LDAP bind error codes using ADSI in C#

Question

I am binding to an ADAM instance from a C# client using the ADSI provider. When the bind fails I get a generic error condition back that indicates a failure. If I look at a network trace of the traffic I can see that the ADAM instance itself send extended error information back to my client indicating why this authentication has failed, but it seems that the ADSI provider discards this extended information and just provides me the fact that the bind failed.

For example, in a failed bind a COMException is thrown with an ErrorCode attribute that will always contain the value 8007052E. If I look at the network trace there are multiple reasons for the failure that LDAP is sending back and those could include errors for password expiration, account disabled, password invalid, user does not exist, etc.

Is there any way to get this extended error information using ADSI or the COMException object? If not, is there some other .NET provider that someone has used that is able to get this information?

Answer 1

Since I haven't had any answers, I'll answer it myself with my workaround.

Instead of trying to rely on specific return codes and return data for the LDAP calls, I have setup a service account that can do additional investigation on an account if a bind fails. For example, if a bind of user1 fails, I bind with the service account, query the user1 account and read the account attributes to further determine why the bind failed then return that info to the end user.