Skip to main content

Posts

Showing posts from December, 2010

Programming AD with C#.NET – part 4

Our transition to the System.DirectoryServices.Protocols has in the whole gone very smooth, but there have been some issues with one environment that contains subdomains. Most things are working fine, but writing to a subdomain does not work in the same way as it did before.

What is generally bad with the System.DirectoryServices.Protocols is the documentation, which is practically non-existent. But most things can  be figured out anyway since most classes just are wrappers for the wldap32.dll, which in turn is way better documented.

I would like to have as little bindings to a specific server as possible but still be able to access the domain. In the LdapConnection it is possible to set the identifier to null and use the executing computer as a starting point to find a domain controller. But sometimes I must know that I am using a Global Catalog, and with more and more RODC in the environment I sometimes must know that I am working against a writeable domain controller.

With the pro…

Programming AD with C#.NET – part 3

So far we have managed to exclude System.DirectoryServices because of our original issues, and System.DirectoryServices.AccountManagement because of performance issues. What is left for us now is System.DirectoryServices.Protocols, and that is the namespace of our choice.

Generally the System.DirectoryServices.Protocols is pretty similar to System.DirectoryServices, so it is not a big deal to rebuild our existing classes to a newer version. But there are always some small obsacles that need to be conquered. A very good guide to get started with these classes is written by Ethan Wilansky and published on MSDN, Introduction to System.DirectoryServices.Protocols.

An small issue is that you always have to know if an attribute exists before you try to remove it. The same thing applies when an attribute is saved, you must know if it is a new attribute to be created or an existing attribute that should be updated. If an incorrect action is taken a DirectoryOperationException will be thrown. …

Programming AD with C#.NET – part 2

To work around the memory leaking issues in the .NET classes is in theory quite simple, do not use those classes. That is the starting point we had. Instead what we want to do is, by minimizing the affection on all our projects, rebuild our AD classes to use a beter way to communicate with the Active Directory.

In .NET 2.0 the System.DirectoryServices.Protocols was introduced, which is a collection of general classes to communicate with practically any directory over LDAP. Unlike System.DirectoryServices which builds on ADSI, the System.DirectoryServices.Protocols builds on the newer and better wldap32.dll.

Heres an overview of the different namespaces and what teqniques they rely on, taken from Introduction to System.DirectoryServices.Protocols.


In .NET 3.5 yet another namespace arrived, namely System.DirectoryServices.AccountManagement. This is excactly as it sounds a set of classes for account management. In theory this is exactly what we need. The classes are very easy to use and …