System.DirectoryServices questions

[Brandon McCombs]

Hello,

From my understanding, DirectoryEntry is used to connect to Active
Directory. Although this makes no sense whatsoever I accept it. The
problem is how am I supposed to test whether a connection is active or
not if I can create a DirectoryEntry with whatever data I want since the
data really isn't verified until I try to use it? I am not able to
determine whether the connection is really going to be available until
the Try {} block is reached below. Isn't there a way to determine before
then if the connection has been established? thanks

========================================================================
DirectoryEntry entry = null;
entry = new DirectoryEntry("LDAP://192.168.1.1/DC=mydomain,DC=com",
"(e-mail address removed)","Password",AuthenticationTypes.ServerBind);
DirectorySearcher mySearcher = new DirectorySearcher(entry);
mySearcher.Filter = ("(objectClass=*)");
mySearcher.SearchScope = SearchScope.Base;
Console.WriteLine("Active Directory Information");
Console.WriteLine("===========================================");

try {
SearchResultCollection results = mySearcher.FindAll();
foreach (SearchResult result in results) {
string searchpath = result.Path;
Console.WriteLine("path: {0}", searchpath);
ResultPropertyCollection rpc = result.Properties;
foreach (string property in rpc.PropertyNames) {
foreach (object value in rpc[property])
Console.WriteLine(" property={0} value={1}", property, value);
}
}
}
catch (System.Runtime.InteropServices.COMException ex) {
System.Console.WriteLine("Exception:" + ex.Message);
}
catch (System.InvalidOperationException ex1) {
System.Console.WriteLine("Exception::" + ex1.Message);
}

 

[Willy Denoyette [MVP]]

Hello,

From my understanding, DirectoryEntry is used to connect to Active
Directory. Although this makes no sense whatsoever I accept it. The
problem is how am I supposed to test whether a connection is active or not
if I can create a DirectoryEntry with whatever data I want since the data
really isn't verified until I try to use it? I am not able to determine
whether the connection is really going to be available until the Try {}
block is reached below. Isn't there a way to determine before then if the
connection has been established? thanks

========================================================================
DirectoryEntry entry = null;
entry = new DirectoryEntry("LDAP://192.168.1.1/DC=mydomain,DC=com",
"(e-mail address removed)","Password",AuthenticationTypes.ServerBind);
DirectorySearcher mySearcher = new DirectorySearcher(entry);
mySearcher.Filter = ("(objectClass=*)");
mySearcher.SearchScope = SearchScope.Base;
Console.WriteLine("Active Directory Information");
Console.WriteLine("===========================================");

try {
SearchResultCollection results = mySearcher.FindAll();
foreach (SearchResult result in results) {
string searchpath = result.Path;
Console.WriteLine("path: {0}", searchpath);
ResultPropertyCollection rpc = result.Properties;
foreach (string property in rpc.PropertyNames) {
foreach (object value in rpc[property])
Console.WriteLine(" property={0} value={1}", property, value);
}
}
}
catch (System.Runtime.InteropServices.COMException ex) {
System.Console.WriteLine("Exception:" + ex.Message);
}
catch (System.InvalidOperationException ex1) {
System.Console.WriteLine("Exception::" + ex1.Message);
}

Actually, ... new DirectoryEntry(entry) does not establish a connection, it
creates an instance of a DirectoryEntry class.
A connection is only established when you execute a method on that class,
that binds to the directory service as part of it's implementation. One of
the methods that binds to the AD is FindAll, but there are other methods
like Exists, FindOne, that actually call bind. Reading the NativeObject
property also binds as part of it's implementation.

So, you can force a bind, by reading the NativeObject property after you
have created the DirectoryEntry instance, or you can call the static method
Exists like this:

if (DirectoryEntry.Exists("LDAP://.....))
{

but this requires the caller to be a domain member, else the underlying bind
will fail.

Willy.

 

[Brandon McCombs]

Hello,

From my understanding, DirectoryEntry is used to connect to Active
Directory. Although this makes no sense whatsoever I accept it. The
problem is how am I supposed to test whether a connection is active or
not if I can create a DirectoryEntry with whatever data I want since
the data really isn't verified until I try to use it? I am not able to
determine whether the connection is really going to be available until
the Try {} block is reached below. Isn't there a way to determine
before then if the connection has been established? thanks

========================================================================
DirectoryEntry entry = null;
entry = new DirectoryEntry("LDAP://192.168.1.1/DC=mydomain,DC=com",
"(e-mail address removed)","Password",AuthenticationTypes.ServerBind);
DirectorySearcher mySearcher = new DirectorySearcher(entry);
mySearcher.Filter = ("(objectClass=*)");
mySearcher.SearchScope = SearchScope.Base;
Console.WriteLine("Active Directory Information");
Console.WriteLine("===========================================");

try {
SearchResultCollection results = mySearcher.FindAll();
foreach (SearchResult result in results) {
string searchpath = result.Path;
Console.WriteLine("path: {0}", searchpath);
ResultPropertyCollection rpc = result.Properties;
foreach (string property in rpc.PropertyNames) {
foreach (object value in rpc[property])
Console.WriteLine(" property={0} value={1}", property, value);
}
}
}
catch (System.Runtime.InteropServices.COMException ex) {
System.Console.WriteLine("Exception:" + ex.Message);
}
catch (System.InvalidOperationException ex1) {
System.Console.WriteLine("Exception::" + ex1.Message);
}

Actually, ... new DirectoryEntry(entry) does not establish a connection,
it creates an instance of a DirectoryEntry class.
A connection is only established when you execute a method on that
class, that binds to the directory service as part of it's
implementation. One of the methods that binds to the AD is FindAll, but
there are other methods like Exists, FindOne, that actually call bind.
Reading the NativeObject property also binds as part of it's
implementation.

