Can't modify Active Directory from test / production servers
Ok, since I'm in the pattern of holding onto this problem, maybe someone has seen these symptoms and can give some sage advice. (Note: I only learned enough Active Directory data to create this feature, and I only have read access to Active Directory.)
I have updated the company intranet to allow automatic recording / changing of employee phone / address information; it uses a web service to connect to the company's Active Directory, so I can name it from several places in the main application.
AD has two domains (A and B) in the same forest. Each domain has an ADS update user group and an ADSupdate account (which belongs to the ADS update user).
Problem: records in the domain. Great update for local development servers, test servers, and production servers. Records in domain B are updated only when launched from local development servers. When you run the same code (tested multiple times) on test or derivative, you get (shared error).
The domain name is stored in the employee record, so the same code is called for all employees.
All local development servers, test and production servers are in domain A.
In this case, the AD administrator for domain B was at a dead end, and frankly, I'm grateful that the on-premises development servers can update the Active Directory entries in domain B. This proves that the code works in at least one place
I've looked at machine permissions, group and user permissions, and IIS, and I don't see any significant difference. Any help would be appreciated ...
source to share
This was not caused by code changes. The Production and Test servers have been updated to run a newer version of IIS (6.0). A newer version of IIS will not work across Active Directory domains.
My development machine is running an old version of IIS (5.1)
This explains why everything worked last year and then suddenly stopped working. The other domain has so few employees that it was not immediately noticed.
source to share