Friday, July 22, 2005

Useful System.DirectoryServices Resources

(Updated 12/11/06)

A common question often raised by new .NET developers is : what resources are available for me to learn how to program against Active Directory or other LDAP sources?

There are a number of resources available for .NET developers:

General Resources

  • Directory Programming .NET - contains all the sample code from DotNevDevGuide to DS Programming and useful tools.  This is probably your best bet for any .NET related questions.  Check out the forums where you can get in touch with both Joe and me.  Tons of sample code for .NET can found here as well in both C# and VB.NET.
  • microsoft.public.adsi.general – This is a great resource and well trafficked.  This is also where you should post your non-.NET related questions.  C++, scripting, and *blech* VB are all fair game here.  Newsgroups might not be your bag for posting… so read on.
  • ADSI Yahoo Group – This discussion group has slowed down quite a bit, but is still a good avenue to find some help for ADSI and LDAP related questions.  The focus tends to be on .NET, but 3rd party LDAP and other technologies are fair game.

Other Resources



  • It takes a little getting used to, but ldp.exe is probably the most useful tool for working with AD or ADAM.  It is a no-frills and ugly tool, but definitely powerful.  You can find this on most Windows 2003 servers or with the AdminPak.msi.  Probably an even easier way to get it is to download ADAM and just install the tools.  I rely on this tool to test my LDAP queries and bind operations first.
  • Softerra makes a nice LDAP browser for free that is useful.  I have not tried the commercial version that allows you to edit things, so I can’t comment on that.  I wish it would support more types of binds so we can bind with our current credentials, but it works well otherwise.  It does not use ADSI at all and might not support paging correctly, but it has some slick features like the ability to export objects to LDIF files with a click.
  • Wireshark - formerly Ethereal - this is an awesome tool to use to sniff the underlying traffic when you just don't know what is going on.  It does a great job of decoding the Kerberos and LDAP traffic into human-readable format.  Highly recommended when other troubleshooting steps fail.
  • Microsoft’s Err.exe tool.  Used in conjunction with ldp.exe, you can very easily pinpoint the true error.  No more COMException: An unknown exception has occurred.
  • Beavertail – An open-source LDAP browser written in C# by Marc Scheuner.  A strange name perhaps for a browser, but definitely worth a look if you want to see C# and LDAP in action.
  • ADSI Browser– Another LDAP Browser, this time written in Delphi by Marc Scheuner.  This one has a few more features than the Beavertail offering, but it is not open-source.
  • Joe Richards has a number of free tools available that worth checking out.  In particular ADFind is a must see for the command line junkie in all of us.