Determine current domain controller programmatically

Question

I need to query current domain controller, probably primary to change user password.

(P)DC name should be fully qualified, i.e. DC=pdc,DC=example,DC=com (how to properly name such notation?)

How can it be done using C#?

Answer 1

(requires System.DirectoryServices.AccountManagement.dll):

using (var context = new System.DirectoryServices.AccountManagement.PrincipalContext(ContextType.Domain))
{
    string server = context.ConnectedServer; // "pdc.examle.com"
    string[] splitted = server.Split('.'); // { "pdc", "example", "com" }
    string[] formatted = splitted.Select(s => String.Format("DC={0}", s))); // { "DC=pdc", "DC=example", "DC=com" }
    string joined = String.Join(",", formatted); // "DC=pdc,DC=example,DC=com"

    // or just in one string

    string pdc = String.Join(",", context.ConnectedServer.Split('.').Select(s => String.Format("DC={0}", s)));
}

Answer 2

If you are looking to interact the Active Directory, you shouldn't have to know where the FSMO roles are for the most part. If you want to change the AD topology from your program (I wouldn't), look at the DomainController class.

If you want to change a user password, you can invoke those actions on the User object, and Active Directory will make sure that the changes are properly replicated.

copied from http://www.rootsilver.com/2007/08/how-to-change-a-user-password

public static void ChangePassword(string userName, string oldPassword, string newPassword)
{
        string path = "LDAP://CN=" + userName + ",CN=Users,DC=demo,DC=domain,DC=com";

        //Instantiate a new DirectoryEntry using an administrator uid/pwd
        //In real life, you'd store the admin uid/pwd  elsewhere
        DirectoryEntry directoryEntry = new DirectoryEntry(path, "administrator", "password");

        try
        {
           directoryEntry.Invoke("ChangePassword", new object[]{oldPassword, newPassword});
        }
        catch (Exception ex)  //TODO: catch a specific exception ! :)
        {
           Console.WriteLine(ex.Message);
        }

        Console.WriteLine("success");
}

Answer 3

We are using something like this for our internal applications.

Should return something like DC=d,DC=r,DC=ABC,DC=com

 public static string RetrieveRootDseDefaultNamingContext()
 {
    string returnValue = string.Empty;
    try
    {
        String RootDsePath = "LDAP://RootDSE";
        String DefaultNamingContextPropertyName = "defaultNamingContext";
        DirectoryEntry rootDse = new DirectoryEntry(RootDsePath);
        rootDse.AuthenticationType = AuthenticationTypes.Secure;

        PropertyValueCollection propertyValues = rootDse.Properties[DefaultNamingContextPropertyName];
        object propertyValue = propertyValues.Value;
        if (propertyValue != null)
        {
            returnValue = propertyValue.ToString();
        }
    }
    catch (Exception ex)
    {
        throw;
    }

    return returnValue;
}