So, you can force a bind, by reading the NativeObject property after you
have created the DirectoryEntry instance, or you can call the static
method Exists like this:

if (DirectoryEntry.Exists("LDAP://.....))
{

but this requires the caller to be a domain member, else the underlying
bind will fail.

Willy.

Thanks for your clarification Willy. So I guess .NET doesn't have any
explicit binds to ADS like Java does (using JNDI). And since my test
environment is my PC connecting to an installation of Active Directory
running within a virtual machine on my PC and my PC isn't a member of
the domain I'm connecting to the Exists() method will fail for me.

So for my Java program that I'm porting to C#, I won't need an explicit
connect() method anymore it seems. Does that sound right? However I'll
have to treat errors reactively instead of proactively since I won't
know a connection will fail until I attempt to execute a method on the
DirectoryEntry class and catch an exception that it generates.

thanks

 

[Willy Denoyette [MVP]]

Hello,

From my understanding, DirectoryEntry is used to connect to Active
Directory. Although this makes no sense whatsoever I accept it. The
problem is how am I supposed to test whether a connection is active or
not if I can create a DirectoryEntry with whatever data I want since the
data really isn't verified until I try to use it? I am not able to
determine whether the connection is really going to be available until
the Try {} block is reached below. Isn't there a way to determine before
then if the connection has been established? thanks

========================================================================
DirectoryEntry entry = null;
entry = new DirectoryEntry("LDAP://192.168.1.1/DC=mydomain,DC=com",
"(e-mail address removed)","Password",AuthenticationTypes.ServerBind);
DirectorySearcher mySearcher = new DirectorySearcher(entry);
mySearcher.Filter = ("(objectClass=*)");
mySearcher.SearchScope = SearchScope.Base;
Console.WriteLine("Active Directory Information");
Console.WriteLine("===========================================");

try {
SearchResultCollection results = mySearcher.FindAll();
foreach (SearchResult result in results) {
string searchpath = result.Path;
Console.WriteLine("path: {0}", searchpath);
ResultPropertyCollection rpc = result.Properties;
foreach (string property in rpc.PropertyNames) {
foreach (object value in rpc[property])
Console.WriteLine(" property={0} value={1}", property, value);
}
}
}
catch (System.Runtime.InteropServices.COMException ex) {
System.Console.WriteLine("Exception:" + ex.Message);
}
catch (System.InvalidOperationException ex1) {
System.Console.WriteLine("Exception::" + ex1.Message);
}

Actually, ... new DirectoryEntry(entry) does not establish a connection,
it creates an instance of a DirectoryEntry class.
A connection is only established when you execute a method on that class,
that binds to the directory service as part of it's implementation. One
of the methods that binds to the AD is FindAll, but there are other
methods like Exists, FindOne, that actually call bind. Reading the
NativeObject property also binds as part of it's implementation.

So, you can force a bind, by reading the NativeObject property after you
have created the DirectoryEntry instance, or you can call the static
method Exists like this:

if (DirectoryEntry.Exists("LDAP://.....))
{

but this requires the caller to be a domain member, else the underlying
bind will fail.

Willy.

Thanks for your clarification Willy. So I guess .NET doesn't have any
explicit binds to ADS like Java does (using JNDI). And since my test
environment is my PC connecting to an installation of Active Directory
running within a virtual machine on my PC and my PC isn't a member of the
domain I'm connecting to the Exists() method will fail for me.

So for my Java program that I'm porting to C#, I won't need an explicit
connect() method anymore it seems. Does that sound right? However I'll
have to treat errors reactively instead of proactively since I won't know
a connection will fail until I attempt to execute a method on the
DirectoryEntry class and catch an exception that it generates.

thanks

If you want that level of control, you should use the
System.DirectoryServices.Protocols namespace classes.
Keep in mind that low leve means more complex...

// Bind to the LDAP server on "MyServer" using secure binding with NTLM as
authentication protocol
using (LdapConnection ldap = new LdapConnection("MyServer"))
{
ldap.AuthType = AuthType.Ntlm;
ldap.Bind(new NetworkCredential("administrator", "adminpwd",
"domain"));
....
}

Willy.

 

[Jeffrey Tan[MSFT]]

Hi Brandon,

Have you reviewed Willy Denoyette [MVP]'s reply to you? Does it make sense
to you? If you still need any help or have any concern, please feel free to
feedback, thanks.

Best regards,
Jeffrey Tan
Microsoft Online Community Support
==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.