How to use LDAP to Query Active Directory on different server

Question

We have Active Directory running on our domain controller and another server running IIS. I'm working on a web app which needs to query AD.

The page load code fails at the last line:

string Iam;
string myLDAP;

DirectoryEntry de = new DirectoryEntry("LDAP://RootDSE");
myLDAP = "LDAP://" + de.Properties["defaultNamingContext"][0].ToString();
TextBox1.Text = "Retrieving your security details.....";

Iam = HttpContext.Current.User.Identity.Name;
TextBox1.Text += " " + Iam + " " + myLDAP;

DirectorySearcher ds = new DirectorySearcher(de);
ds.Filter = "(&(objectCategory=user)(objectClass=person))";

SearchResultCollection result = ds.FindAll();

I get this error:

[NotSupportedException: The provider does not support searching and cannot search LDAP://RootDSE.]

Clearly I am missing something in my understanding of using LDAP on multiple servers, help appreciated.

Answer 1

You're fetching the default LDAP naming context - but you're not using it - you need to create a new DirectoryEntry based on the result from the LDAP://RootDSE object and then search in the scope of your default naming context.

Try this code:

string myLDAP;

DirectoryEntry de = new DirectoryEntry("LDAP://RootDSE");
myLDAP = "LDAP://" + de.Properties["defaultNamingContext"][0].ToString();

// define a new DirectoryEntry based on the "defaultNamingContext"
DirectryEntry deMyLdap = new DirectoryEntry(myLDAP);

// now search based on *THAT* scope - not the "RootDSE" scope...
DirectorySearcher ds = new DirectorySearcher(deMyLdap);
ds.Filter = "(&(objectCategory=user)(objectClass=person))";

SearchResultCollection result = ds.FindAll();

Answer 2

Maybe you need to set anonymous authentication off for the IIS site and enabled windows authentication as well?