Connect to Active Directory via Ldap

Connect to Active Directory via LDAP

DC is your domain. If you want to connect to the domain example.com than your dc's are: DC=example,DC=com

You actually don't need any hostname or ip address of your domain controller (There could be plenty of them).

Just imagine that you're connecting to the domain itself. So for connecting to the domain example.com you can simply write

DirectoryEntry directoryEntry = new DirectoryEntry("LDAP://example.com");

And you're done.

You can also specify a user and a password used to connect:

DirectoryEntry directoryEntry = new DirectoryEntry("LDAP://example.com", "username", "password");

Also be sure to always write LDAP in upper case. I had some trouble and strange exceptions until I read somewhere that I should try to write it in upper case and that solved my problems.

The directoryEntry.Path Property allows you to dive deeper into your domain. So if you want to search a user in a specific OU (Organizational Unit) you can set it there. 

DirectoryEntry directoryEntry = new DirectoryEntry("LDAP://example.com");
directoryEntry.Path = "LDAP://OU=Specific Users,OU=All Users,OU=Users,DC=example,DC=com";

This would match the following AD hierarchy:

  • com

    • example

      • Users

        • All Users

          • Specific Users

Simply write the hierarchy from deepest to highest.

Now you can do plenty of things

For example search a user by account name and get the user's surname:

DirectoryEntry directoryEntry = new DirectoryEntry("LDAP://example.com");
DirectorySearcher searcher = new DirectorySearcher(directoryEntry) {
    PageSize = int.MaxValue,
    Filter = "(&(objectCategory=person)(objectClass=user)(sAMAccountName=AnAccountName))"
};

searcher.PropertiesToLoad.Add("sn");

var result = searcher.FindOne();

if (result == null) {
    return; // Or whatever you need to do in this case
}

string surname;

if (result.Properties.Contains("sn")) {
    surname = result.Properties["sn"][0].ToString();
}

Can you use LDAP to connect to Active Directory with just an IP, username, and password?

Thank you user207421 for your suggestion.

I did tested in my system seems it can be possible. please follow the below steps to get it apply.

In the below steps I have shown how I can connect to active directory from another server using AD LDAP with just IP, username, and password

Prerequisite:

• Off the firewall for both of the server which you are going to created.

• Make sure the both the VM under same VNET and subnet.

Step 1: Created a VM e.g. : VM11 and install and Active Directory and DNS server.Set the domain name as contoso.com.

Step 2: Created another VM e.g.: VM110

Step 3: Join your VM110 to the contoso.com domain.

• Add the Ip address of VM11 under DNS server in VNET.

Sample Image

Click over change to set the domain name of your server. I have already setup to contoso.com.

Sample Image

Step 4: installed the Active Directory Lightweight Directory service on VM110 and try to connect to VM11 server for access the Active directory.

Sample Image

Set up the inbound and outbound port number 389 or 3269 or 636 for the both VM’s. LDAPS communication occurs over port TCP 636. LDAPS communication to a global catalog server occurs over TCP 3269. I am not able to set the port number as I have restriction in my subscription you can try in your system and then try further below steps.

Step 5: (1) bind anonymously and search for the DN of the user whose username is X; (ii) try to bind as that DN and password. AD may have some other method.

You can also refer this document for apply the same.

How to connect to Active Directory using LDAP from C++?

  1. How do I connect to Active Directory in this LDAP query? Do I pass the server name or the Active Directory domain name in the host name in the code?

As per the code sample shared by you in the question, the docs clearly states that the code can be executed by:
(i) either passing the server name as a command line parameter,
(ii) or in case of no parameter a serverless bind attempt is performed.

From Microsoft DOCS on Serverless Binding and RootDSE:

If possible, do not hard-code a server name. Furthermore, under most
circumstances, binding should not be unnecessarily tied to a single
server. Active Directory Domain Services support serverless binding,
which means that Active Directory can be bound to on the default
domain without specifying the name of a domain controller. For
ordinary applications, this is typically the domain of the logged-on
user. For service applications, this is either the domain of the
service logon account or that of the client that the service
impersonates.

Since you're new to Active Directory, I'd suggest you to try running the code by passing your AD domain name (e.g., domain.local, corp.org, etc).


  1. Also I am getting a server name not resolved error. Should I use the dns service in Windows server or my local lan in order to get rid of the error?

This would be tough to answer without more information. By default, name resolution is done first by etc/hosts file, or else by DNS, if the resolution is not possible through former! You should mostly rely on the latter, i.e, correct DNS setting.

You need to investigate why the lookup is failing for the hostname you've supplied. You can do a simple test by checking the output of the command nslookup yourADServerHostName or nslookup yourADServerFQDN in command prompt, and check if it gets resolved to the intended IP-Address.

NOTE: Please make sure that you're using a proper DNS Server entry in the network setting of the system where you're executing the code.

Connection string to connect to Active Directory using LDAP

Whenever I've accessed AD from .net I've done the following:

var directoryEntry = new DirectoryEntry("LDAP://capp.net");
directoryEntry.Username = "capp\dhr2";
directoryEntry.Password = "admin@12345";

Then you can query "AD" using the DirectorySearcher.

var directorySearcher = new DirectorySearcher(directoryEntry);

...

LDAP connection with AD using C++

I'm no C++ or MinGW expert, but I have a little experience, and I did some Googling. This is the only error:

undefined reference to `NetUserAdd'

The others are warnings.

By your output, it looks like your command to compile is this:

g++ ldap.cpp -o ldap

Try adding -lnetapi32 to the end of that:

g++ ldap.cpp -o ldap -lnetapi32

If you want to resolve those warnings, I think you can declare variables for the username and password rather than assigning literals directly to the struct:

 wchar_t username[] = L"username";
 wchar_t password[] = L"password";

 ui.usri1_name = username;
 ui.usri1_password = password;

Related Topics

Efficient Way to Delete a Line from a Text File

Recommendation for C# Matrix Library

How to Debug a Single Thread in Visual Studio

How to Extract Subscript/Superscript Properly from a PDF Using Itextsharp

C# Gui Refresh and Async Serial Port Communication

Differences Between Expandoobject, Dynamicobject and Dynamic

Sortedlist<>, Sorteddictionary<> and Dictionary<>

If My Interface Must Return Task How to Have a No-Operation Implementation

When Using a Settings.Settings File in .Net, Where Is the Config Actually Stored

Unit Testing File I/O

How to Add Event Handler for Dynamically Created Controls at Runtime

Memorycache Does Not Obey Memory Limits in Configuration

Vb.Net Equivalent to C# Var Keyword

Paste Event in a Wpf Textbox

Merge Multiple Word Documents into One Open Xml

How to Implement Custom Authentication in ASP.NET MVC 5

Wpf - Set Focus When a Button Is Clicked - No Code Behind

How to Import from Excel to a Dataset Using Microsoft.Office.Interop.Excel


Leave a reply



Submit