0

I have a problem: I need to connect from a remote server to Active Directory, but the code has to be using the LdapConnection class. I need this because that way I can only test change notifiers when some event happen (such as user is deactivated or he changed group, data etc). OS on the remote server is Windows Server 2012.

I managed to do this from local using DirectoryServices with the following code:

String ldapPath = "LDAP://XRMSERVER02.a24xrmdomain.info";
directoryEntry = new DirectoryEntry(ldapPath, @"A24XRMDOMAIN\username", "pass");

//// Search AD to see if the user already exists.
DirectorySearcher search = new DirectorySearcher(directoryEntry);
search.Filter = "(&(objectClass=user))";
SearchResult result = search.FindOne();

This is okay and connection works but now I need to connect using the LdapConnection class.

I tried something like this on many ways but none of that helped me:

LdapConnection connection = new LdapConnection(XRMSERVER02.a24xrmdomain.info);
var credentials = new NetworkCredential(@"A24XRMDOMAIN\username", "pass");             
connection.Credential = credentials;
connection.Bind();

It says that credentials are invalid but that is not true.

Explanations:

  • XRMSERVER02 - Domain controller
  • a24xrmdomain.info - Domain
  • A24XRMDOMAIN - Domain used for logging

Thanks for your help.

marc_s
  • 732,580
  • 175
  • 1,330
  • 1,459
Dan
  • 448
  • 10
  • 20

2 Answers2

1

Even though I solved my problem I want to share with other developers what I achieved so far. Problem that I encountered was that I had remote server with OS Windows server 2012 and Active directory on it. I needed to connect on him via my local machine(Windows 10). As I stated in my question it is possible to do that via DirectoryServices with the following code:

String ldapPath = "LDAP://(DomainController).a24xrmdomain.info";
directoryEntry = new DirectoryEntry(ldapPath, @"DOMAIN\username","pass");

//// Test search on AD to see if connection works.
DirectorySearcher search = new DirectorySearcher(directoryEntry);
search.Filter = "(&(objectClass=user))";
SearchResult result = search.FindOne();

This is one of the solutions, but since my task was to get notification and to identify when ever some object has changed in Active Directory, I needed connection to Active Directory on Remote server via LDAP class. Code for getting notifiers is taken from:
- Registering change notification with Active Directory using C#

I succeeded to connect with LDAP class via next code:

String ldapPath2 = "(DomainController).a24xrmdomain.info";
LdapConnection connection = new LdapConnection(ldapPath2);
var credentials = new NetworkCredential(@"username", "pass");             
connection.Credential = credentials;
connection.Bind();

Want to mention that no IP address of remote server is needed, just Domain Controller that is used on him, and that Domain used for logging is unnecessary.

Happy coding

Community
  • 1
  • 1
Dan
  • 448
  • 10
  • 20
0

Try using NetworkCredential constructor with 3 parameters: username, password and domain. Specify domain separately from user name

oldovets
  • 695
  • 4
  • 9
  • I do not recommend using change notifications in case you are going to monitor the entire domain. This technique is designed to use when you need to monitor a specified object or multiple objects for attributes changes. In highly loaded environments this technique simply does not work: you will not receive all notifications on changes (add 10K users to the domain and see what happens). For polling changes in the entire domain use DirSync or USN technique. – oldovets Sep 25 '16 at 23:41
  • Did you mean on my question regarding for notifications http://stackoverflow.com/questions/39261263/notify-me-when-events-in-active-directory-occur-in-c-sharp ..I'm using notifiers for that I'm not sure how to change to other techniques, maybe to set some TImer for every 5 sec to check uSNChanged attribute state? I have previous state of the object so it could work on that way. I'm not sure what are other options. Can you please check my answer on provided link? Thanks – Dan Oct 05 '16 at 20:59
  • For uSNChanged technique you can do the following steps: 1. Connect to DC. 2. Query current highestCommitedUsn from this DC (name it hcusn) (see https://msdn.microsoft.com/en-us/library/system.directoryservices.activedirectory.domaincontroller.highestcommittedusn(v=vs.110).aspx). 3. Collect current AD snapshot from this DC by specifying (uSNChanged <= hcusn) in LDAP filter if you need previous values. 4. Store hcusn on disk. 5. Connect to the same DC again. 6. Query highestCommitedUsn (name it hcusnnew) 4. Collect changes by specifying &(uSNChanged>hcusn)(uSNChanged<=hcusnew) in LDAP filter. – oldovets Oct 05 '16 at 22:58
  • I strongly recommend to use LDAP, not ADSI (DirectorySearcher) to query changes. Here is example of LDAP Searcher: http://dunnry.com/blog/2008/06/05/PagedAsynchronousLDAPSearchesRevisited.aspx, as DirectorySearcher has some issues when used in a service-based application (see http://stackoverflow.com/questions/10291009/system-directoryservices-directorysearcher-causing-arithmetic-operation-resulte) – oldovets Oct 05 '16 at 23:07
  • And here is an example of DirSync polling technique: http://stackoverflow.com/questions/3819824/how-to-query-changes-in-active-directory-including-deleted-objects. – oldovets Oct 05 '16 at 23:25