Questions

Active Directory Wierdness

+
0 Votes
Locked

Active Directory Wierdness

Hamish_NZ
I have an ASP Intranet page that looks for a users detail in Active Directory. The user hits the page, the server grabs their authenticated user name (eg. "Bob Jones") then hunts them down in Active Directory to grab more detail.

Now, here's the wierd thing. It works when you hit the page from some computers, but not from others. The exact same AD query, on the same server works when the user logs in from one computer, but not from another.

The Intranet page correctly picks up the user name, so the query is EXACTLY the same. Its the same server running the query: so why does the computer used to browse to the page effect whether the query works or not?

I suspect it might be to do with the user logging into that server for other applications and gaining persistent elevated (or de-elevated) priveledges, but I don't quite understand why that would affect AD, or how to fix the problem.

Any help is appreciated!
  • +
    0 Votes
    ckpds

    Is the user an administrator on each PC they are logging into? My guess is that the user does not have sufficient rights on the PC where the script is failing. Try bumping their rights on that PC and test again.

    Good luck.

    +
    0 Votes
    Hamish_NZ

    Hey, thanks for the reply.

    I've fiddled with the user rights, but it actually seems to work in the opposite direction: for example, I am a sys admin but I am the one it fails for most often (and I'm not switching between computers either!).

    I've changed the way that I run queries now that avoids the user rights issues.. still, would love to hear if anyone else had had similar issues.

  • +
    0 Votes
    ckpds

    Is the user an administrator on each PC they are logging into? My guess is that the user does not have sufficient rights on the PC where the script is failing. Try bumping their rights on that PC and test again.

    Good luck.

    +
    0 Votes
    Hamish_NZ

    Hey, thanks for the reply.

    I've fiddled with the user rights, but it actually seems to work in the opposite direction: for example, I am a sys admin but I am the one it fails for most often (and I'm not switching between computers either!).

    I've changed the way that I run queries now that avoids the user rights issues.. still, would love to hear if anyone else had had similar issues.