0

I'm trying to integrate a system with Active Directory using the System.DirectoryServices.AccountManagement stuff. Our IT people have setup an AD box and my dev box is not part of this (or any) domain.

So far, I have 3 lines of code as a test:

  var pc = new PrincipalContext(ContextType.Domain, "machine", "CN=Administrator,CN=Users,DC=domain,DC=com", "Password");

  var user = UserPrincipal.FindByIdentity(pc, IdentityType.SamAccountName, "Administrator");

  var gp = GroupPrincipal.FindByIdentity(pc, IdentityType.SamAccountName,  "Admins");

Creating the PrincipalContext works as listed above, but if I try to use the domain name instead of the server name then I get an error : The server could not be contacted. So, I left this on the machine name.

When getting the user or group, I get an error : A local error has occurred.

For the user, I also tried this with the same result:

var user = UserPrincipal.FindByIdentity(pc, IdentityType.DistinguishedName, "cn=Administrator,ou=users,dc=domain,dc=com");

So, overall, I'm confused :(

Does anyone have any suggestions?

As a side note, I'd like to kick the programmer who thought that 'a local error has occurred' would be a useful error message!

Cheers

PS: I can use the SysInternals AD Explorer just fine from my machine and I can see the dn's I'm trying to use.

PPS: If I use machine.domain.com for the name when creating the PrincipalContext, it also fails to connect.

Jonesie
  • 6,997
  • 10
  • 48
  • 66

2 Answers2

5

So this is one of those things that makes perfect sense AFTER you hack through to the solution. The problem was the Context was trying to use a Negotiated security context which is not configured. When I used SimpleBind it works just fine:

    var pc = new PrincipalContext(ContextType.Domain, "machine", "DC=domain,DC=com", ContextOptions.SimpleBind, "CN=Administrator,CN=Users,DC=domain,DC=com", "Password");

Cheers

PS: A more useful error message would have saved me a days head scratching!

Jonesie
  • 6,997
  • 10
  • 48
  • 66
2

To do the search using the credentials of the current user, specify the domain as such:

new PrincipalContext(ContextType.Domain, "xyz.mycorp.com:3268", "DC=mycorp,DC=com");

From When do I need a Domain Name and a Domain Container to create a PrincipalContext?

Community
  • 1
  • 1
Chad Killingsworth
  • 14,360
  • 2
  • 34
  • 57