Tutorial :c# against Active Directory over LDAP


I'm coding some c# against Active Directory and have tried endlessly to get this to work to no avail. The following code works and the code that follows it does not:

The code below is using "WinNT://" + Environment.MachineName + ",Computer" to make the connection and works fine.

   DirectoryEntry localMachine = new DirectoryEntry          ("WinNT://" + Environment.MachineName + ",Computer");        DirectoryEntry admGroup = localMachine.Children.Find          ("Administrators", "group");        object members = admGroup.Invoke("members", null);        foreach (object groupMember in (IEnumerable)members)      {          DirectoryEntry member = new DirectoryEntry(groupMember);          output.RenderBeginTag("p");          output.Write(member.Name.ToString());          output.RenderBeginTag("p");      }            base.Render(output);  

I'm now trying to change the line:

"WinNT://" + Environment.MachineName + ",Computer"  



but it seems no matter what value I try in place of the value 'MyDomainControllerName' it wont work.

To get the 'MyDomainControllerName' value I right clicked on MyComputer and copied the computer name value as suggested elsewhere but this didn't work.

When I try using the LDAP://RootDSE option above it results in the following error:

The Active Directory object located at the path LDAP://RootDSE is not a container

Is this a problem with the member methods as you mention?


When connecting to AD using the .NET Framework, you can use "serverless" binding or you can specify a server to use everytime (server bound).

Here's an example of using both:

// serverless  DirectoryEntry rootConfig = new DirectoryEntry("LDAP://dc=domainname,dc=com");    // server bound  DirectoryEntry rootEntry = new DirectoryEntry("LDAP://domainControllerName/dc=domainName,dc=com");  

I think where you were going astray is you forgot to include the FQDN for your domain on the end. Hope this helps.


Yes- RootDSE is not a container - but it holds a number of interesting properties which you can query for - e.g. the name of your domain controller(s).

You can check these out by using code like this:

DirectoryEntry deRoot = new DirectoryEntry("LDAP://RootDSE");    if (deRoot != null)  {    Console.WriteLine("Default naming context: " + deRoot.Properties["defaultNamingContext"].Value);    Console.WriteLine("Server name: " + deRoot.Properties["serverName"].Value);    Console.WriteLine("DNS host name: " + deRoot.Properties["dnsHostName"].Value);      Console.WriteLine();    Console.WriteLine("Additional properties:");    foreach (string propName in deRoot.Properties.PropertyNames)      Console.Write(propName + ", ");    Console.WriteLine();  }  

Or save yourself the trouble and go grab my "Beavertail ADSI Browser" in C# source code - shows in detail how to connect to RootDSE and what it offers.


You need to pass it an authorized Username and password.
try setting: DirectoryEntry.Username and DirectoryEntry.Password


have you tried speciying the port number and other parms?

Our ldap string looks like: LDAP://myserver:1003/cn=admin@xyz.com|1,ou=Members,o=mdhfw2


It looks like you need to get the LDAP connection information. You can call LDAP://RootDSE to get the information as shown in the ASP.NET Wiki.

Please keep in mind that the LDAP objects do not have the same member methods and properties as the WINNT objects, so do not expect the group.Invoke("members") and other functions to work exactly the same. You should read up on the DirectoryServices documentation with LDAP as well.

Note:If u also have question or solution just comment us below or mail us on toontricks1994@gmail.com
Next Post »