This happens because you are binding anonymously. Windows Server 2003
requires authenticated binds to perform operations by default while Windows
2000 does not and will allow anonymous searches (although with limited
results).
My guess is that you probably thought your app was binding to the directory
before but it was not. It also could be the case that you had Kerberos
delegation enabled for the old DC but not for the new DC, so you application
is unable to delegate. When you have a web app that attempts to bind to the
directory with the credentials of the authenticated user instead of a fixed
service account (essentially, you have impersonation enabled), you must have
Kerberos delegation enabled.
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"WillG"
discussions.microsoft.com> wrote in message
news:7E5890C2-BD6A-41FB-A859-766D9B4C391D@microsoft.com...> We have just upgraded to Windows 2003 R2 Sp2 AD from Windows 2000 SP4 AD.
>
> One of our asp application that used to be able to bind using LDAP to one
> of
> our Domain Controllers presented a ComException 0x80072020 error using the
> bind string of "
LDAP://newserver.domain.com" if I change the xml web
> config
> file back to use a Windows 2000 server in the bind action the application
> works fine.
>
> I have removed LDAP signing reuqirements etc but I would like to know how
> to
> resolve the bind problem with Windows 2003 R2 domain contrllers before I
> upgrade the remaining Windows 2000 servers.
>
> As a sidenote - the application uses the end users credentials and not
> anonymous.
