Accessing active directory programatically question. RRS feed

  • Question

  • User-1796506859 posted

    Hi folks,

      In .net one can create a  System.DirectoryServices.DirectoryEntry passing in the domain name to search.  For example   DirectoryEntry de("LDAP:/mydomain") and this will return a handle to the domain.  One can then search for a container such as the user store using a DirectorySearcher and specifying an approprate filter.  One can then create a user using Create.

    The benefit of the above is that one does not need to store an LDAP query string in an appsettings or in the code in order to create a new user, the problem is that it adds a bit of code.


    Using an ActiveDirectory membership provider, the process of creating a user is made more simple by simply creating the membership provider and calling CreateUser and has the additional benefit of checking for uniqueness.

    The drawback with this is that one has to store a connection string in an appsettings to point to A/D.


    What I would like to do, is use the DirectoryEntry to get a handle to A/D, query it for the connection string to use and then create a custom A/D Membership provider so I can call CreateUser.  This would remove the requirement for storing the connection string and simplify the code.

    Would anyone know if it is possible to do this?


    Monday, March 29, 2010 11:33 PM

All replies

  • User1190007792 posted

    Have you tried .NET 3.5 AD functionalities? Here's a small bit of a code which I used to create users into AD. Maybe this will help somehow. Give you some ideas.

    <meta http-equiv="CONTENT-TYPE" content="text/html; charset=utf-8"> <title></title> <meta name="GENERATOR" content="OpenOffice.org 3.2 (Unix)"> <mce:style type="text/css"><!-- @page { margin: 0.79in } P { margin-bottom: 0.08in } --></mce:style><style type="text/css" mce_bogus="1"><!-- @page { margin: 0.79in } P { margin-bottom: 0.08in } --></style>

    PrincipalContext ctx = new PrincipalContext(ContextType.Domain, ADServerName, ADContainerPath, adminUserName, adminPassword);




    UserPrincipal user = new UserPrincipal(ctx);

    user.SamAccountName = firstNameToLower() + "." + lastName.ToLower();

    user.Name = firstName + " " + lastName;

    user.Surname = lastName;

    user.UserCannotChangePassword = true;

    //user.PasswordNeverExpires = true;

    user.UserPrincipalName = firstName.ToLower() + "." + lastName.ToLower() + "@" + TenantDomainName + "." + LocalDomainName;

    user.Enabled = true;

    user.GivenName = firstName;



    Tuesday, March 30, 2010 2:38 AM
  • User-1796506859 posted


    yip I have looked at that.  The issue is that I do not want to have to specify the ADContainerPath,  because if this changes the code will break. I want to be able to get that programmatically, hence I was thinking of useing  a drectorysearch to query for the container.   I'd also prefer not to have to store the server name either.   


    Also, the code above does not test for users (or parameters) existing,  using membership.createuser does.




    Thursday, April 1, 2010 12:43 AM