Cannot get LDAP connection working - always "Unknown error"

0

I'm researching what I need to build an Active Directory search tool which ultimately will be used in a C# ASP.NET web app.

I know very little about AD (and don't particularly want to know any more than necessary) so I've asked our tech ops to set up a dummy instance on a server. This they've done giving it the domain dummy.local

I now need to work out my LDAP connection string. Here I'm completely stuck. I'm using a user account which is a member of Domain Admins. After loads of hunting round the web I've tried all sorts of things to work out the various components of the LDAP connection string. For example, if I run the following in cmd.exe for that domain admin user on the server...

dsquery user -samid "username" | dsget user -memberof -expand

...this gives me the following information:

"CN=Domain Admins,CN=Users,DC=dummy,DC=local"
"CN=Remote Desktop Users,CN=Builtin,DC=dummy,DC=local"
"CN=Users,CN=Builtin,DC=dummy,DC=local"
"CN=Administrators,CN=Builtin,DC=dummy,DC=local"
"CN=Domain Users,CN=Users,DC=dummy,DC=local"
"CN=Denied RODC Password Replication Group,CN=Users,DC=dummy,DC=local"

I've also run the following in a C# console app...

using (var context = new PrincipalContext(ContextType.Domain))
using (var comp = ComputerPrincipal.FindByIdentity(context, Environment.MachineName))
{
    Console.WriteLine(String.Join(",", comp.DistinguishedName.Split(',').SkipWhile(s => !s.StartsWith("OU=")).ToArray()));
}

...and this gives me the following:

OU=Domain Controllers,DC=dummy,DC=local

I thought I therefore had all the properties I needed to build my LDAP connection string. I ended up with this:

LDAP://COMSECWEBDEV.dummy.local/ou=Domain Controllers,/cn=Domain Admins,/cn=Users,/dc=dummy,/dc=local

I've tried using this connection string, with the username and password of the domain admin which I know is correct, but everything I try always gives me the same error:

System.Runtime.InteropServices.COMException (0x80005000): Unknown error (0x80005000)
  at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
  at System.DirectoryServices.DirectoryEntry.Bind()
  at System.DirectoryServices.DirectoryEntry.get_AdsObject()
  at System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne)
  at System.DirectoryServices.DirectorySearcher.FindOne()

Since this error gives me no detail I have no idea what I'm doing wrong. I'm sure I'm just not getting the connection string right, but I've no idea how to work out the correct string.

For completeness, here is the console code which I'm testing with:

static void Main(string[] args)
{
    var connString = ConfigurationSettings.AppSettings["lc"];
    var username = ConfigurationSettings.AppSettings["lu"];
    var password = ConfigurationSettings.AppSettings["lpw"];

    using (DirectoryEntry de = new DirectoryEntry(connString, username, password))
    {
        DirectorySearcher search = new DirectorySearcher(de);

        search.PageSize = 1001;// To Pull up more than 100 records.

        DirectorySearcher directorySearcher = new DirectorySearcher(de);
        directorySearcher.Filter = string.Format("(&(objectClass=user)(objectCategory=user) (sAMAccountName={0}))", username);

        directorySearcher.PropertiesToLoad.Add("msRTCSIP-PrimaryUserAddress");

        try
        {
            var result = directorySearcher.FindOne();

            var found = false;
            if (result != null)
            {
                if (result.Properties["msRTCSIP-PrimaryUserAddress"] != null)
                {
                    found = true;
                    Console.WriteLine("Found: " + result.Properties["msRTCSIP-PrimaryUserAddress"][0]);
                }
            }

            if (!found)
            {
                Console.WriteLine("Sad face");
            }
        }
        catch (Exception x)
        {
            Console.WriteLine(x.Message);
        }

        Console.WriteLine("------------");
    }
}
c#
asp.net
active-directory
ldap
connection-string
asked on Stack Overflow Jul 1, 2015 by getsetcode

1 Answer

1

I was trying to figure out how to properly format a LDAP connection string last week, and found this entry over on serverfault:

How can I figure out my LDAP connection string?

I noticed you had a "/" between each OU or DC entry - I didn't include those in mine, and I don't see them included in the above example either.

I'm far from an expert (obviously) but just figured I would throw it out there.

answered on Stack Overflow Jul 2, 2015 by Bob • edited Apr 13, 2017 by Community

User contributions licensed under CC BY-SA 3.0