SharePoint Experts, Information Architects, Expert Witness

We provide consulting in a broad array of business and technology from architecture to design to deployment of global systems with a focus on surfacing data in the enterprise. Specialists in Microsoft, we are a premier provider of SharePoint Expertise (including 2016 and Office 365). We also provide Expert Witness/Legal Expert in eDiscovery, source discovery, patent infringement, piracy and more! We also have established SICG DLDS s.a. - our counterpart in Costa Rica that specializes in water systems (http://www.crwatersolutions.com) - Contact me direct: david_sterling@sterling-consulting.com or call 704-873-8846 x704.

Search This Blog

Monday, October 23, 2017

Using LdapConnection and Checking account status in Active Directory

Dual purpose post here - I needed to set up a test to determine if users had an expired password the most efficient way. I found a number of ways but the best was using LdapConnection.

First issue was knowing what to use for the LDAP connection string - I usually use LDAP://<server>/OU=<ou>,DC=<domain>,DC=<extension> - for example:

LDAP://MyADServer/OU=users,DC=testdom,DC=com

and sometimes simply:

LDAP://DC=testdom,DC=com

(Note the OU is optional)

However these didn't work for LdapConnection - examples I found showed "ldap.domain.com" - that didn't work either. The easiest was simply to use the LdapDirectoryIdentifier:

// NO GOOD:
        //LdapConnection connection = new LdapConnection("ldap.testdom.com");
// NO GOOD:
        //LdapConnection connection = new LdapConnection("LDAP://myadcontroller/DC=testdom,DC=com");
// This works:
        LdapDirectoryIdentifier LDI = new LdapDirectoryIdentifier("myadcontroller");
        LdapConnection connection = new LdapConnection(LDI);
        NetworkCredential credential = new NetworkCredential("TheAccountWODomain", "ThePassword");
        connection.Credential = credential;
        connection.Bind();




No comments: