IIS6 to IIS7.5 broke database call, "Active Directory error '8007203b' "

Question

We recently upgraded from IIS 6 to IIS 7.5. We moved all of our sites to the new system and they all worked aside from one.

The broken site gives information about out ftp servers, and after some experimenting we determined what code was causing the problem.

This is the line of code that asks the server for the expiration date of the FTP site:

Set objuser = objRoot.OpenDSObject("LDAP://CN="&user&",dc=companySite,OU=FTP", strUserDN, strPassword, ADS_SECURE_AUTHENTICATION)

This is the rest of the function for context:

function expiration(user)

    Set con = Server.CreateObject("ADODB.Connection")
    con.provider ="ADsDSOObject"
    con.open "Active Directory Provider"
    Set Com = CreateObject("ADODB.Command")
    Set Com.ActiveConnection = con

    Const ADS_SECURE_AUTHENTICATION = 1

    strUserDN = "cn=ftplist,cn=users,dc=companySite,dc=com"
    strPassword = "password"

    Set objRoot = GetObject("LDAP:")

    Set objuser = objRoot.OpenDSObject("LDAP://CN="&user&",dc=companySite,OU=FTP", strUserDN, strPassword, ADS_SECURE_AUTHENTICATION)

    On error resume next
    expiry = objuser.AccountExpirationDate
    If expiry = "1/1/1970" Or expiry = "1/01/1601 10:00:00 AM" Or Err.Number = -2147467259 then
    expiration = "No expiration"
    else
    expiration = formatdatetime(objuser.AccountExpirationDate, vbshortdate)
    end if
    response.write expiration

end function

The error the page displays is as follows:

Active Directory error '8007203b' 
A local error has occurred. 
/ftp-search.asp, line 28

I am unfamiliar with the database our company uses, so I cannot discern what caused the problem. I did some research but have been unable to find a solution so far.

Any tips would be appreciated!

score 0 · Answer 1 · answered Jul 12 '13 at 23:18

0

Your distinguished name seems to be off. The domain part should go after the organizational unit:

Set objuser = objRoot.OpenDSObject("LDAP://CN=" & user & _
  ",OU=FTP,dc=barghausen", strUserDN, strPassword, ADS_SECURE_AUTHENTICATION)

answered Jul 12 '13 at 23:18

Ansgar Wiechers

193,178
25
254
328

I'm not sure if the underscore in your reply was intentional? I tried this: Set objuser = objRoot.OpenDSObject("LDAP://CN="&user&",OU=FTP,dc=barghausen", strUserDN, strPassword, ADS_SECURE_AUTHENTICATION) And received the same error. – Ruthalas Jul 12 '13 at 23:25
The underscore means that the instruction is continued in the next line. As for your error, you need to make sure that the dn is correct (usually it should look somewhat like `LDAP://servername/CN=foo,OU=bar,DC=example,DC=com`), that your credentials are correct, that the constant `ADS_SECURE_AUTHENTICATION` has been defined, etc. Check the [documentation](http://msdn.microsoft.com/en-us/library/aa706065). – Ansgar Wiechers Jul 12 '13 at 23:35
The credentials check out, 'ftplist' has permissions. I added dc=com, as per the documentation. Still no luck though. Set objuser = objRoot.OpenDSObject("LDAP://CN="&user&",OU=FTP,dc=barghausen,dc=com", strUserDN, strPassword, ADS_SECURE_AUTHENTICATION) – Ruthalas Jul 12 '13 at 23:54
The documentation contains just an example. You have to adjust it to the actual distinguished name of that user in your actual domain. – Ansgar Wiechers Jul 12 '13 at 23:56

IIS6 to IIS7.5 broke database call, "Active Directory error '8007203b' "

1 Answers1