Connection string to connect to Active Directory using LDAP

Whenever I've accessed AD from .net I've done the following:

var directoryEntry = new DirectoryEntry("LDAP://capp.net");
directoryEntry.Username = "capp\dhr2";
directoryEntry.Password = "admin@12345";

Then you can query "AD" using the DirectorySearcher.

var directorySearcher = new DirectorySearcher(directoryEntry);

...


Thanks to everyone for your help and support. The correct address in my case was:

LDAP://192.168.0.146/CN=USERS,DC=capp,DC=net

What i didnt realize in the beginning was that i was trying to connect to Active Directory in a different domain than my current domain. So the Ip address was the missing part. thanks a million to Luis who realized that there was something wrong was with the domain.

And thanks Shadow Walker for explaining the ldap connection string in more details.


We have found this to work best to be sure you have the right parameters:

Often the hard part of connecting to AD using LDAP is Determining the FDN of the user to login with. If you know the samAccountName of the user you can find it using:

dsquery user -samid jim
"CN=Jim Willeke,CN=Users,DC=mad,DC=willeke,DC=com"

For Active Directory, the ldap connection string can take this form:

protocol://domaindnsaddress

where protocol can be either ldap:// or ldaps://, depending on whether to use standard or SSL connection. You should always troubleshoot using standard connection before moving to SSL/TLS to avoid certificate issues at this point.

domaindnsaddress is DNS-resolvable address of your domain - in your case capp.net .

Some programming languages, like php, do not require the ldap:// prefix to perform a connect operation. You may try connecting without it as well.

The username to log in can have several forms. The most common are:

  • NetBIOS domain name\samaccountname ( CAPP\dhr2 - note the BACKslash )
  • userprincipanname ( dhr2@capp.net )
  • samaccountname@domaindnsname ( dhr2@capp.net )

You can read Microsoft's extensive information about the possible forms of your logon name here: MSDN - Simple Authentication Password does not need any special treatment - just perform the standard bind operation against your ldap server and you should be authenticated. Please note that I am intentionally not including any sample code as your question was about the connection string, not about connecting to ldap using C# libraries.


Comments

  1. Bennett

    • 2019/10/14

    Whenever I've accessed AD from .net I've done the following: var directoryEntry = new DirectoryEntry("LDAP://capp.net"); directoryEntry.

  2. Misael

    • 2017/8/27

    For Active Directory, the ldap connection string can take this form: protocol://domaindnsaddress. where protocol can be either ldap:// or ldaps://, depending on whether to use standard or SSL connection. You should always troubleshoot using standard connection before moving to SSL/TLS to avoid certificate issues at this point.

  3. Prishtina

    • 2016/6/8

    Active Directory Explorer (AdExplorer) utility from Microsoft Windows Sysinternals suite can help you find out DN and Search Base information you needed.

  4. Paul

    • 2016/2/21

    The string with value machineName:ADLDSPort number. Adds the network credential to the connection LdapConnection(LdapDirectoryIdentifier, NetworkCredential) - http://msdn.microsoft.com/en-us/library/d4xyhsxe(v=vs.110).aspx) I have created an LDAP identifier with machine name and ADLDS port.I have used this in creating Ldap Connection.

  5. Benson

    • 2017/2/25

    Connection string to connect to Active Directory using LDAP. my system admin gave me this: Domain : capp.net USER : cappdhr2. Pass : admin@12345.

  6. August

    • 2020/12/10

    The ASP.NET Active Directory Membership Provider does an authenticated bind to the Active Directory using a specified username, password, and "connection string". The connection string is made up of the LDAP server's name, and the fully-qualified path of the container object where the user specified is located. The connection string begins with the URI LDAP://. For the server name, you can use the name of a domain controller in that domain-- let's say "dc1.corp.domain.com".

  7. White

    • 2018/1/22

    The connection string begins with the URI LDAP:// . For the server name, you can use the name of a domain controller in that domain-- let's say 

  8. Robinson

    • 2015/2/25

    Public Function QueryActiveDirectory(strDomain As String, strWhere As String, Optional strRowDelimiter As String = vbCrLf) As String 'Connect to Active Directory Dim cnn As Object 'ADODB.Connection Set cnn = CreateObject("ADODB.Connection") cnn.Provider = "ADsDSOObject" cnn.Open "Active Directory Provider" 'Create the query Dim strSQL As String strSQL = "SELECT distinguishedName" & _ " FROM 'LDAP://" & strDomain & "'" & _ " WHERE " & strWhere 'Get the data and return the result Dim rst As

  9. Eliseo

    • 2016/11/23

    When a user binds to an LDAP server (System Logon = LDAP), a Distinguished Name (DN) and password are sent. The LDAP Connecting String is used to specify 

  10. Caleb

    • 2020/6/5

    In order, to set up the LDAP connection, sign in as administrator and go to System Settings→Single Sign On→LDAP. Tick the “Enable LDAP support” option and fill in the required information. The values for LDAP Bind DN and LDAP bind password are for the account that will be used to search the LDAP tree for the user attempting to sign in, as explained earlier.

  11. Durand

    • 2019/7/28

    Instead of having to know your actual domain name, you can use the following generic code to query the LDAP server for the connection string 

  12. Kaiser

    • 2020/5/28

    private string getEmail(string userID) { try { string ldapfilter = "(&(otherPager=" + userID + "))"; DirectoryEntry myLdapConnection = new DirectoryEntry("LDAP://" + SERVER, USER, PWD); DirectorySearcher search = new DirectorySearcher(myLdapConnection); search.Filter = ldapfilter; /*search.PropertiesToLoad.Add("mail"); SearchResult result = search.FindOne();*/ string[] requiredValue = new String[] { "mail" }; foreach (String value in requiredValue) search.PropertiesToLoad.Add(value

  13. Paul

    • 2017/10/29

    The LDAP Connecting String is used to specify the user's DN, which is a unique entry identifier in the LDAP server database, for example: 

  14. Jackson

    • 2018/2/4

    - Registering change notification with Active Directory using C#. I succeeded to connect with LDAP class via next code: String ldapPath2 = "(DomainController).a24xrmdomain.info"; LdapConnection connection = new LdapConnection(ldapPath2); var credentials = new NetworkCredential(@"username", "pass"); connection.Credential = credentials; connection.Bind();

  15. Roy

    • 2016/3/15

    It needs to run under domain credentials to know which domain to use a serverless bind against. You can rectify this in your code by adding the 

  16. Terry

    • 2018/10/2

    Active Directory stores user information in an LDAP server. When users attempt to login to their Windows PC, Windows validates the login 

  17. Lopez

    • 2019/12/8

    Active Directory is Microsoft's Directory Server that provides a LDAP-compliant database containing objects such as users, groups, and computers. Use Analytics' 

Comments are closed.

Recent Posts