如何在C#中通过LDAPS连接到Active Directory?


在此站点的解答主题中找到了文档(此处),但我可以无法连接到AD.当我使用Active Directory Explorer之类的程序时,我可以连接.我认为,因为我尝试连接到LDAPS,所以我需要其他方法吗?

Found a documentation (here) in an answer thread on this site but i can´t get an connection to an AD. When i use a program like Active Directory Explorer i can connect. I think, because i am trying to connect to a LDAPS i need a different approach?

我有服务器IP,域,用户名/密码和端口636. 我尝试了new DirectoryEntry的各种组合,但无法将其连接.总是得到COMException Domain is not existing.

I have the server IP, a domain, username/pwd and the port 636. I tried various combinations @ new DirectoryEntry but couldn´t get it to connect. Always get a COMException Domain is not existing .

    static DirectoryEntry createDirectoryEntry()
        DirectoryEntry ldapConnection = new DirectoryEntry("LDAP://", USER, PWD);

        ldapConnection.AuthenticationType = AuthenticationTypes.SecureSocketsLayer;

        return ldapConnection;

背景信息: 用户将其卡放入读卡器单元. Porgram从卡中获取ID,并在数据库中搜索该ID,然后返回属于该ID/用户的电子邮件地址 . 这里是可行的解决方案:

Background Infos: User places his card to a Card Reader Unit. Porgram gets ID from card and searches the DB for this ID and returns the eMail address belonging to the ID/User . And here the working solution:

        private string getEmail(string userID)
            string ldapfilter = "(&(otherPager=" + userID + "))";

            DirectoryEntry myLdapConnection = new DirectoryEntry("LDAP://" + SERVER, USER, PWD);
            DirectorySearcher search = new DirectorySearcher(myLdapConnection);
            search.Filter = ldapfilter;

            SearchResult result = search.FindOne();*/

            string[] requiredValue = new String[] { "mail" };

            foreach (String value in requiredValue)

            SearchResult result = search.FindOne();

            if (result != null)
                foreach (String value in requiredValue)
                    foreach (Object myCollection in result.Properties[value])
                       return myCollection.ToString();
                return "No Entry fround";
        catch (Exception e)
            Console.WriteLine("Exception Problem: " + e.ToString());
            return null;
        return null;

    private void cmdClose_Click(object sender, EventArgs e)

    private void textBox1_TextChanged(object sender, EventArgs e)
        label1.Text = getEmail(textBox1.Text);


You need to specify the port, since 636 is the default LDAPS port.

new DirectoryEntry("LDAP://", USER, PWD)


I do this in some of my code, and using "LDAP://" (not "LDAPS://") is what works.


If that doesn't work, then there may be a certificate error. You can test this with a browser. If you use Chrome, open Chrome with this (so it lets you use port 636):

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --explicitly-allowed-ports=636

然后转到 .如果收到较大的花式证书错误,则问题是该证书不受信任.从Chrome浏览器中查看证书,然后查看问题出在哪里.可以由不在Windows证书存储区中的授权机构颁发.

Then go to If you get a big fancy certificate error, then the problem is that the certificate is not trusted. View the certificate from Chrome and see what the problem is. It could be issued by an authority that is not in the Windows cert store.