Cannot connect using this connection string

Oct 15, 2008 at 4:40 PM
Using WSS3.0 on Server 2003 SP2. No matter what OU, Active Directory domain or ADAM Directory I try to connect to, I always get this error message.
Here is the connection string I am trying to use

Active Directory Connection String: LDAP://,OU=Application Related Groups & Users,OU=CompanyName USA,DC=domain,DC=com
Organisation Unit: External_Users

I have added the connection string (and the safe controls settings)to the web.config file for the site I am attempting to use this on.

If I use this connection string on the adsvw.exe which was included with this package, it opens fine and I can browse everything.

Are there any settings I am missing?
Oct 21, 2008 at 4:24 PM
I'm experiencing the same problem as ChiliFrei64 when attempting to fill in SitecollectionADSetting.aspx - although I'm using the Portal (MOSS)

My connection string works in adsvw.exe (if I uncheck "Use OpenObject")

As a note to improve your install and verify my actions:
1.    I had to drag/drop OrbitOne.SharePoint.Provision.WebParts.dll into c:\Windows\assembly as I do not have gacutil on this machine
2.   The last stsadm statement in the intall.bat fails:
       "...stsadm.exe" -o  installfeature -filename "SiteCollectionADSetting\Feature.xml" -force
       Failed to find the XML file at location '12\Template\Features\SiteCollectionADSetting\Feature.xml'
3.    I added the IIS ApplicationPool user Sharepoint runs under to the Account Operators group - I'm assuming this is what the documentation meant by the IUSR account

Interestingly, by adding the connectionStrings entry in the web.config file (as mentioned in OrbitOne.Provision.Webparts Installation Guide.txt file in the expanded directory structure - but not mentioned in the installation pdf) the password change feature is working.

Thanks in advance for your help!
Dec 5, 2008 at 4:03 PM
Hello guys,
the asnwer for this problem is the string LDAP.
Try to use this command:

for example, my server info
Computer name: Servidor
Computer domain:
Computer AD OU: SharepointUsers

I shoud put : LDAP://, DC=com

Just put the OU in the second field.
It worked with me.
And more one thing,
Maybe this feature work with just one OU.
I'm just supposing that, 'cause i cound't use more than one OU.

Good luck!

Pablo Bertrão
Jun 5, 2009 at 10:05 PM

I did what you did but I get the same error.  This is how my network is set up:


Under the Users unit there is a group called "web access", this is the group i type into the second field but my connection still fails.  I used the active directory browser provided in the install kit and got the above connection string.

Please help

Jan 29, 2010 at 1:10 AM

Hi there,

Did anyone get this resolved. I have the same issues trying to active the Create New User web part. I just can't to the last step in the process which is add the AD Connection String. I also have it in the same format:


There is an OU called Test at the root of the domain and I am using Test in the second section on this page. The App Pool is configured to log on as the Domain Administrator account just to make sure there were no permissions issues.

Any help would be gladly accepted.


Jan 30, 2010 at 11:38 AM
Edited Jan 30, 2010 at 11:43 AM


I had the same problem, been playing with it for a while.
By accident I found that, when accessing the SharePoint from the (WFE) server console, the LDAP connection string gets accepted.
When i connect from a workstation (not a member of the domain) to the same site, and try to save the (same) AD Connection String, the "Cannot connect using this connection string." appears.

Running it now in my (single server) test environment, next week I will move it over to the production servers. Hopefully things will work there aswell (Intranet and extranet environment)


Feb 1, 2010 at 8:10 PM

Hi Tonny,

Thanks for this. It may well be the answer. I have one more stumbling block. I cannot access the SharePoint site I am working on from the server itself. I can access it from any other machine on the domain, but from the server itself I keep getting asked for credentials and then eventually get a "401 Access is denied due to invalid credentials". The username I am logged on to the server with is a site collection administrator for this site (and a domain admin).

Thanks for your help so far but any ideas on this next bit? It feels like I am so close to getting this working but just not close enough...




Feb 1, 2010 at 9:51 PM

Hi all,

I finally resolved this a few moments ago. It only took me 2 full days!!! The issue is with IE8 on the server and the fix is here:

Hope it helps someone out there in Interweb land. The sigh of relief I heaved could be heard across several continents.



Feb 1, 2010 at 10:01 PM
Noyzyboy wrote:

Hi all,

I finally resolved this a few moments ago. It only took me 2 full days!!! The issue is with IE8 on the server and the fix is here:

Hope it helps someone out there in Interweb land. The sigh of relief I heaved could be heard across several continents.



 Hi Rich.

Is eveything working now ?
Setting the ADConnectionString from the server to get it accepted, and saving the same setting from a workstation gives an error ?


Feb 1, 2010 at 10:24 PM

Yes, that's right. Works fine locally on the server but not from a remote workstation. Obviously, my issue was I couldn't get on to the SharePoint site locally from the server so I had a bit of a Catch22 situation going on... Once I'd resolved this all was well.

Hope that helps,


Jul 2, 2010 at 9:30 AM


I'm very tired when define string connection.I'm use 3 servers: AD, DB and SharePoint. My domain is Pls help define it. Thanks.

Jul 3, 2010 at 7:21 AM

Hi all,

Pls help me on that, pls, pls...