Archive for ‘Active Directory’

January 22, 2012

The specified forest does not exist or cannot be contacted

I was trying to get the active directory group details of a user for me to authenticate an Application. The scenario is that when the server machine lives in another domain than the domain your machine is connected to.

The following code was works fine when i am in the same domain as the concerned domain which i am testing the application:

/// <summary>
        /// Gets a list of the users group memberships
        /// </summary>
        /// <param name="sUserName">The user you want to get the group memberships</param>
        /// <returns>Returns an arraylist of group memberships</returns>
        public static ArrayList GetUserGroups(string sUserName)
        {
            ArrayList myItems = new ArrayList();
            UserPrincipal oUserPrincipal = GetUser(sUserName);

            PrincipalSearchResult<Principal> oPrincipalSearchResult = oUserPrincipal.GetGroups();

            foreach (Principal oResult in oPrincipalSearchResult)
            {
                myItems.Add(oResult.Name);
            }
            return myItems;
        }

if not it means when the domain is different, you will get the error “The specified forest does not exist or cannot be contacted.”.

for you to sort out the above error assuming I am in a different domain at the same time the testing domain is different:

/// <summary>
        /// Gets a list of the users group memberships
        /// </summary>
        /// <param name="sUserName">The user you want to get the group memberships</param>
        /// <returns>Returns an arraylist of group memberships</returns>
        public static ArrayList GetUserGroups(string sUserName)
        {

            ArrayList myItems = new ArrayList();
            UserPrincipal oUserPrincipal = GetUser(sUserName);

            PrincipalSearchResult<Principal> groups = oUserPrincipal.GetAuthorizationGroups();
            var iterGroup = groups.GetEnumerator();
            using (iterGroup)
            {
                while (iterGroup.MoveNext())
                {
                    try
                    {
                        Principal p = iterGroup.Current;
                        myItems.Add(p.Name);
                    }
                    catch (NoMatchingPrincipalException pex)
                    {
                        continue;
                    }
                }
            }
            return myItems;
        }
Advertisements
March 3, 2009

Configuring Windows 2003 Active Directory

After completion of the steps as i have described in my previous post “Configuring the Windows 2003 DNS Server” you can run the “dcpromo” command to start installing the Active Directory in your Windows 2003 Server.

clip_image002

clip_image004

clip_image006

clip_image008

clip_image010

clip_image012

Enter the full DNS name of the new domain, for example – marketing.mycompany.com – this must be the same as the DNS zone that you have created in the previous post “Configuring the Windows 2003 DNS Server” at the time of configuring the DNS.

clip_image014

clip_image016

clip_image018

clip_image020

clip_image022

clip_image024

clip_image026

clip_image028

clip_image030

clip_image032

clip_image034

clip_image036

clip_image038

image

February 11, 2009

The local policy of this system does not permit you to logon interactively.

I came across a problem when i was playing around the Active Directory today. I have created a new user in AD and tried to login to the machine with the newly created username and password. At the time of logging to the machine the error was “The local policy of this system does not permit you to logon interactively.”.

SOLUTION

1. Click Start, point to Programs, point to Administrative Tools, and then click Domain Controller Security Policy.

Error 2. Double-click the Security Settings folder, double-click Local Policies, and then click User Rights Assignment.

3. Under the Policy column, double click “Allow Log on Locally”.

Error2 Properties
4. Click “Add User or Group”, and then select the user to be added.

5. Click OK, click OK, and then click OK.