Hi,

Our business has two independent Active Directory domains. They are completely independent: they are deliberately not part of a forest and there are deliberately no trust relationships between them.

I have just written a simple Visual Studio application as I would like a user logged into one domain to be able to update the Active Directory Pager field on the other domain (because we use the Pager field for a specific reason). The commands that connect to the second domain are:

dim username as string = "<Domain2\username>"

dim password as string =  "<Password>"

de = New DirectoryServices.DirectoryEntry("LDAP://DC=testdomain,DC=local", username, password)

I've tested this and although the application is working, my Try Catch End block keeps catching a Directory Services COM Exception error message of:

"8009030C: LdapErr: DSID-0C0904DC, comment: AcceptSecurityContext error, data 52e, v1db1"

I think I have finally figured out why it sometimes works, and sometimes doesn't. It seems to be that if the account on the secondary domain (as used in the username and password variables) has an identically named account on the primary domain, and the two accounts both have identical passwords, then it works. However, if the account only exists on the secondary domain then it fails with the error above. The application also fails if there is an identical user account on the primary domain, but the two accounts have different passwords.

Can anybody explain this? I'd like to be able to log into any account on the primary domain on the PC, but then be able to use any account on the second domain (within the application) to be able to read and update the Pager field for a chosen user

Just to reiterate, the application definitely works fine when the two accounts have the same password, so I just need to know for sure why it fails when that's not the case, and what I need to do to fix it!

Thanks

LJD

> "8009030C: LdapErr: DSID-0C0904DC, comment: AcceptSecurityContext error, > data 52e, v1db1"   # for hex 0x8009030c / decimal -2146893044 :   SEC_E_LOGON_DENIED winerror.h # The logon attempt failed # 1 matches found for "8009030c"  # as an HRESULT: Severity: SUCCESS (0), Facility: 0xc09, Code 0x4dc # for hex 0x4dc / decimal 1244 :   ERROR_NOT_AUTHENTICATED winerror.h # The operation being requested was not performed because the # user has not been authenticated. # 1 matches found for "0C0904DC"   Check the execution context of your application.  

Thanks Martin, this seems pretty logical. I'm not quite sure how to implement it, though. Do you have any code samples you might be able to point me towards, preferably in VB.Net, or failing that in C#? Thanks

> dim username as string = "<Domain2\username>" > DirectoryServices.DirectoryEntry("LDAP://DC=testdomain,DC=local", > username, password)   Shouldn't the user domain "Domain2" be identical to the target domain "DC=testdomain"?  

Thanks Martin, but unfortunately, this doesn't work. The line

DirectoryServices.DirectoryEntry("LDAP://DC=testdomain,DC=local",username, password)

gives the error: 'DirectoryEntry' is a type in 'DirectoryServices' and cannot be used as an expression

I can instead use:

Dim dir As New System.DirectoryServices.DirectoryEntry("LDAP://DC=testdomain,DC=local", username, password)

which works, but then I'm not sure which method to call

Thanks again for your help