Skip to main content

Programming AD with C#.NET – part 4

Our transition to the System.DirectoryServices.Protocols has in the whole gone very smooth, but there have been some issues with one environment that contains subdomains. Most things are working fine, but writing to a subdomain does not work in the same way as it did before.

What is generally bad with the System.DirectoryServices.Protocols is the documentation, which is practically non-existent. But most things can  be figured out anyway since most classes just are wrappers for the wldap32.dll, which in turn is way better documented.

I would like to have as little bindings to a specific server as possible but still be able to access the domain. In the LdapConnection it is possible to set the identifier to null and use the executing computer as a starting point to find a domain controller. But sometimes I must know that I am using a Global Catalog, and with more and more RODC in the environment I sometimes must know that I am working against a writeable domain controller.

With the property SessionOptions.LocatorFlag I am able to set which type of domain controller that is selected when the connection is created. This beaviour is not very well documented in System.DirectoryServices.Protocols, but it builds on DsGetDcName which has a lot of documentation available.

NetworkCredential credential = new NetworkCredential("user@domain.local", "password");
using(LdapConnection connection = new LdapConnection(null, credential))
{
    connection.SessionOptions.LocatorFlag = LocatorFlags.GCRequired | LocatorFlags.WritableRequired;
    // Search request...
}

Comments

Popular posts from this blog

LEAP Sweden - Identity & Access Management

Today was the third day of the Swedish Lead Enterprise Architect Program at Microsoft in Kista. It has been a day filled with sessions on security and identity with a kind of unavoidable focus on federated identities in the cloud. Overall it has been an awesome day with seminars from Henrik Nilsson , Barry O'Reilly and Sergio Molero among others. A lot of Microsoft technologies was mentioned, Forefront Identity Manager , Active Directory Federation Services 2.0 , Forefront Unified Access Gateway , Direct Access ,  Windows Identity Framework and of course  Azure Access Control Service . Microsoft really has a great suite of applications regarding Identity & Access Management. I just wish there was a project or two where I could utilize all of these amazing technologies. I have had a plan to add a login feature to the Cornball using federated identities, so that might happen in the near future. Besides, Björn Eriksen provided a tip for all of us thursty for e...

The Cornball goes to Brunch with Chaplin

Lately I've been working pretty hard on different projects but not really stumbling upon anything blogworthy. The most recent project is quite interesting though, a single page, touch friendly, web application using the latest and greatest technologies. We've ended up with using Brunch with Chaplin , which is a very neat way of setting up a Backbone based single page web project with Brunch and Chaplin . Aside from this, I have my own little project that has lived on for almost 15 years already, The Cornball . From being a plain Windows application written i C an Win32 API, it has been ported to .NET using WPF, and is currently a Silverlight application hosted on Windows Azure. I could not find a better time to reanimate this project and create a new web based version, touch friendly, super optimized, awesome in any way. So I did... So please follow my journey at Github . It's going to take a while, I assure you, but I already have some ground work done. Meanwhile,...

Using ASP.NET MVC with MEF

I wrote this post almost a year ago, but never published it for some reason. Anyway, here is a little MVC/MEF magic. By default a controller in MVC must have a parameterless constructor. When using MEF a good practice is to inject the services via constructor parameters. These two in combination obviously creates an issue where the following scenario will not work out of the box, since there is no parameterless constructor for  MVC  to use. Note that the PartCreationPolicy is set to NonShared since a new controller have to be initialized for each request. [Export] [PartCreationPolicy(CreationPolicy.NonShared)] public class HomeController : Controller {     private readonly IServiceClient _service;     [ImportingConstructor]     public HomeController(IServiceClient service)     {         _service = service;     }     public ActionResult Index()     {         ...