C# Get Domain Active directory Information by Windows Credentials


I've been searching a lot on the web for Active Directories and windows authentications. I've succeded on getting the User information from the Domain AD but I had to pass the User name AND PASSWORD. So to put you into my context :

I have a Domain where I've set my users. Each Users will be connecting to the domain with their given credentials. So they will log into their PC and when they open a VS 2013 C# application it will check if the users Exists on the Domain if he does then return the AD information if the users doesn't exist then show a Login Page to enter the Credentials. Since I can have external users connecting to my Domain etc ...

right now I cannot access the AD with the user's windows authentication it gives me a Unkown error on the Search.FindOne();

public static void GetActiveDirectoryUser(string UserName) 
            // Create LDAP connetion object
            DirectoryEntry ldapConnection = CreateDirectoryEntry();

            // Create Search object which operates on LDAP connection object
            // and set search object to only find the user specified
            DirectorySearcher search = new DirectorySearcher(ldapConnection);

            // Create results objects from search object
            SearchResult result = search.FindOne();

            if (result != null)
                // User exists, cycle through LDAP fields (cn, telephonenumber, etc.)
                ResultPropertyCollection fields = result.Properties;

                foreach (string ldapField in fields.PropertyNames)
                    // Cycle through objects in each field e.g group membership
                    foreach (Object objCollection in fields[ldapField])
                        Console.WriteLine(String.Format("{0, -20} : {1}", ldapField, objCollection.ToString()));
        catch (Exception e)
            Console.WriteLine("Exception Caught:\n\n" + e.ToString());

    static DirectoryEntry CreateDirectoryEntry()
        string pathDomainName = "WinNT://MyDomain/Fred,Person";

        DirectoryEntry ldapConnection = new DirectoryEntry(pathDomainName);

        return ldapConnection;

This is the error I'm getting

System.Runtime.InteropServices.COMException (0x80005000): Unknown error (0x80005000)
at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_AdsObject()
at System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne)
at System.DirectoryServices.DirectorySearcher.FindOne()

but when I use this string

string pathDomainName = "LDAP://MyDomain";
DirectoryEntry directoryEntry = new DirectoryEntry(pathDomainName, "Fred", "f12345!");

it works, it returns me all the AD for the user, but I've already logged in with the windows authentication, why would I pass the credentials again ? I just need to know that if the user exists on the domain that's it


asked on Stack Overflow Nov 11, 2014 by Sam

1 Answer


If you're on .NET 3.5 and up, you should check out the System.DirectoryServices.AccountManagement (S.DS.AM) namespace. Read all about it here:

Basically, you can define a domain context and easily find users and/or groups in AD:

// set up domain context
using (PrincipalContext ctx = new PrincipalContext(ContextType.Domain))
    // find a user
    UserPrincipal user = UserPrincipal.FindByIdentity(ctx, "SomeUserName");

    if(user != null)
       // do something here....     

    // or alternatively: get the currently logged in user
    UserPrincipal current = UserPrincipal.Current;


The new S.DS.AM makes it really easy to play around with users and groups in AD!

answered on Stack Overflow Nov 11, 2014 by marc_s

User contributions licensed under CC BY-SA 3.0