Access a ADSI / Network Directory using C#

The main .NET class for working with network directory services objects is the DirectoryEntry class, found in the System.DirectoryServices namespace. The DirectoryEntry class allows you to bind to a directory object and perform operations to retrieve, add, delete, and modify information about the object.

The DirectoryEntry class has many constructor formats, depending on your requirements within the database.


Anonymous Directory Login

Many network directory services allow either all or some database objects to be read by anyone on the network, regardless of network permissions. This allows network users to look up resources on the network, such as a user phone number and address, without requiring advanced privileges on the directory server.

To create a DirectoryEntry instance to reference a directory object without using privileges, you use the following constructor format:

DirectyoryEntry(string ldappath)

The ldappath parameter is a string value that represents the location of the database object. The object must be referenced using a URI-like syntax, which includes the access method, the network directory service server address, and the distinguished name of the object.

The ADSI library offers various access methods for connecting to different types of network directory services. Each access method is specified in a URI format. Following table lists the access methods available to use.


Access Method



Windows NT Domains


A Microsoft Internet Information Services


Any LDAP – complaint network directory (Including Active Directory)


Novell Netware Directory  Service Server


Novell Netware 3.x bindary service

For AD access we should use the LDAP access method because it offers the most robust access methods including the search capabilities.

After the access method, the address of the desired directory server should be specified, along with the full distinguished name of the object to reference. A few examples of proper LDAP paths would be:

LDAP://, dc=net

LDAP://, ou=sales, dc=ispnet1, dc=net

LDAP://, dc=ispnet1, dc=net

Let us have a look at the sample code which binds a variable to a directory object and displays the LDAP path associated with the object.

using System;

using System.DirectoryServices;

class BindObject


  public static void Main()


   DirectoryEntry de = new DirectoryEntry(

     "LDAP://, dc=net");

   string ldappath = de.Path;

   Console.WriteLine("The LDAP path is: {0}", ldappath);




Logging into a Directory

For database actions that require user authentication, two formats can be used. The following constructor allows you to specify a username and password to use to login into the directory service:

DirectoryEntry(string ldappath, string username, string password)

Once the connection is authenticated, you can perform the actions that the username specified is allowed to perform, including adding, deleting, or modifying objects.

The second constructor allows you to specify a specific authentication type used for the login:

DirectoryEntry(string ldappath, string username, string password, AuthenticationTypes authtype)

The AuthenticationTypes enumerator specifies the authentication type used for logging into the directory service server

Let us have a look at the table for the authentication types available.


Authentication Type



No authentication is performed (not supported under Windows NT)


Enables the ADSI to delegate the user's security context


Uses encryption for all data exchanged with the server


Does not attempt to query the objectClass property, exposing only the base interfaces supported by ADSI


Used as a null reference


Indicates that read-only access is required to the server


Encrypts data using Kerberos encryption


Requests secure authentication.


Uses the Secure Sockets Layer (SSL) encryption with a known certificate


Used to log the session into a specific server when  server is specified in the LDAP path


Signs all packets to verify data integrity

An example of using authentication to access a directory object is:

DirectoryEntry de = DirectoryEntry("LDAP://, dc=net",

  "rich", "password", AuthenticationTypes.ServerBind);

This example uses the server username 'rich' and the appropriate password to log into the directory services server.

Happy Learning !!!

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.