Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Modifying LDAP attributes using C#

Posted on 2005-03-30
Medium Priority
Last Modified: 2012-05-05
I have been working on a small application that can bind to the directory and modify an attribute.  So far I have been able to bind correctly and retrieve a Directory Entry.  But I am unable to modify an attribute.  This is not a rights issue it seems to be a coding issue and my understanding of C#.  Does someone have an example I can see to modify an attribute.  What I have tried so far is

SearchResult result = mySearcher.FindOne();
result.Properties["HomeDirectory"][0]= "bob";

Question by:darkstagg
  • 3
  • 3
LVL 20

Expert Comment

ID: 13669774
SearchResult object contains just some readonly data for you to use, not to modify. Use DirectoryEntry object from the SearchResult object and modify it, like so

DirectoryEntry de = result.GetDirectoryEntry();
de.Properties["HomeDirectory"].Value = "myHomeDirectory";

Author Comment

ID: 13672758
Im still a bit stuck on this.  Although closer thanks.  It appears now when I try to modify the object in question I am unable to because I am bound to the directory in a different way.  What I am trying to do is bind to the AD with my admin account and modify an attribute for another user.  Here is my code in general so far.

DirectoryEntry entry = new DirectoryEntry  "LDAP://domain.com","CN=admin,OU=Administrators,OU=ca,OU=is,DC=domain,DC=com","password");
      myDirectorySearcher = new DirectorySearcher("cn=bob");
      SearchResult result = myDirectorySearcher.FindOne();

      DirectoryEntry clientEntry = result.GetDirectoryEntry();

      clientEntry.Properties["homeDirectory"].Value = "bob";

When I do this it errors out and appears to be unable to access the value.  When I use the debugger I can see result contains the appropriate attributes.

Thanks again
LVL 20

Accepted Solution

ihenry earned 1050 total points
ID: 13673360
You're passing the user name "CN=admin,OU=Administrators,OU=ca,OU=is,DC=domain,DC=com" in DN format to the DirectoryEntry ctor, in order to get this to work you must use SSL binding option in the DirectoryEntry object. To avoid SSL binding you can use user name in NT format like "yourDomain\userName" or in UPN format such as "userName@yourDomain.com" .

In order to make the search to be more efficient you would need to include objectClass and objectCategory in the filter, like so:

And  try to avoid using FindOne method as it might give you serious memory leak problem in production later. You can consider using "using" statement and FindAll method as a replacement.

               using (SearchResultCollection src = myDirectorySearcher.FindAll())
                    if (src.Count > 0)
                         SearchResult sr = src[0];
                         // code continue here...

For any exception occur, post the exception stack trace here.
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.


Author Comment

ID: 13673597
My apologies for being somewhat dim on this I have a strong understanding of LDAP and you are right on adding the filter and how I should do the search.  But I am not clear on the bind process and then searching correctly for another object.  Can you give me an example of this.

Pseudo code

bind to directory with Admin account.
search for a user (not the admin user).
modify the homedirectory attribute.
commit the change to the directory.

again sorry for not fully understanding I greatly appreciate the help


Author Comment

ID: 13676862
I believe I have it now thanks so much for the help
LVL 20

Expert Comment

ID: 13849783
I believe my comments have helped the asker and put him to the right direction.

-- Henry

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Summary: Persistence is the capability of an application to store the state of objects and recover it when necessary. This article compares the two common types of serialization in aspects of data access, readability, and runtime cost. A ready-to…
This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …
Suggested Courses
Course of the Month15 days, 23 hours left to enroll

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question