Hi everybody,

I am using the code given by Microsoft (link: https://www.microsoft.com/en-us/download/details.aspx?id=13082 & https://msdn.microsoft.com/en-us/library/office/dn467395(v=exchg.150).aspx#bk_CodeExample) for SCP Record Lookup. Both links have same implementation. It works when the program is run from a computer in domain. But fails when the program is run from a computer not in domain. Kindly help me in solving this problem. Ask for clarifications if needed.

Thanks & regards,

Amit Jha

• Edited by jha.amit6666 Saturday, April 18, 2015 1:58 PM

To lookup Active Directory you will need LDAP access to a Domain Controller and also Active Directory credentials. That code already allows you pass in the name of the DC you want to access so you only need to modify

 List<string> scpUrls = GetScpUrls(null, domain);

like

 List<string> scpUrls = GetScpUrls("DCServername.domain.com", domain);

Then you need to change the code for the DirectoryEntry class that to use the Username and password see https://msdn.microsoft.com/en-us/library/system.directoryservices.directoryentry.username%28v=vs.110%29.aspx

Cheers
Glen

• Proposed as answer by Jason Johnston [MSFT]Microsoft employee, Moderator Monday, April 20, 2015 1:33 PM
• Unproposed as answer by jha.amit6666 Thursday, April 23, 2015 1:47 PM

Hi Glen,

Using ADExplorer, I can login and search all containers in all three Active Directory.

More information:

Active directory is installed in the servers in colored boxes.

1) If I run the program for SCP Record Lookup, in child1.parent1.com for parent1.com domain, then everything is fine.

2) If I run the program for SCP Record Lookup, in child1.parent1.com for child2.parent1.com domain, then error is "There is no such object on the server."

3) If I run the program for SCP Record Lookup, in child1.parent1.com for parent2.com domain, then error is "A referral was returned from the server."

4) If I run the program for SCP Record Lookup, in child2.parent1.com for child2.parent1.com domain, then everything is fine.

5) If I run the program for SCP Record Lookup, in child2.parent1.com for parent1.com domain, then error is "A referral was returned from the server."

6) If I run the program for SCP Record Lookup, in child2.parent1.com for parent2.com domain, then error is "A referral was returned from the server."

7) If I run the program for SCP Record Lookup, in child.parent2.com for parent2.com domain, then everything is fine.

8) If I run the program for SCP Record Lookup, in child.parent2.com for parent1.com domain, then error is "A referral was returned from the server."

9) If I run the program for SCP Record Lookup, in child.parent2.com for child2.parent1.com domain, then error is "A referral was returned from the server."

• Edited by jha.amit6666 Wednesday, April 22, 2015 6:02 AM

Hi Glen,

I am searching Global Catalog Server. Here is the snapshot of one the server.

Kindly enlighten me on how to use DNS instead of SCP records.

In the code given in the links mentioned in the two links in the question in the beginning,

string configPath = rootDSE.Properties["configurationNamingContext"].Value as string;

works fine. But, errors are given by this code

System.DirectoryServices.DirectorySearcher.FindAll();

So, the problem is when we search the Active Directory.

• Edited by jha.amit6666 Wednesday, April 22, 2015 10:47 AM

Hi Luke,

I have logged in to ADExplorer using the credentials of the user in the corresponding Active Directory. The snapshot is attached as a reference.

Do I need to use LDAP API or Active Directory Service Interfaces to solve this problem, or will this problem be reproduced there also?

• Edited by jha.amit6666 Wednesday, April 22, 2015 5:23 PM

Hi Glen,

I used credentials in the code you suggested, and got "Logon failure: unknown user name or bad password." error.

I was using Autodiscover for Exchange, but it connects to the default domain. E.g., If I run the program in child1.parent1.com the Autodiscover sends request the default domain only. What if Exchange Server is installed in other domain? If Exchange Server is installed in other  domain, it will fail because we couldn't get Autodiscover URL, and subsequently we couldn't get EWS URL.

Here is the StackTrace of the exception when I get "A referral was returned from the server."

at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_AdsObject()
at System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne)
at System.DirectoryServices.DirectorySearcher.FindAll()
at ScpLookup.Program.GetScpUrls(String ldapServer, String domain) in c:\Users\user\Documents\Visual Studio 2013\Projects\SCPLookUp\SCPLookUp\Program.cs:line 94

Exception: System.DirectoryServices.DirectoryServicesCOMException

ExtendedError: 8235

ExtendedErrorMessage: "0000202B: RefErr: DSID-031007EF, data 0, 1 access points\n\tref 1: 'parent2.com'\n"

• Edited by jha.amit6666 Friday, April 24, 2015 5:25 AM

Hi Glen,

I have configured Outlook profile of a mailbox on child1.parent1.com of Exchange Server which is installed in child of parent2.com. Here is the snapshot of Outlook Autodiscover request.

I am using multiple Exchange environments in every domain, i.e., Exchange is installed in child domains of parent1.com and child domains of parent2.com. I want both internal endpoint EWS and external endpoint. Exchange would be in different configurations that I can't tell.

Something doesn't sound correct to me if you go back to basics so your not overcomplicating things.

Regardless of how many domains you have what AD setup etc.

When an application wants to find an EWS Endpoint it will need three pieces of information the Email Address , Username and password. If Autodiscover is configured correctly then the application should be able to use DNS to resolve the endpoint for Autodiscover make the AD request and get the EWS endpoint.  The best tool to test this would be https://testconnectivity.microsoft.com/  (this will use these three pieces of information, DNS and return the endpoint) .

If you have a really complex federated network my suggestion would be you talk to Microsoft Developer support about what your trying to achieve and they can give you the right information on if its possible and what else if anything you may need to configure to make it work. (eg if Autodiscover in Outlook doesn't work then whatever you code isn't gong to work either).

Cheers
Glen