In order to have IIS use the users credentials: -website with Windows authentication, -in account properties of the user acount, enable 'trust for delegation', -trust the computer account of the IIS server for delegation.
Did not try this while crossing domain boundaries. Andries -----Original Message----- From: Stephens, Brendan [mailto:[EMAIL PROTECTED]] Sent: Friday, January 24, 2003 4:40 PM To: ''[EMAIL PROTECTED] ' ' Subject: RE: [ActiveDir] Child Domain Programming. Cont... Ok, as a test I also created an ActiveX control and set it to use the getObject method. The control was put in a container under services, and set to run under the administrator account. It also worked. So this mainly has to deal with how IIS handles and passes authentiacation requests, no? There must be some way to have the credentials passed in IIS without having to resort to OpenDSObject. But now I may be going OT for this... -----Original Message----- From: Stephens, Brendan To: '[EMAIL PROTECTED] ' Sent: 1/24/2003 10:22 AM Subject: RE: Child Domain Programming. GOT IT. Sort Of... It IS an authentication problem, of sorts.... Even though the anonymous script access was running as Administrator, using: getObject("LDAP://DC=Child,DC=Domain,DC=COM";), only returned domainDNS with no child objects. However, using OpenDSObject Worked like a charm: OpenDSObject( _ "LDAP://DC=Child,DC=Domain,DC=COM";, _ "CN=Admin,CN=Users,DC=Domain,DC=COM", _ "Admin Password", 0 ) First, I understand that this must be a credential thing, but why is this so? Is it because when the request is passed to the child domain it still goes as anonymous request? And using OpenDSObject passes the correct credentials? Second, there has to be an alternative here... What if we changed the password for the Administrative Account? We would have to plow through every page of script and change the code. And that's just not right... This is like taking apart a toaster... ;) List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ ----------------------------------------------------------------- ATTENTION: No legal consequences can be derived from the content of this e-mail and/or its attachments. Neither is sender committed to these. The content of this e-mail is exclusively intended for addressee(s) and information purposes. Should you receive this message by mistake, you are hereby notified that any disclosure, reproduction, distribution or use of this message is strictly prohibited. Sender accepts no liability for any damage resulting from the use and/or acceptation of the content of this e-mail. Always scan attachments for viruses before opening them. ----------------------------------------------------------------- List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
