Running CDOEXM code from ASP.net

Problem

So you have an ASP.Net application that creates a user account in Active Directory and a Mailbox using the CDOEXM library.

When you execute the following code in your ASP .Net application

 Dim oMailbox As CDOEXM.IMailboxStore
oMailbox = ADEntry.NativeObject()
oMailbox.CreateMailbox(strHomeMDB)

You receive the following error executing the CreateMailbox line on Windows 2003:-

System.Runtime.InteropServices.COMException (0x80072020): An operations error occurred. at CDOEXM.IMailboxStore.CreateMailbox(String HomeMDBURL)

Cause

When you execute the following line of code:-

 objDE= New DirectoryEntry(strOU, strUser, strPwd, AuthenticationTypes.Secure)

You are contacting Active Directory to retrieve the objDE object using the credentials (rights or token) of strUser. ADSI (the layer used by the

namespace DirectoryServices of .NET) creates a new thread for the current process with the token of strUser to contact AD.

When you subsequently call the CreateMailbox method of CDOEXM, the token of the process and not the token of the thread is used to contact AD. So, if the process

is launched by a classic domain user without any specific rights or a local machine account, the operation will fail.

This is the behaviour of CDOEXM with CreateMailbox under Exchange 2000. You have to be sure that the process is launched using the credentials of an Exchange

Administrator.

Under Exchange 2003, the security checks are tightened. Even if the process runs properly under the right credentials, passing credentials to the DirectoryEntry

object will result in an error - 2147016672 (0x80072020). You must connect to the AD using the default credentials of the process and then call CDOEXM using still the same credentials.

Resolution
To resolve the issue, do not specify credentials to when binding to AD. Use the following code:

 objDE = New DirectoryEntry(strOU)

Comments

  • Anonymous
    July 10, 2007
    The comment has been removed

  • Anonymous
    July 20, 2007
    The comment has been removed

  • Anonymous
    September 09, 2007
    Can we impersonate? I am impersonating my ASP.NET application with a user who has Domain Administrator and other necessary privileges, will this fail even then?

  • Anonymous
    October 08, 2009
    Thanks!!! You saved me hours of work!!!!