SharePoint Experts, Information Architects, Expert Witness

SICG provides a broad array of business and technology consulting from architecture to design to deployment of global systems with a focus on surfacing data in the enterprise. We focus on the "How", not just the possible. Contact me direct: or call 704-873-8846 x704.

Search This Blog

Monday, October 23, 2017

Using LdapConnection and Checking account status in Active Directory

Dual purpose post here - I needed to set up a test to determine if users had an expired password the most efficient way. I found a number of ways but the best was using LdapConnection.

First issue was knowing what to use for the LDAP connection string - I usually use LDAP://<server>/OU=<ou>,DC=<domain>,DC=<extension> - for example:


and sometimes simply:


(Note the OU is optional)

However these didn't work for LdapConnection - examples I found showed "" - that didn't work either. The easiest was simply to use the LdapDirectoryIdentifier:

        //LdapConnection connection = new LdapConnection("");
        //LdapConnection connection = new LdapConnection("LDAP://myadcontroller/DC=testdom,DC=com");
// This works:
        LdapDirectoryIdentifier LDI = new LdapDirectoryIdentifier("myadcontroller");
        LdapConnection connection = new LdapConnection(LDI);
        NetworkCredential credential = new NetworkCredential("TheAccountWODomain", "ThePassword");
        connection.Credential = credential;

No comments: