Hi everybody,

I am using the code given by Microsoft (link: https://www.microsoft.com/en-us/download/details.aspx?id=13082 & https://msdn.microsoft.com/en-us/library/office/dn467395(v=exchg.150).aspx#bk_CodeExample) for SCP Record Lookup. Both links have same implementation. It works when the program is run from a computer in domain. But fails when the program is run from a computer not in domain. Kindly help me in solving this problem. Ask for clarifications if needed.

Thanks & regards,

Amit Jha

• Edited by jha.amit6666 Saturday, April 18, 2015 1:58 PM

To lookup Active Directory you will need LDAP access to a Domain Controller and also Active Directory credentials. That code already allows you pass in the name of the DC you want to access so you only need to modify

 List<string> scpUrls = GetScpUrls(null, domain);

like

 List<string> scpUrls = GetScpUrls("DCServername.domain.com", domain);

Then you need to change the code for the DirectoryEntry class that to use the Username and password see https://msdn.microsoft.com/en-us/library/system.directoryservices.directoryentry.username%28v=vs.110%29.aspx

Cheers
Glen

• Proposed as answer by Jason Johnston [MSFT]Microsoft employee, Moderator Monday, April 20, 2015 1:33 PM
• Unproposed as answer by jha.amit6666 17 hours 39 minutes ago

To lookup Active Directory you will need LDAP access to a Domain Controller and also Active Directory credentials. That code already allows you pass in the name of the DC you want to access so you only need to modify

 List<string> scpUrls = GetScpUrls(null, domain);

like

 List<string> scpUrls = GetScpUrls("DCServername.domain.com", domain);

Then you need to change the code for the DirectoryEntry class that to use the Username and password see https://msdn.microsoft.com/en-us/library/system.directoryservices.directoryentry.username%28v=vs.110%29.aspx

Cheers
Glen

• Proposed as answer by Jason Johnston [MSFT]Microsoft employee, Moderator Monday, April 20, 2015 1:33 PM
• Unproposed as answer by jha.amit6666 Thursday, April 23, 2015 1:47 PM

Hi Glen,

Using ADExplorer, I can login and search all containers in all three Active Directory.

More information:

Active directory is installed in the servers in colored boxes.

1) If I run the program for SCP Record Lookup, in child1.parent1.com for parent1.com domain, then everything is fine.

2) If I run the program for SCP Record Lookup, in child1.parent1.com for child2.parent1.com domain, then error is "There is no such object on the server."

3) If I run the program for SCP Record Lookup, in child1.parent1.com for parent2.com domain, then error is "A referral was returned from the server."

4) If I run the program for SCP Record Lookup, in child2.parent1.com for child2.parent1.com domain, then everything is fine.

5) If I run the program for SCP Record Lookup, in child2.parent1.com for parent1.com domain, then error is "A referral was returned from the server."

6) If I run the program for SCP Record Lookup, in child2.parent1.com for parent2.com domain, then error is "A referral was returned from the server."

7) If I run the program for SCP Record Lookup, in child.parent2.com for parent2.com domain, then everything is fine.

8) If I run the program for SCP Record Lookup, in child.parent2.com for parent1.com domain, then error is "A referral was returned from the server."

9) If I run the program for SCP Record Lookup, in child.parent2.com for child2.parent1.com domain, then error is "A referral was returned from the server."

• Edited by jha.amit6666 Wednesday, April 22, 2015 6:02 AM

Hi Glen,

I am searching Global Catalog Server. Here is the snapshot of one the server.

Kindly enlighten me on how to use DNS instead of SCP records.

In the code given in the links mentioned in the two links in the question in the beginning,

string configPath = rootDSE.Properties["configurationNamingContext"].Value as string;

works fine. But, errors are given by this code

System.DirectoryServices.DirectorySearcher.FindAll();

So, the problem is when we search the Active Directory.

• Edited by jha.amit6666 Wednesday, April 22, 2015 10:47 AM

Hi Luke,

I have logged in to ADExplorer using the credentials of the user in the corresponding Active Directory. The snapshot is attached as a reference.

Do I need to use LDAP API or Active Directory Service Interfaces to solve this problem, or will this problem be reproduced there also?

• Edited by jha.amit6666 Wednesday, April 22, 2015 5:23 PM

Hi Glen,

I used credentials in the code you suggested, and got "Logon failure: unknown user name or bad password." error.

I was using Autodiscover for Exchange, but it connects to the default domain. E.g., If I run the program in child1.parent1.com the Autodiscover sends request the default domain only. What if Exchange Server is installed in other domain? If Exchange Server is installed in other  domain, it will fail because we couldn't get Autodiscover URL, and subsequently we couldn't get EWS URL.

Here is the StackTrace of the exception when I get "A referral was returned from the server."

at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_AdsObject()
at System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne)
at System.DirectoryServices.DirectorySearcher.FindAll()
at ScpLookup.Program.GetScpUrls(String ldapServer, String domain) in c:\Users\user\Documents\Visual Studio 2013\Projects\SCPLookUp\SCPLookUp\Program.cs:line 94

Exception: System.DirectoryServices.DirectoryServicesCOMException

ExtendedError: 8235

ExtendedErrorMessage: "0000202B: RefErr: DSID-031007EF, data 0, 1 access points\n\tref 1: 'parent2.com'\n"

• Edited by jha.amit6666 2 hours 2 minutes ago

Hi Glen,

I used credentials in the code you suggested, and got "Logon failure: unknown user name or bad password." error.

I was using Autodiscover for Exchange, but it connects to the default domain. E.g., If I run the program in child1.parent1.com the Autodiscover sends request the default domain only. What if Exchange Server is installed in other domain? If Exchange Server is installed in other  domain, it will fail because we couldn't get Autodiscover URL, and subsequently we couldn't get EWS URL.

Here is the StackTrace of the exception when I get "A referral was returned from the server."

at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_AdsObject()
at System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne)
at System.DirectoryServices.DirectorySearcher.FindAll()
at ScpLookup.Program.GetScpUrls(String ldapServer, String domain) in c:\Users\user\Documents\Visual Studio 2013\Projects\SCPLookUp\SCPLookUp\Program.cs:line 94

Exception: System.DirectoryServices.DirectoryServicesCOMException

ExtendedError: 8235

ExtendedErrorMessage: "0000202B: RefErr: DSID-031007EF, data 0, 1 access points\n\tref 1: 'parent2.com'\n"

• Edited by jha.amit6666 Friday, April 24, 2015 5:25 AM

>>I was using Autodiscover for Exchange, but it connects to the default domain. E.g., If I run the program in child1.parent1.com the Autodiscover sends request the default domain only.

If you use DNS it should send the query to the server that is configured in the DNS record. Does Outlook work okay in this environment ? If Outlook is working fine then I would suggest you just mirror the process Outlook uses. How many Exchange Organizations are involved ? generally you would only have one Org per forest I don't think you should be using SCP discovery if you have multiple orgs and federation but I would look the Outlook process (eg test autodiscover configuration) or have a look at https://testconnectivity.microsoft.com/ . Are you after an internal endpoint for EWS or external endpoint ? (even if you only get an external endpoint for Autodiscover you can still use that to get the Internal EWS URL). I guess it needs to based on what your trying to achieve if what you want is the External EWS endpoint and you have the username and password and email address of the user then using DNS to do an Autodiscover makes the most sense and should always work in correctly configured environment (eg where https://testconnectivity.microsoft.com/ returns the correct config) (this is the process Outlook, ActiveSync, Entourage are going to be using). 

Cheers
Glen

Hi Glen,

Here is the snapshot of result of Microsoft Remote Connectivity Analyzer: