Ran into this gem today. I have an app using the ActiveDirectoryMembershipProvider connecting to an ADAM instance. While debugging over a VPN connection from my development machine, I ran into this error when the CreateUserWizard tried to create an account.
DirectoryServicesCOMException (0x80072020): An operations error occurred. (Exception from HRESULT: 0x80072020)]
This was followed by a monsterous stack trace ending with System.DirectoryServices.DirectoryEntry.Invoke.
Isn't that descriptive? ;-> Anyway, through much digging I discovered that the problem is that ADAM does not like to accept plaintext passwords over an unsecure connection (meaning without SSL or some sort of ADAM-level security). A quick solution is to tell ADAM to allow such passwords by doing the following:
-
Open the ADAM ADSI Edit tool
-
Right-click on the top most node called "ADAM ADSI Edit" and hit "Connect To..."
-
In the Connection Settings dialog choose "Configuraiton" for Well-known naming context.
-
Navigate to CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration (folder-wise, remember you read backwards)
-
Right-click on the "Directory Service" node and hit Properties
-
Change the property "dsHeuristics" to 0000000001001
You can read more at:
Anonymous LDAP operations to Active Directory are disabled on Windows Server 2003 domain controllers
DS-Heuristics Attribute
Subscribe