tags:

views:

3482

answers:

3

Hi Guys. I have the following code (C#):

(Tweaked from: http://www.eggheadcafe.com/conversation.aspx?messageid=31766061&threadid=31766050)

        DirectorySearcher dseSearcher = new DirectorySearcher();

        string rootDSE = dseSearcher.SearchRoot.Path;
        DirectoryEntry rootDE = new DirectoryEntry(rootDSE);

        string userDSE = rootDSE.Insert(7, "OU=Users,");
        DirectoryEntry userDE = new DirectoryEntry(userDSE);

The rootDSE is created correctly, however, the user userDSE is unusable and throws "There is no such object on the server" exception if i attempt to use it.

The LDAP strings are as follows:

Root: LDAP://DC=company,DC=local

User: LDAP://OU=Users,DC=company,DC=local

I'm running on Vista as Admin, but need this to work on XP (Admin) as well.

I'm new to LDAP and Directory Management, so i'm stumbling around in the dark here. Any thoughts? Also - any articles to link too that could give me some insight into how it all works would be appreciated.

Regards

+1  A: 

The first thing I would try as a test is to hardcode your desired path when you create a directory entry like so:

DirectoryEntry de = new DirectoryEntry("LDAP://OU=Users,DC=company,DC=local");

This will tell you pretty quick if this is an actual path in your Active Directory. I don't know what your AD looks like so I can't tell you if this is a valid path or not. Under your Active Directory Users and Computers MMC plugin, if this path is correct, then you should have your root domain, and a OU folder under the root called Users.

Paths are generated backwards in AD, so if your Users folder is under another OU off the root than it would be

DirectoryEntry de = new DirectoryEntry("LDAP://OU=Users,OU=<first OU folder>,DC=company,DC=local");

So your AD schema would look like:

 Root 
 |
 --><first OU folder>
     |
     -->Users

A great article on how to manage Active Directory in .NET:

HowTo: Do (Almost) Everything in Active Directory via C#

You might also want to research the System.DirectoryServices, System.DirectoryServices.ActiveDirectory, and the System.DirectoryServices.AccountManagement namespaces provided in the .Net 3.5 Framework. I believe System.DirectoryServices, and ActiveDirctory namespaces were available staring in .Net 1.1, and AccountManagement was introduced in .Net 3.5.

Microsoft Documentation - A lot of good links on how to use the namespace

Addendum:

To actually find a user in AD you will want to do the following:

 DirectoryEntry de = new DirectoryEntry();
 de.Path = "LDAP://DC=company,DC=local";
 de.AuthenticationType = AuthenticationTypes.Secure;

 DirectorySearcher deSearch = new DirectorySearcher();

 deSearch.SearchRoot = de;
 deSearch.Filter = "(&(objectClass=user) (cn=" + username + "))";

 SearchResult result = deSearch.FindOne();

 if (result != null)
 {
     DirectoryEntry deUser = new DirectoryEntry(result.Path);
     ... do what ever you need to the deUser
     deUser.Close();
 }
Scott Lance
Hmmm, thankyou for the links, most useful. I'm limited to .Net 2.0 for this project.Also, i'm looking to create a local user on any machine that my application is Installed on, so the Users group may vary. Is there any easy way to get the standard Users group?Cheers
Also - where do i get the UserId from? It seems to be randomly thrown into the sample code in the link i supplied, and i don't know what it should be.
If you are looking to create a local user then you wont be using Active Directory, instead you will need to use the Win32 APIs, which are a bit more complicated. See http://www.codeproject.com/KB/cs/groupandmembers.aspxAs for your 2nd comment, OU=Users is not a user ID, OU is short or Organizational Unit, if you are trying to find a User you want to use CN=<user name>, CN is short for Common Name and what you need to use to filter users. See http://stackoverflow.com/questions/825237/how-can-you-find-a-user-in-active-directory-from-c/825347#825347 on how to query users in AD.
Scott Lance
See the addendum to my post, that will allow you to actually search for a user in your AD off the root, it should find any user with the user named supplied on the Filter assignment, simply hardcode or pass in the user you wish to find.
Scott Lance
A: 

This may seem silly and stupid, but the default tree setup in Active Directory is not OU=Users,dc=domain,dc=com but rather cn=Users,dc=domain,dc=com (Note the CN= not the OU= for Users.

It seems stupid since a container object (objectClass of cn) in AD cannot be a recipient of group policy, but for reasons I do not understand, that is the default.

Gets almost everybody I meet, first time they try to LDAP bind/auth to AD.

geoffc
A: 

As geoffc mentioned correctly, in Active Directory the "Users" under the domain is a container object rather than organizational unit object. This results in a totally different LDAP path which is why you get the error message.

Try the following code and post if it fixes your issue:

// Replace the "company" and "com" with actual domain values...
DirectoryEntry de = new DirectoryEntry("LDAP://CN=Users,DC=company,DC=com");
DirectorySearcher deSearch = new DirectorySearcher();
deSearch.SearchRoot = de;

// Set your other search params here
Joshua