Tutorial :Active Directory Incorrect password attempts double counting


I am using the following C# code to connect to active directory and validate the login,

    DirectoryEntry de = new DirectoryEntry();       string username = "myuser", path = "LDAP://addev2.dev.mycompany.com/CN=myuser,DC=dev,DC=mycompany,DC=com", password = "test";      for (int i = 0; i < 4;i++ )      {            try          {                de.AuthenticationType = AuthenticationTypes.Sealing | AuthenticationTypes.Secure | AuthenticationTypes.FastBind;              de.Username = username;              de.Password = password;                de.Path = path;          //de.RefreshCache();              Object obj = de.NativeObject;          }          catch (Exception ex)          {              Console.WriteLine(ex.Message);          }  

this works fine when the password is correct. However when the password is incorrect this shows as 2 invalid attempts in AD. So what happens is when the AD admin allows 5 invalid attempts the user is locked out on the 3rd attempt. when i look in the AD's event log 1 see 2 entries.

1)Pre-authentication failed:

2)Logon attempt by:

MICROSOFT_AUTHENTICATION_PACKAGE_V1_0       Logon account: m0707b@dev.mycompany.com       Source Workstation: WKSXXXX       Error Code:    0xC000006A  

Stepping thro the code i see 2 event entries on the line


I tried using de.NativeObject to see if that would solve the problem. No Dice

Anyone have any pointers?


You might check out the System.DirectoryServices.AccountManagement namespace. You can access an account and then cast one of the methods it has into a DirectoryEntry object. It might get around your double-authentication problem and it's easier to use.


Finally found the answer to this perplexing issue when you use the format username@domain the IIS app uses 2 calls once using Kerebros and when that fails using NTLM causing a double count The fix is to use the following format for authentication domain\username and that fixed the issue. http://support.microsoft.com/kb/264678/EN-US/

Note:If u also have question or solution just comment us below or mail us on toontricks1994@gmail.com
Next Post »