Active Directory COM Exception - An operations error occurred (0x80072020)
I've now found another answer Unable to add user with CrmService API in Dynamics CRM which states that 0x80072020 is indeed a permission issue. I have changed my service to run under a domain level account instead of the local system account and this seems to have cured my problem.
Error: An operations error occurred in System.DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity
The issue was because identity_impersonate was set to true in web.config so the user token which was being passed was a secondary token and hence could not access the Active Directory.
This answer solved my issue.
DirectoryServicesCOMException (0x80072020) when using Active Directory from ASP.NET application
I believe the problem had multiple causes:
- Use of ASP.NET impersonation.
- Running the ASP.NET 3.5 application under an ASP.NET 4.0 application pool.
To resolve the second one, upgrade the application to ASP.NET 4.0 or configure IIS to use ASP.NET 2.0.
System.DirectoryServices.DirectoryServicesCOMException: An operations error occurred
I had exactly the same error and fixed it by changing the site's application pool to run under the Network Service.
In IIS:
- Select your site's application pool
- Select Advanced Settings on the right-hand side
- On the Advanced Settings pop-up window, scroll down to the Process Model group
- Change the first option called Identity to
NetworkService
(mine was set to the default ApplicationPoolIdentity).
I hope this helps.
DirectoryServiceCOMException (0x80072020) when calling UserPrincipal.FindByIdentity
After adding some logging (which resulted in the info lines above) in the code and finding exactly what was going on I saw that the app wasn't trying to pass the logged-in user token, but instead was using the DefaultAppPool identity. I found that this question described my situation and when changing the DefaultAppPool Identity to LocalSystem from ApplicationPoolIdentity I was able to use the project as expected.
PrincipalContext: Exception Details: System.DirectoryServices.DirectoryServicesCOMException: An operations error occurred
To me, the assignment of wrong values in PrincipalContext
constructor and the value assigned to SamAccountName
looks suspicious, and seems the possible cause of exception.
The DN should contain the path in reverse order, i.e., starting should be with an OU or CN when both OU and DC components are there. Also, SamAccountName value must be a string value which is valid.
Please try the following way:
PrincipalContext DC = new PrincipalContext(ContextType.Domain,
"lm.lmig.com", "OU=LM Users,DC=lm,DC=lmig,DC=com");
userSearch.SamAccountName = sam; // assuming sam is an actual possible string value.
// sAMAccountName must be a string value as shown above, and not a filter type.
PrincipalSearcher search = new PrincipalSearcher();
search.QueryFilter = userSearch;
PrincipalSearchResult<Principal> res = search.FindAll();
System.DirectoryServices.DirectoryServicesCOMException: An operations error occurred.
IIdentity id = WindowsIdentity.GetCurrent();
WindowsIdentity winId = id as WindowsIdentity;
if (id == null)
{
CurrentUserEmail = "identity is not a windows identity";
return;
}
var name = winId.Name;
string userInQuestion = name.Split('\\')[1];
string myDomain = name.Split('\\')[0]; // this is the domain that the user is in
// the account that this program runs in should be authenticated in there
using (HostingEnvironment.Impersonate())
{
DirectoryEntry entry = new DirectoryEntry("LDAP://" + myDomain);
DirectorySearcher adSearcher = new DirectorySearcher(entry);
adSearcher.SearchScope = SearchScope.Subtree;
adSearcher.Filter = "(&(objectClass=user)(samaccountname=" + userInQuestion + "))";
SearchResult userObject = adSearcher.FindOne();
if (userObject != null)
{
string[] props = new string[] {"mail"};
foreach (string prop in props)
{ //when it works set variable to CurrentUserEmail instead of txtDetailPrblem textbox
CurrentUserEmail = userObject.Properties[prop][0].ToString();
}
}
}
UserPrincipal Object, Active Directory Query: DirectoryServicesCOMException
Most likely this is a permissions issue. Check that the account the App Pool is running under has the authority to perform these Active Directory calls. If it's a local machine account, it probably won't.
You can find more information here: http://msdn.microsoft.com/en-US/library/ms180891(v=vs.80).aspx
Active Directory Domain error on server machine
Not sure of the code you are using, but there are couple of questions on Stack Overflow that had a similar error and were resolved. The links to the questions can be found here and here.
Basically these links talk about the permission issue when the code is executed. It is possible that the impersonation is set in web.config as the first post suggests.
Related Topics
Encoding Xpath Expressions with Both Single and Double Quotes
Determine Number of Pages in a PDF File
Benefits of Using Async and Await Keywords
Why Use Generic Constraints in C#
How to Detect the Original MAC Address After It Has Been Spoofed
Programmatic Way to Get All the Available Languages (In Satellite Assemblies)
How to Export a Gridview.Datasource to a Datatable or Dataset
Lambda Expressions in Immediate Window for VS2015
What Are the Naming Conventions in C#
How to Define Multiple Names for Xmlelement Field
How to Programmatically List All Projects in a Solution
Disable Transitive Project Reference in .Net Standard 2
Wpf Combobox: Different Template in Textbox and Drop-Downlist
Why Is Parallel.Foreach Much Faster Then Asparallel().Forall() Even Though Msdn Suggests Otherwise
How to Retrieve a List of Parameters from a Stored Procedure in SQL Server