Skip to main content


Showing posts from December, 2010

Programming AD with C#.NET – part 4

Our transition to the  System.DirectoryServices.Protocols  has in the whole gone very smooth, but there have been some issues with one environment that contains subdomains. Most things are working fine, but writing to a subdomain does not work in the same way as it did before. What is generally bad with the  System.DirectoryServices.Protocols is the documentation, which is practically non-existent. But most things can  be figured out anyway since most classes just are wrappers for the wldap32.dll, which in turn is way better documented. I would like to have as little bindings to a specific server as possible but still be able to access the domain. In the  LdapConnection  it is possible to set the identifier to null and use the executing computer as a starting point to find a domain controller. But sometimes I must know that I am using a Global Catalog, and with more and more RODC in the environment I sometimes must know that I am working against a writeable domain controller.

Programming AD with C#.NET – part 3

So far we have managed to exclude  System.DirectoryServices  because of our original issues, and  System.DirectoryServices.AccountManagement  because of performance issues. What is left for us now is  System.DirectoryServices.Protocols , and that is the namespace of our choice. Generally the  System.DirectoryServices.Protocols  is pretty similar to System.DirectoryServices , so it is not a big deal to rebuild our existing classes to a newer version. But there are always some small obsacles that need to be conquered. A very good guide to get started with these classes is written by Ethan Wilansky and published on MSDN, Introduction to System.DirectoryServices.Protocols . An small issue is that you always have to know if an attribute exists before you try to remove it. The same thing applies when an attribute is saved, you must know if it is a new attribute to be created or an existing attribute that should be updated. If an incorrect action is taken a  DirectoryOperationException w

Programming AD with C#.NET – part 2

To work around the memory leaking issues in the .NET classes is in theory quite simple, do not use those classes. That is the starting point we had. Instead what we want to do is, by minimizing the affection on all our projects, rebuild our AD classes to use a beter way to communicate with the Active Directory. In .NET 2.0 the  System.DirectoryServices.Protocols  was introduced, which is a collection of general classes to communicate with practically any directory over LDAP. Unlike  System.DirectoryServices  which builds on  ADSI , the  System.DirectoryServices.Protocols  builds on the newer and better wldap32.dll. Heres an overview of the different namespaces and what teqniques they rely on, taken from  Introduction to System.DirectoryServices.Protocols . In .NET 3.5 yet another namespace arrived, namely  System.DirectoryServices.AccountManagement . This is excactly as it sounds a set of classes for account management. In theory this is exactly what we need. The classes are v