连接到C＃.NET中的Active Directory服务器的问题

Question

I'm currently writing some software in C# which needs to connect to an AD server and get some user details. When I connect using the code below it works against most AD servers that I connect to but there are a couple where it fails with an error of "Logon failure: unknown user name or bad password.". The server name / credentials I'm using are definately correct as I've tested them with an LDAP Browser and the AD server is using standard security (port 389 etc). Can anyone offer any advice?

Cheers

Tim

DirectoryEntry d = new DirectoryEntry("LDAP://" + domain, admin_username, admin_password);

try
{
   object x = d.NativeObject;
}
catch
{
   throw;
}

Answer 1

I've had similar issues programming .net / AD in the past. One thing I found useful is using an LDAP viewer to see if I can connect to certain servers, etc. In this way, I can at least determine if it is a .NET error (perhaps my code), a credential error, etc.

I use the free/lite version of Softerra's LDAP viewer ( http://www.ldapbrowser.com/download.htm ) although I'm sure there are many others to choose from out there. If you try the one listed here, make sure to download the 'LDAP browser' and not 'LDAP Administrator'. The browser is the free one.

Try connecting to the same LDAP path you're having trouble with in code, using a LDAP browser/viewer. This will at least as step one determine if it is a .NET/code issue or not. If you can't connect via the browser, it can be helpful to play around with the connection options, such as port, domain (FQDN), etc.

Hope this might help narrow things down.

Answer 2

Active Directory allows at least three different logon name styles:

1. LDAP - ie LDAP DN. For example: cn=JohnS, ou=Users, dc=example, dc=com
2. NTLM. For example: EXAMPLE\\JohnS
3. Kerberos principal name: For example: johns@example.com

However, you cannot login with just JohnS like you do with Windows box. It's a very common mistake.