Connecting to Active Directory via .NET

Question

I have a virtual machine with Active Directory that I want to connect to using .NET, I've already connected to an ubuntu machine running OpenLDAP but when connecting to AD it's not working smoothly.

The code I'm attempting to connect with is as follows:

var directoryEntry = 
    new DirectoryEntry("LDAP://192.168.1.1", @"EXAMPLE\Administrator", "Abc1234");

try
{
   var test = directoryEntry.NativeObject;
}
catch (Exception e)
{
    System.Diagnostics.Debug.WriteLine(e.Message);
}

Watching the locals window the variable directoryEntry's Guid, name etc says "Function evaluation timed out".

Then when it arrives at the try block it simply says "The server is not operational".

I've also tried this code, and it fails at the "ldap.bind" telling me that "the ldap-server is unavailable".

using (var ldap = new LdapConnection("192.168.1.1:389"))
{
    ldap.AuthType = AuthType.Basic;
    ldap.SessionOptions.ProtocolVersion = 3;
    ldap.Bind(new NetworkCredential(@"EXAMPLE\Administrator", "Abc1234"));
}

I know the server is up and running, I know that they have a connection (machines can ping each other) but I can't figure out why it isn't working. Can any of you see if there are any flaws in the code? (and yes I've googled all of the errors and various questions about connecting to AD before asking this question but none of the solutions have worked).

Answer 1

If you domain name is 'example.com' and let say you have an organization unit (OU) called 'users'. This works perfectly fine for me.

However the machine where this code runs, is added to the AD domain and it runs with an AD user account. If you do not have a machine added to the same domain which you are querying, you may try "Run as" option (Shift + Right Click) to launch the program or visual studio.

    public static List<string> GetAllUsers()
    {
        List<string> users = new List<string>();

        using (DirectoryEntry de = new DirectoryEntry("LDAP://OU=Users,DC=example,DC=local"))
        {
            using (DirectorySearcher ds = new DirectorySearcher(de))
            {
                ds.Filter = "objectClass=user";
                SearchResultCollection src = ds.FindAll();
                foreach (SearchResult sr in src)
                {
                    using (DirectoryEntry user = new DirectoryEntry(sr.Path))
                    {
                        users.Add(new string(user.Properties["sAMAccountName"][0].ToString()));

                    }
                }
            }

        }
        return users;
    }

Answer 2

I tested your code (with changed domain / password...) in my own Active Directory test environment, it works. If I use a wrong password intentionally for testing purpose, I get "invalid credentials". Fine.

"The server is not operational" will be returned if LDAP is completely unavailable. So it seems that eg port 389 is not reachable. Firewall ?

LDAP SSL (port 636) ??

If you do not have a machine added to the same domain which you are querying, you may try "Run as" option (Shift + Right Click) to launch the program or visual studio.

Yes, this was my first idea too as I saw this question. However, it seems that you will get another error in this case.

What I suggest: install WireShark, the network analyzer and check what is sent over the wire (assuming your AD is running on another machine). WireShark helped me more than often to diagnose errors with AD, login, SMB or other protocols.

PS:

The answer from Ravi M Patel is a nice example of searching, I almost do the same in my own code.

Answer 3

Problem solved. I had two network adapters and adapter 1 had dhcp and the static ip I was attempting to connect was running on adapter 2. I simply gave adapter 1 the static adress and was able to connect that way, seemingly the code connects via adapter 1 per default. And Thanks for all the answers guys :)