Re: Unable to bind to domain

Give us the exact steps you are taking to run this.

Re: Unable to bind to domain

The object I'm exporting from is the base domain, of which the laptop is a member and my account is in the local admins group and also the account operator's group in AD.

In the export configuration, I enabled Detailed User, then added or removed the fields as needed in the User Attributes category to match the fields as before.

I then clicked the Set Options button and checked "Enable exporting user information from all domain controllers", then "Export combined/last logon information from all domain controllers".

The only other change I made was to rename the export/query to "Detailed AD User" and set the output file to a text file in a folder on my desktop.

After that, it's a matter of starting the export from the main Exporter window, where I immediately get the error message above.

I also tried running exported as administrator and got the same results.

Re: Unable to bind to domain

I can't duplicate this, and am not coming up with any ideas, so go ahead and send screenshots of everything to [email protected].

Re: Unable to bind to domain

I think that I've found the problem - that Exporter is still using port 389 to connect to AD and obtain the list. In Hyena, I had changed UseAdSslEncryption to True, hoping that would do the trick, but I still get the same error.

Is there a way to force Exoprter to use LDAP SSL?

Re: Unable to bind to domain

So does using SSL in Hyena enable you to get access to AD data (in Hyena) ?

Re: Unable to bind to domain

Yes it does - and it did before I changed that setting (and I've also scheduled a meeting tomorrow with the AD admins because per customer requirements, we're supposed to have unencrypted LDAP disabled).

As to Exporter, even after I get the error message, it continues to get a list of all the AD users and the requested fields and produce a report. But I see nothing that shows the last login field was updated with data resulting from poll from each DC (I'm using AdInsight from MS to sniff the LDAP traffic). Does that information get pulled at the beginning or end of Exporter's run?

Re: Unable to bind to domain

The error you are getting does not stop the exporting process, just the part that gets the list of domain controllers, and then the logon information from each controller.

The function that is getting the error is named DsBind, and we use that in order to then call another Ds* function to get a list of controllers. Those functions, unlike object access functions that use LDAP, do not accept SSL or other access flags. I thought at first that we could add an advanced setting for allowing SSL flags, but that won't help, as its not where the error is.

If you look at the DsBind function:
http://msdn.microsoft.com/en-us/library/ms675931(v=vs.85).aspx

...you can see the error code (not enough memory) is one that is being returned. I checked but can't find a solution, but I seem to recall similar problems can be fixed by a registry setting on the DC to allow more connections. But I don't know what 'memory' this function is referring to.

Maybe show the function error to the group you are going to talk to and see if they have any ideas.