0

I am trying to connect to Active Directory using service account credentials that have full access to connect to Active Directory, but unable to load property details of users.

This happens when I am logged in using 'miminstall' account which does not have access to fetch user details from AD, but in my app I have passed credentials of account that has access in AD.

When I run Visual Studio with different user (adma) that has full connection access to Active directory, I am able to connect and fetch user details without any issue.

I don't know why it is happening even though adma account credentials are passed in the code.

public string getADattributes(string DN, string operation)
        {        
            string path = "LDAP://xyz.com";

            DirectoryEntry directoryEntry = new DirectoryEntry(path, "xyz\\adma", "abc", AuthenticationTypes.Secure);
            using (directoryEntry)
            {
                DirectorySearcher objDSearcher = new DirectorySearcher();
                objDSearcher.Filter = "(distinguishedName=" + DN + ")";//search user in AD using DN
                objDSearcher.PropertiesToLoad.Add("whenCreated");
                objDSearcher.PropertiesToLoad.Add("whenChanged");
                objDSearcher.PropertiesToLoad.Add("EmployeeID");
                objDSearcher.SearchScope = SearchScope.Subtree;
                SearchResult result = objDSearcher.FindOne();
                if (result != null)//if count!=0 that means user exist in ad
                {
                    string createdDate = "";
                    string modifiedDate = "";
                    string employeeID = "";
                    if (result.Properties["whenCreated"].Count >0)
                    {
                       //able to come inside if statement when running visual studio using adma account but not when runnning with login account i.e., miminstall
                        createdDate = result.Properties["whenCreated"][0].ToString();
                    }
                    if(result.Properties["whenChanged"].Count>0)
                    {
                        modifiedDate = result.Properties["whenChanged"][0].ToString();
                    }
                    if(result.Properties["EmployeeID"].Count > 0)
                    {
                        employeeID = result.Properties["EmployeeID"][0].ToString();
                    }


                }
                return null;
            }
}
Seanny123
  • 8,776
  • 13
  • 68
  • 124
Vishnu nautiyal
  • 59
  • 6
  • When you execute this, it will be using the account that you are logged into windows with. If you want the code to execute as a specific user check out WindowsIdentity.Impersonate here: https://learn.microsoft.com/en-us/dotnet/api/system.security.principal.windowsidentity.impersonate?view=netframework-4.8 – Jake Steffen Jun 04 '19 at 13:30

1 Answers1

0

Unless this is a one time task, one would typically create a task in task scheduler or a webapp under IIS.

If this is a console application, add a new Task under Task Scheduler, set the action to run your app (give it path to your app's exe), and set the task user as 'adma'

If it's part of a webapp, create a new application pool in IIS. Then right click the newly created app pool, go to Advanced Settings > Identity and provide the credentials for 'adma'. Then assign this application pool to your webapp.

If this is not going to be a scheduled task or a webapp, and occasional on-demand run, I believe adding Impersonation would be your best option. See this SO

joym8
  • 4,014
  • 3
  • 50
  • 93