Windows Server 2008 R2 sp1

well there's no specific "LDAP" forum like "WSUS" so i hope this is the right one.

on applications using LDAP to authenticate users, sometimes i find that the application itself is not syncing or talking with Active Directory. there are instances where settings that work previously would just stop and only a reboot can "fix" it.

settings like display name of an email address (in Exchange the display name is correct), or like one specific example, i renamed a PDC from PDC1 to PDC2 but the LDAP based application still keeps looking for PDC1. to fix the problem, i have to create a second DNS entry for the ip address of PDC2 and name it PDC1. then the application worked! developers said they didn't hardcode the PDC1 name in their application.

should i be worrying about my AD LDAP or is this an inherent problem with LDAP based applications?

 Keyword, "Developers said".  I bet you the Fully Qualified LDAP Path is hardcoded or in some configuration file.

The first is bad, the second, is easy to deal with.  Do some tracing if you can to see what the app if looking for.

Hello,

the problem here belongs to the application and they way it was built from the programmers. Best option should be to use the connection to the domain without any specific DC names or ip addresses for example.

Programmers should now how to handle this, it might be more complex then using a DC name.

So if the domain is healthy according to the support tools dcdiag and repadmin this is not a problem from AD.

I've written apps for years that leverage AD, and I never hard code DC's, ADsPath, or IP address. I use the ADSystemInfo object to retrieve information about the user, the computer, the domain, a DC, and even if the user has authenticated to the domain.

But then I expect all users to have authenticated to the domain. If they are logged on locally, they cannot expect an app that leverages AD to work. Finally, code that does authenticate a local user to a domain should prompt for username and password, but never specify a DC. The normal DC locator process will select the appropriate DC, unless your network has problems. Tools like the ones Meinolf mentioned should tell.

Hi Reno,

The suggestions provided by others are reasonable, and we can further contact the developers to see if they can help work this out. If you need further help regarding the question, please don't hesitate to let us know.

Best regards,
Fran

Hello.

Appreciate all the replies. I already have suspicion on that hard coding part but due to my lack of LDAP experience, wasn't sure about it and might bark up the wrong tree. I will be running dcdiag and repadmin again to be sure before I meet with the developers.

Out of topic, but relevant.

It is very unfortunate that you have to turn to complete strangers, such as here in this forum, to get answers your developers do not provide for lack or cooperation or other ego centric reasons.

People like you struggle to do anything to make things better for your company, and most likely you are not even recognized for it, and developers or other teams making it very difficult at every cost and getting all the buzz.

I see this every day everywhere.

Just some food for thought!

Nosh