Directory Programming .NET

Hi,

Just found this website after I posted the question in the DirectoryServices newsgroup and thought I might get a quicker answer here. I'm new to .NET so please excuse my lack of knowledge here but I couldn't find much with google.

As far as I understand, the way to search AD with .NET is using DirectorySearcher. In order to use this, you first have to provide a DirectoryEntry (e.g. LDAP://dc=domain,dc=com)

What I'm not clear on is what options are available to me when I want to search the global catalog. I realise I could probably use "GC://dc=domain,dc=com"  but I didnt want to hard code entries.

The end goal would be to have .NET automatically connect to and search a GC in the same domain and same site as the computer running the code. So far, it looks as if System.DirectoryServices.ActiveDirectory has some useful functions to obtain this kind information but it doesn't seem compatible with DirectoryEntry.

If the above isn't possible, I'd also like to know what my options are for searching the GC with .NET?

You might consider using the classes in SDS.ActiveDirectory to make this easier. If you create a Forest object for the current AD, you can use that to access the GC via one of its members and then use the GlobalCatalog object to dynamically get a DirectorySearcher object. It is more abstract and typically more robust as well. The GetDirectorySearcher method is what you are looking for.

Generally speaking, SDS.AD IS very well integrated with SDS in that all of the objects that represent a directory object under the hood have a GetDirectoryEntry method on them that allows you to "drop down" into lower level SDS operations for things that don't have a strongly typed interface member in SDS.AD.

Hi Joe, thanks for the pointer. I've managed to achieve the desired result now. The code is below for anyone else who's interested.

Hopefully it looks like a reasonably efficient way of doing it..

This was to find a GC in the site where the computer running the code resides and search it for a particular user.

Dim rootForest As Forest
Dim objSite As ActiveDirectorySite

Dim contextType As DirectoryContextType
contextType = DirectoryContextType.Forest

Dim dirCont As New DirectoryContext(contextType)
Dim foundGC As GlobalCatalog

Dim objSearch As New DirectorySearcher()
objSearch.SearchRoot = New DirectoryEntry(foundGC.GetDirectorySearcher.SearchRoot.Path)

objSearch.Filter = "(&(objectCategory=person)(objectClass=user)(samAccountName=username))"

Dim results As SearchResult
results = objSearch.FindOne()

You actually don't need to build the SearchRoot again for the searcher. It is built with the root all ready to go. Otherwise looks fine. Most of the time you should not need to specify the computer's site as that should work by default but there may be scenarios where that would be useful. It doesn't hurt to be explicit.

Glad you got it working.

You really just need a GC in a site without regard to domain. When running GC service, all GCs in forest are essentially equivalent. Windows doesn't even register GCs in DNS by domain--only the root domain (a.k.a. "forest name") is registered. Quite possible a DC for the specific domain does not exist in the site.

Don't confuse looking for a DC that is also running GC services as that would be by domain and not necessarily by site. Makes you appreciate te behind-the-scenes activity of the locator service.

FWIW, this often causes connects to GCs via kerberos to fail as there is a child domain / root domain realm mismatch courtesy of DNS.

If you want to search a GC with a non-existent root (a.k.a., phantom root), make sure to set the FastBind option else you will fail as ADSI tries to bind to the search base container by default.