DC is your domain. If you want to connect to the domain example.com than your dc’s are: DC=example,DC=com You actually don’t need any hostname or ip address of your domain controller (There could be plenty of them). Just imagine that you’re connecting to the domain itself. So for connecting to the domain example.com you can … Read more
I was missing l.set_option(ldap.OPT_REFERRALS, 0) From the init.
The BNF for filter query strings does not allow expressions as the second operand in a comparison, only values (emphasis mine): Syntax: The following syntax uses Backus-Naur form to show how to use the PowerShell Expression Language for this parameter. <filter> ::= “{” <FilterComponentList> “}” <FilterComponentList> ::= <FilterComponent> | <FilterComponent> <JoinOperator> <FilterComponent> | <NotOperator> <FilterComponent> … Read more
The issue is often that the context for which the Active Directory calls is made is under a user that does not have permissions (also can happen when identity impersonate=”true” in ASP.NET, due to the fact that the users token is a “secondary token” that cannot be used when authenticating against another server from: https://social.technet.microsoft.com/Forums/en-US/f188029c-51cf-4b50-966a-eee7160d0353/an-operations-error-occured). … Read more
You should use System.DirectoryServices.AccountManagement. It’s much easier. Here is a nice code project article giving you an overview on all the classes in this DLL. As you pointed out, your current approach doesn’t find out the primary group. Actually, it’s much worse than you thought. There are some more cases that it doesn’t work, like … Read more
Ugh. LDAP. If you’re using the .Net Framework 3.5 or above, I highly recommend using the System.DirectoryServices.AccountManagement namespace. That makes things so much easier. public void AddUserToGroup(string userId, string groupName) { try { using (PrincipalContext pc = new PrincipalContext(ContextType.Domain, “COMPANY”)) { GroupPrincipal group = GroupPrincipal.FindByIdentity(pc, groupName); group.Members.Add(pc, IdentityType.UserPrincipalName, userId); group.Save(); } } catch (System.DirectoryServices.DirectoryServicesCOMException E) … Read more
CN = Common Name OU = Organizational Unit DC = Domain Component These are all parts of the X.500 Directory Specification, which defines nodes in a LDAP directory. You can also read up on LDAP data Interchange Format (LDIF), which is an alternate format. You read it from right to left, the right-most component is … Read more
You can use the UserPrincipal class’ SetPassword method, provided you have enough privileges, once you’ve found the correct UserPrincipal object. Use FindByIdentity to look up the principal object in question. using (var context = new PrincipalContext( ContextType.Domain )) { using (var user = UserPrincipal.FindByIdentity( context, IdentityType.SamAccountName, userName )) { user.SetPassword( “newpassword” ); // or user.ChangePassword( … Read more
Thanks to Win’s Answer for pointing out that I needed to use Windows Compatibility Pack, I was able to figure this out. The first thing I had to do was install the Nuget package Install-Package Microsoft.Windows.Compatibility At the time, I needed a preview version, so I appended -Version 2.0.0-preview1-26216-02 on the end of this command … Read more
Yes, using the LDAP_MATCHING_RULE_IN_CHAIN matching rule (OID 1.2.840.113556.1.4.1941). For example: (memberOf:1.2.840.113556.1.4.1941:=cn=group,cn=users,DC=x) see http://msdn.microsoft.com/en-us/library/aa746475%28VS.85%29.aspx