C# LDAP SEARCH WITHOUT BIND

Question

I would like to ask if there is a LDAP C# function that allows me to do a search in the AD without the need to call the bind?

I tried using LDP.exe, windows GUI LDAP tool, to search through the AD, it returns the information correctly, however, as I do not have access to the AD, I do not know the credentials needed to bind with the AD.

I had tried using LDIDFE.exe, windows command line LDAP tool, to search the AD, it returned me a mix of incorrect and correct information. Does anyone knows why?

I believe LDP.exe used the C++ function ldap_search_s to carry out the search. Is there any ways I can do this in C#?

Thank you.

Answer 1

If your program is running on a computer joined to the domain of interest, and you know only your credentials and not any elevated account, you can at least enumerate various objects like user accounts and security groups.

You can use AD powershell , or use .net's System.DirectoryServices Namespace or the System.DirectoryServices.AccountManagement Namespace .

The System.DirectoryServices.AccountManagement Namespace namespace is newer, simpler and preferred way , unless there is something you cannot do using it, then you can use System.DirectoryServices Namespace

The following example is copied from this MSDN article

PrincipalContext ctx = new PrincipalContext(ContextType.Machine);

UserPrincipal usr = UserPrincipal.FindByIdentity(ctx, 
                                           IdentityType.SamAccountName, 
                                           "Guest");

if(usr != null)
{
    if (usr.Enabled == false)
        usr.Enabled = true;

    usr.Save();
    usr.Dispose();
}
ctx.Dispose();