I Cannot Authenticate to ADAM with my Application
How do you troubleshoot the issue where you cannot authenticate to Active Directory Application Mode with you application? Well here are a few steps to follow:
1. Can a user authenticate to ADAM via LDP, using the server name and port number.
2. IS the OS running ADAM Windows XP? If so check the following registry key to make sure it is set to Zero
HKLM\System\CCS\Control\LSA\forceguest
3. Are we doing an anonymous bind? By Default anonymous binds are disabled. To enable anonymous LDAP operations in ADAM, you must set the seventh character of the dsHeuristics value to
Allow anonymous binds can be enabled by changing DsHeuristics
value See: http://support.microsoft.com/kb/326690
4. Is the ADAM service running? Check the System Event log for errors.
5. What type of user are you authenticating with? ADAM User, Proxy User, Local User, Windows Security Principal.
6. If a Proxy User or Windows Security Principal is being used then is the domain available?
Check secure channel with the domain for the ADAM server.
Check network access, Name resolution, DNS to a domain
controller. Is there a domain controller available? Can the user logon to the domain with a workstation without cached credentials? Is replication both ADAM and AD working (repadmin). Basic workstation/logon troubleshooting techniques applies here.
7. If the user in an ADAM user? This is a Simple Bind and must be done over SSL. Since the password is sent in plaintext
8. Is the ADAM user account locked out or disabled: Check the attribute on the user object msDs- userpassworexpired, msDS
Technorati Tags: ADAM authentication , Active Directory Application Mode
-UserAccountAutoLocked or msDS-UserAccountDisabled(This will default to true if you have a password policy enabled and the password is blank or does not meet the password policy requirements)
9. Are we connecting over SSL? If so can you connect over normal LDAP? Check the certificates.
See Also: Troubleshooting ADAM Installation
Active Directory UncategorizedActive Directory Uncategorized
Filed under: Active Directory
Leave a Reply