none
Accessing Active Directory using PrincipalContext (C# .Net) RRS feed

  • Question

  • we are connecting to Active Directory using PrincipalContext (C# .Net)

    obj = new System.DirectoryServices.AccountManagement.PrincipalContext(ContextType.Domain, "Name");

    System.DirectoryServices.AccountManagement.PrincipalContext class.

    As per microsoft update:

    Microsoft to disable use of unsigned LDAP port 389

    https://msandbu.org/upcoming-change-microsoft-to-disable-use-of-unsigned-ldap-port-389/

    Is  there any impact on accessing the AD using PrincipalContext  as well. I don't find any docs regarding the same.

    I am not sure, if internally priciplecontext access through the LDAP only. 

    Thursday, February 27, 2020 7:30 AM

All replies

  • The code should be fine AFAIK. It is sort of like SSL with web apps. The client/server negotiate to decide how to communicate. Once the update is in place unsigned connections won't be allowed anymore. Since you're using the PrincipalContext and that type supports both it will work unless you are explicitly specifying a port # in which case your code won't work anymore. Here's a post on SO that mentions some of this.

    Specifically one of the overloads of PC accepts a ContextOptions. If you are passing that explicitly then you will need to ensure it is using the secured option otherwise the call will fail. The default seems like it should be fine but it isn't clear. Worst case you'll need to add the options to force secure. But given that PrincipalContext is built into the framework it seems like MS would have already taken care of this in the code.


    Michael Taylor http://www.michaeltaylorp3.net

    Thursday, February 27, 2020 3:08 PM
    Moderator