Home/ Questions/Q 6786701
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-26T17:16:38+00:00

I built a test Active Directory server in Window 2008 and I also run

  • 0

I built a test Active Directory server in Window 2008 and I also run the DNS server on it. On my client machine which runs the C# application, I can authenticate the user against the Active directory server using the function below:

public static UserPrincipal GetUserPrincipal(string usrName,string pswd,string domainName)
{
   UserPrincipal usr;
   PrincipalContext ad;

   // Enter Active Directory settings
   ad = new PrincipalContext(ContextType.Domain, domainName,usrName,pswd);

   //search user
   usr = new UserPrincipal(ad);
   usr.SamAccountName = usrName;

   PrincipalSearcher search = new PrincipalSearcher(usr);
   usr = (UserPrincipal)search.FindOne();
   search.Dispose();
   return usr;
}

In a separate logic I tried to retrieve a user back from the server using a user name. I used the functions below:

public static DirectoryEntry CreateDirectoryEntry()
{
   // create AD connection
   DirectoryEntry de = new DirectoryEntry("LDAP://CN=Users,DC=rootforest,DC=com","LDAP","password");
   de.AuthenticationType = AuthenticationTypes.Secure;
   return de;
}

public static ResultPropertyCollection GetUserProperty(string domainName, string usrName)
{
    DirectoryEntry de = CreateDirectoryEntry();
    DirectorySearcher deSearch = new DirectorySearcher();
    deSearch.SearchRoot = de;
    deSearch.Filter = "(SamAccountName=" + usrName + ")";
    SearchResult results = deSearch.FindOne();

    return null;
}

However, I got no response back from the LDAP server at all, not even an exception. Am I missing certain settings on LDAP server, any of you able to see a flaw in my code (pls don’t mind the hard code values, I was testing with this code).

As part of my troubleshooting, I confirmed that I can ping to the rootforest.com from the client machine. I confirmed the user with property samaccountname “LDAP” exists. My path seems to be right because when I go onto the LDAP server and type :

dsquery user -name LDAP*

I got the following:

CN=LDAP L. LDAP,CN=Users,DC=rootforest,DC=com

Any help would be greatly appreciated, I’ve spent most of my day troubleshooting and researching this little bugger and I think it could be something small which I overlooked.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I don’t understand why you’re using the new PrincipalContext / UserPrincipal stuff in your first example, but fall back to the hard to use DirectoryEntry stuff in your second example…. doesn’t really make sense… also: your second function GetUserProperty seems to return null always – typo or not??

    Since you’re on already using the System.DirectoryServices.AccountManagement (S.DS.AM) namespace – use it for your second task, too! Read all about it here:

    Basically, you can define a domain context and easily find users and/or groups in AD:

    public static ????? GetUserProperty(string domainName, string usrName)
{
   // set up domain context
   PrincipalContext ctx = new PrincipalContext(ContextType.Domain);

   // find a user
   UserPrincipal user = UserPrincipal.FindByIdentity(ctx, usrName);

   if(user != null)
   {
      // return what you need to return from your user principal here
   }
   else
   {
       return null;
   }
}

    The new S.DS.AM makes it really easy to play around with users and groups in AD:

    • 0