Directory Programming .NET

Hi There,

I'm somewhat new to Active Directory and Directory programming so I apologize in advance if what I'm about to discuss doesn't make sense.

I've set up a Windows Server 2003 virtual machine and installed Active Directory on it so that I can use it for testing purposes. Everything appears to be working fine.

I'm trying to get a list of all the domains in my Active Directory using the following code (this code is not run on a comptuer managed by the AD):

System.DirectoryServices.ActiveDirectory.DirectoryContext dc = new DirectoryContext(DirectoryContextType.DirectoryServer, "ipaddress:389", "username", "password");
System.DirectoryServices.ActiveDirectory.Domain domain = Domain.GetDomain(dc);
Console.WriteLine(d.Forest.Domains.Count); // Throws an exception.

When I access the Domains property, the following exception is thrown:
The specified domain either does not exist or could not be contacted.
mydomain.com

I can use a DirectoryEntry object and bind to this domain (and execute a DirectorySearch) using the same credentials used with the DirectoryContext. Therefore, I'm not sure why I get the exception when I access the Domains property.
Furthermore, when I run my code on the virtual machine that contains the AD, it works. Can anyone offer any info on what I might be doing wrong or how I could debug the situation? Also, is there a better way to get a list of domains in an AD? Thanks!

I'm going to guess that this is an issue with DNS and DC locator. If you are having to use an IP address to access the server, it is likely that DNS is not working to resolve this AD from the client and therefore DC locator will not work either. The fact that it works on the VM (where DNS likely does work) would seem to support this theory.

Setting up AD test environments can be a little tricky to ensure you get all the dependencies working correctly.

It may be possible to get this to work by changing the client machine's DNS server to be the IP address of the AD VM.

Joe,

Thanks for your help, it does appear to be a DNS issue (I should have realized that when I noticed I couldn't use the host name).

After changing my client machiens DNS IP address to that of the AD VM, I now get the exception:
"Current security context is not associated with an Active Directory domain or forest."

So, I'm curious, to use the Domain.Forest property, does the computer it is running on have to be registered with an AD domain?
Thanks again for any help.

It *should* work if you supply credentials in your DirectoryContext but there may be a shortcoming with the implementation of one of the underlying RPC APIs that doesn't support this. Did you supply credentials in this case?

Joe,

I did supply the credentials. I think I may have to test this on a real AD. It's likely that my virtual machine AD setup isn't configured correctly.

I believe I have found a work around to this issue. Here is the solution:

System.DirectoryServices.ActiveDirectory.DirectoryContext dc = new DirectoryContext(DirectoryContextType.DirectoryServer, "ipaddress:389", "username", "password");
System.DirectoryServices.ActiveDirectory.Forest forest = Forest.GetForest(dc);
Console.WriteLine(forest.Domains.Count);

The only difference here is that instead of using the static method Domain.GetDomain(), we use Forest.GetForest().