how to authenticate ldap when not joined to a domain in Microsoft Active Directory using c#

Question

For some reason, ldap and directory services does not work when the computer is not joined to the domain. The error messages from .net is domain not available. Anyone know what needs to be done?

the basic...

 domainAndUsername = domain + @"\" + username;
 entry = new DirectoryEntry(_path, domainAndUsername, pwd);
 entry.AuthenticationType = FindAuthTypeMicrosoft(authType);

... doesn't seem to work when logged in locally to the machine when trying to supply testdomain.com to the code above.

Even though I can ping testdomain.com without an issue. What is different or the problem?

Answer 1

Directory services rely on an ActiveDirectory. So you need to add the machine to an Domain or explicitly supply the domain controller. Note that domain does not mean a domain name from the domain name system. It means a ActiveDirectory Domain.

Answer 2

This code has worked for me in the past (though I admit I am not in a position to test it right now):

DirectoryEntry entry = new DirectoryEntry("LDAP://server-name/DC=domainContext,DC=com");
entry.Username = @"DOMAIN\account";
entry.Password = "...";
DirectorySearcher searcher = new DirectorySearcher(entry);
searcher.Filter = "(&(objectClass=user)(sn=Jones))";
SearchResultCollection results = searcher.FindAll();

The hardest part (for me anyway) is figuring out the "connection string" details. I generally rely on ADSI Edit and AD Explorer to help me figure out what the correct values are. Softerra LDAP Browser - the free version is a bit older, v2.6 and tucked away in their download section.

Answer 3

i was leaving _path blank. sorry my own issue.