Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

DirectoryServicesCOMException.ExtendedErrorMessage - List of Data Codes

Tags:

active-directory

ldap

I am building a website that let's users log in with their Active Directory accounts, and I want to inform the user why their login failed.

The Background

Logins will usually fail due to a Bad Username/Password, but they can also fail due to an Expired Password or their account being Locked Out.

I am using this code to perform the login:

public myCustomUserClass Login(string domainName, string username, string password)
{
    string domainAndUsername = domainName + @"\" + username;
    DirectoryEntry entry = new DirectoryEntry(this._ldapPath, domainAndUsername, password);
    myCustomUserClass user = new myCustomUserClass();

    //Bind to the native AdsObject to force authentication.
    try
    {
        object obj = entry.NativeObject;
        // ...
        return user;
    }
    catch (DirectoryServicesCOMException ex)
    {
        // why did the login fail?
    }
    catch (Exception ex)
    {
        // something else went wrong
    }
}

When I receive a DirectoryServicesCOMException, I can access more information about the failed login attempt within the .ExtendedErrorMessage property. Two values that I have seen so far are:

Lockout:

8009030C: LdapErr: DSID-0C0904DC, comment: AcceptSecurityContext error, data 775, v1db1

Bad Username:

8009030C: LdapErr: DSID-0C0904DC, comment: AcceptSecurityContext error, data 52e, v1db1

You can see that the data "attribute" seems to be unique. I can write code that extracts it, then write a switch based off of this.

The Question

Is there a list of these codes anywhere that I can use to make sure that I'm covering everything?

like image 510
Chris Avatar asked Jan 08 '23 06:01

Chris

1 Answers

After a day of searching for Microsoft resources regarding DirectoryServicesCOMException.ExtendedErrorMessage, I found a differently-worded question here:

: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 773, v1db1 ]

It references a website found here that includes several such codes:

http://www-01.ibm.com/support/docview.wss?uid=swg21290631

Below is a list of the error codes:

525 - user not found
52e - invalid credentials
530 - not permitted to logon at this time
531 - not permitted to logon at this workstation
532 - password expired
533 - account disabled
534 - The user has not been granted the requested logon type at this machine
701 - account expired
773 - user must reset password
775 - user account locked
like image 135
Chris Avatar answered Feb 25 '23 03:02

Chris
Sign in to Comment

Related questions

Conquering Active Directory's 1000 record limit
(AD) object equality in PowerShell
Active Directory Authentication with .NET Core Web API and React
ASP.NET Core Windows Authentication on Linux [closed]
Caching Active Directory Data
Active Directory Server with .Net
LDAP: using a filter to avoid a sub CN in Active Directory
In c# how do I set the active directy field "office" so i can show the location of our users in Outlook
Powershell: How do you set the Read/Write Service Principal Name AD Permissions?
Convert domain name to LDAP-style in .NET
Unlocking user Account
Support for LDAP in .NET Framework
Insufficient access rights to perform the operation -- Powershell
Connection string to connect to Active Directory using LDAP
Error 503 Will Not Perform when Adding a Group Entry using UnboundID
How to authenticate against Active Directory via LDAP over TLS?
Add multiple users to multiple groups from one import csv
DirectorySearcher User search filter is invalid
Remove white space from PowerShell output
LDAP: How to get all Groups in Active Directory?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!