Error installing Octopus Deploy Server using Active Directory authentication

I get the following error when attempting to install Octopus Deploy Server with user authentication set to Active Directory. Note that the ‘admin_user’ account is valid in our Active Directory and was used to log onto the Windows Server 2008 R2 server to install Octopus.

A fatal exception occurred
System.Runtime.InteropServices.COMException (0x8007200A): The specified directory service attribute or value does not exist.

   at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
   at System.DirectoryServices.DirectoryEntry.Bind()
   at System.DirectoryServices.DirectoryEntry.get_SchemaEntry()
   at System.DirectoryServices.AccountManagement.ADStoreCtx.IsContainer(DirectoryEntry de)
   at System.DirectoryServices.AccountManagement.ADStoreCtx..ctor(DirectoryEntry ctxBase, Boolean ownCtxBase, String username, String password, ContextOptions options)
   at System.DirectoryServices.AccountManagement.PrincipalContext.CreateContextFromDirectoryEntry(DirectoryEntry entry)
   at System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInitNoContainer()
   at System.DirectoryServices.AccountManagement.PrincipalContext.DoDomainInit()
   at System.DirectoryServices.AccountManagement.PrincipalContext.Initialize()
   at System.DirectoryServices.AccountManagement.PrincipalContext.get_QueryCtx()
   at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithTypeHelper(PrincipalContext context, Type principalType, Nullable`1 identityType, String identityValue, DateTime refDate)
   at System.DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity(PrincipalContext context, String identityValue)
   at Octopus.Server.Web.Infrastructure.Authentication.ActiveDirectoryMembership.GetOrCreateUser(String username, Boolean& wasCreated) in c:\TeamCity\buildAgent\work\1116bd9da9e239fd\source\Octopus.Server\Web\Infrastructure\Authentication\ActiveDirectoryMembership.cs:line 90
   at Octopus.Server.Web.Infrastructure.Authentication.ActiveDirectoryMembership.GetOrCreateUser(String username) in c:\TeamCity\buildAgent\work\1116bd9da9e239fd\source\Octopus.Server\Web\Infrastructure\Authentication\ActiveDirectoryMembership.cs:line 79
   at Octopus.Server.Commands.AdminCommand.Start() in c:\TeamCity\buildAgent\work\1116bd9da9e239fd\source\Octopus.Server\Commands\AdminCommand.cs:line 77
   at Octopus.Shared.Startup.ConsoleHost.Run(Action`1 start, Action shutdown) in c:\TeamCity\buildAgent\work\1116bd9da9e239fd\source\Octopus.Shared\Startup\ConsoleHost.cs:line 36
Error: The previous command returned a non-zero exit code of: 100
Error: The command that failed was: "C:\Program Files\Octopus Deploy\Octopus\Octopus.Server.exe" admin --instance="OctopusServer" --username="admin_user" --wait="5000"
Deleted instance: OctopusServer

Hi Ed,

I’m not sure why this happened. We use the following method to try and find information about the user account:

Is it possible that admin_user isn’t in the default users container, i.e., CN=Users? We don’t specify a particular domain context to search so this could be why it fails.



getting the same error. After a lot of reading it seems to be due to access rights. We are on very elaborate and locked down enterprise network. I wrote a little sample app and I cant even do “UserPrincipal.Current” without getting the same error.

As detailed in the article below we need the ability to specify the AD domain and containers since we will never have read access to enable the query to walk the full AD tree to find the user we are interested in.

Hi Werner,

Thanks for the reply.

I have created an issue in GitHub, you can track it here:
We will try to make some improvements and get this resolved for you and people in the same situation.


Yeah I’m seeing this as well. Any work around yet? I’m stuffed with no deployments without this! :frowning:

Hi James,

Unfortunately there is no work around for this at the moment.
It is also not going to be a quick fix on our end as it’s quite complicated.

Sorry for the crappy news,

Yeah, I ended up going with a username password combination. From my own work with AD it’s far from straightforward!

Add me to the list of users who wish there will be a fix for this!

Same for use, would be much nicer to be able to use AD.

After some more digging around I found this gem:

Octopus.exe configure --activeDirectoryContainer "CN=Users,DC=GPN,DC=COM"

This seems as if this simple command will give you the possibility of using another default container from Active Directory to validate users.

I have tested this only briefly but I was able to login with AD credentials in a non standard container.

So probably this is something that should be added to the installation documentation and then this thread could be closed?

Yep that did it, along with getting our user permissions to query active directory.