Record Lookup, in child2.parent1.com for parent1.com domain, then error is "A referral was returned from the server."

6) If I run the program for SCP Record Lookup, in child2.parent1.com for parent2.com domain, then error is "A referral was returned from the server."

7) If I run the program for SCP Record Lookup, in child.parent2.com for parent2.com domain, then everything is fine.

8) If I run the program for SCP Record Lookup, in child.parent2.com for parent1.com domain, then error is "A referral was returned from the server."

9) If I run the program for SCP Record Lookup, in child.parent2.com for child2.parent1.com domain, then error is "A referral was returned from the server."

• Edited by jha.amit6666 Wednesday, April 22, 2015 6:02 AM

Is your code querying a Global Catalogue server ? the configuration partition (which is where the SCP records are) should be replicated to every DC within a forest so you should only have to query the local DC to get the information for the whole forest. If you have federation and different forests then that's a different story.

Why don't you use DNS instead of SCP ?

Cheers
Glen

Hi Glen,

I think I am searching Global Catalog Server only.

Kindly enlighten me on how to use DNS instead of SCP records.

In the code given in the links mentioned in the two links in the question in the beginning,

string configPath = rootDSE.Properties["configurationNamingContext"].Value as string;

works fine. But, errors are given by this code

System.DirectoryServices.DirectorySearcher.FindAll();

So, the problem is when we search the Active Directory.

• Edited by jha.amit6666 56 minutes ago

Hi Glen,

I am searching Global Catalog Server. Here is the snapshot of one the server.

Kindly enlighten me on how to use DNS instead of SCP records.

In the code given in the links mentioned in the two links in the question in the beginning,

string configPath = rootDSE.Properties["configurationNamingContext"].Value as string;

works fine. But, errors are given by this code

System.DirectoryServices.DirectorySearcher.FindAll();

So, the problem is when we search the Active Directory.

• Edited by jha.amit6666 20 hours 39 minutes ago

Hi Glen,

I am searching Global Catalog Server. Here is the snapshot of one the server.

Kindly enlighten me on how to use DNS instead of SCP records.

In the code given in the links mentioned in the two links in the question in the beginning,

string configPath = rootDSE.Properties["configurationNamingContext"].Value as string;

works fine. But, errors are given by this code

System.DirectoryServices.DirectorySearcher.FindAll();

So, the problem is when we search the Active Directory.

• Edited by jha.amit6666 Wednesday, April 22, 2015 10:47 AM

A key thing is "searching the Active Directory". Since the computer that's doing the searching is not Domain Joined, are you using Domain credentials in your code to authenticate and bind to the Active Directory before running the search? The SCP object is in Active Directory, and can only be used if you bind correctly to it.

Luke Edson

Hi Luke,

I have logged in to ADExplorer using the credentials of the user in the corresponding Active Directory. The snapshot is attached as a reference.

Do I need to use LDAP API or Active Directory Service Interfaces to solve this problem, or will this problem be reproduced there also?

• Edited by jha.amit6666 14 hours 3 minutes ago

My point exactly. You "logged in" with ADExplorer, is your code logging on too?

Luke Edson

Hi Luke,

Yes, code also logs in. I have replied in comments many times. The search doesn't work and gives errors.

Hi Luke,

I have logged in to ADExplorer using the credentials of the user in the corresponding Active Directory. The snapshot is attached as a reference.

Do I need to use LDAP API or Active Directory Service Interfaces to solve this problem, or will this problem be reproduced there also?

• Edited by jha.amit6666 Wednesday, April 22, 2015 5:23 PM

Did you also change the

DirectoryEntry configEntry = new DirectoryEntry("LDAP://" + configPath);

to include the credentials to use ?

I'd suggest you just use the Autodiscover class in the Managed API https://msdn.microsoft.com/en-us/library/office/jj900155%28v=exchg.150%29.aspx

This will look up at all the DNS paths for you and you just need a couple of lines of code to use it.

Cheers
Glen

Hi Glen,

I used credentials in the code you suggested, and I got "Logon failure: unknown user name or bad password." error.

I was using Autodiscover for Exchange, but it connects to the default domain. E.g., If I run the program in child1.parent1.com the Autodiscover sends request the default domain only. What if Exchange Server is installed in other domain? This time it will fail and we couldn't get Autodiscover URL, and subsequently we couldn't get EWS URL.

• Edited by jha.amit6666 34 minutes ago

Hi Glen,

I used credentials in the code you suggested, and got "Logon failure: unknown user name or bad password." error.

I was using Autodiscover for Exchange, but it connects to the default domain. E.g., If I run the program in child1.parent1.com the Autodiscover sends request the default domain only. What if Exchange Server is installed in other domain? If Exchange Server is installed in other  domain, it will fail because we couldn't get Autodiscover URL, and subsequently we couldn't get EWS URL.

Here is the StackTrace of the exception when I get "A referral was returned from the server."

at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_AdsObject()
at System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne)
at System.DirectoryServices.DirectorySearcher.FindAll()
at ScpLookup.Program.GetScpUrls(String ldapServer, String domain) in c:\Users\user\Documents\Visual Studio 2013\Projects\SCPLookUp\SCPLookUp\Program.cs:line 94

Exception: System.DirectoryServices.DirectoryServicesCOMException

ExtendedError: 8235

ExtendedErrorMessage: "0000202B: RefErr: DSID-031007EF, data 0, 1 access points\n\tref 1: 'parent2.com'\n"

• Edited by jha.amit6666 Friday, April 24, 2015 5:25 AM

Hi Glen,

Autodiscover configuration is fine as it is accessible from the domain. Also using LDP, I could find the SCP Pointers and using Active Directory also. The mailboxes are not accessible from outside network.