0

I am just learning to access my Active Directory and need to figure out if it is possible to access the information without having the user account password in the code. This code works:

DirectoryEntry SharePointUpdate = new DirectoryEntry("LDAP://" + "comm2k8-dc3", "juser01", "password", AuthenticationTypes.Secure);

When I try this code:

String strPath = "LDAP:// DC=MYOrganization"
DirectoryEntry SharePointUpdate = new DirectoryEntry(strPath);

I get this error

"A referral was returned from the server.\r\n

Am I missing something??

I do not want to have the user name and password in the code. Is there anyway I can do this?

Sven M.
  • 509
  • 3
  • 16
Perry
  • 1,277
  • 2
  • 17
  • 39
  • Is your AD configured to allow anonymous queries? see http://stackoverflow.com/questions/10730486/accessing-ad-without-a-user-name-password-for-read-only-access for more information. – StfBln Mar 14 '17 at 17:34
  • are you familiar with `PrincipalContext` – MethodMan Mar 14 '17 at 17:35
  • From your Tag `active-directory` I gleaned that you are in fact talking about an `Active Directory` and not an `Active Director` (missing **y** at the end). I edited your question accordingly and added some more useful tags pending approval/rejection. – Sven M. Mar 14 '17 at 17:51
  • NO Ad is not setup to allow anonymous queries. I might have to explore encrypting the password?? – Perry Mar 14 '17 at 18:35
  • Possible duplicate of ["A referral was returned from the server" exception when accessing AD from C#](http://stackoverflow.com/questions/6954170/a-referral-was-returned-from-the-server-exception-when-accessing-ad-from-c-sha) – Lukasz032 Mar 15 '17 at 05:57
  • The question was very similar, however the solution was to put the user name and password in the appconfig file. Still did not resolve the problem of not wanting to expose that info. – Perry Mar 15 '17 at 10:53

1 Answers1

0

Is this code running in the context of either a domain service account or Network Service/Local System on a domain joined machine? If so, you can use that security context to access AD.

Your LDAP://DC=MYOrganization looks potentially strange. Is your domain really a single label domain called "MyOrganization", or does it have a legal FQDN? If it's called MyOrganization.net, for example, you would connect to LDAP://DC=MyOrganization,DC=net.

Brian Desmond
  • 4,473
  • 1
  • 13
  • 11