0

I'm trying to use C# to operate AD LDS.

I can already connect to AD by my administrator account. Like this:

DirectoryEntry entry = new DirectoryEntry("LDAP://serverip/CN=xxx,DC=yyy,DC=com", username, password,AuthenticationTypes.ServerBind);

The 'username' and 'password' are administrator and it's password.

Then I create a user on my server. And I set its UserPrincipalName as 'william' and its password. I also set its msDS-UserAccountDisabled = false

I try to log this user with C#

Directory entry = new Directory("LDAP:\\serverid\CN=xxx,DC=YYY,DC=com",username,pwd,AuthenticationTypes.ServerBind);
entry.RefreshCache();

When I didn't put 'william' into 'Administrator' group, the code entry.RefreshCache(); always throw an Exception; but when I put 'william' into 'Adminitrator', this code suddenly works.

I suppose it is a problem about permission, but I can't figure out it.

Can anyone tell me why this can works. And how can I change this method. You know I don't want make user be administrator.

William H
  • 11
  • 2
  • What exact error do you receive on RefreshCache execution? – oldovets Oct 20 '17 at 07:55
  • Now I have tried to connect to openldap but I always get an error:An invalid DN syntax has been specified. – William H Oct 24 '17 at 02:07
  • Please share your code of user creation. Check that the user really exists via ADSIEdit. If you create user with DirectoryEntry verify that UseCache property is set to false – oldovets Oct 24 '17 at 18:44
  • Thanks for your advice! I have alreay solved this problem by using the LdapConnection class. I find that this class can connect to both OpenLdap and AD LDS – William H Oct 28 '17 at 05:16

0 Answers0