0

I am trying to use LDAP to get information about domain controllers and to know about its status and Replication status using C#. I am trying to do this approach remotely; for example, I am running code in PC1 and would like to know and get information from PC2 .

I know when using WMI, it is possible to get information using the following queries:

SELECT * FROM MSAD_DomainController
then
SELECT * FROM MSAD_ReplCursor where SourceDsaDN like '%{domainControllerName}%'
then
SELECT * FROM MSAD_ReplNeighbor where NamingContextDN like '{NamingContextDN->From above query}'

So what would I need to get information similar to the WMI query when using LDAP?

I am using this code to look into the details of domain controller

using System.DirectoryServices;
using System.DirectoryServices.ActiveDirectory;
class Program
{
 static void Main()
 {
 string domainname = {Domain}; 
 string username = {User};
 string password = {Pass};
 try
 {
 // Using DirectoryEntry for LDAP operations
 string ipAddress = {IP};
 string ldapPath = $"LDAP://{ipAddress}:389/DC={domainname},DC=com";
 using (DirectoryEntry entry = new DirectoryEntry(ldapPath, username, password, AuthenticationTypes.Secure))
 {
 using (DirectorySearcher searcher = new DirectorySearcher(entry))
 {
 searcher.Filter = "(objectClass=*)"; 
 searcher.SearchScope = SearchScope.Subtree; 
 SearchResultCollection results = searcher.FindAll();
 if (results.Count == 0)
 {
 Console.WriteLine("No objects found.");
 }
 else
 {
 foreach (SearchResult result in results)
 {
 Console.WriteLine("Object Information:");
 
 if (result.Properties["objectClass"].Count > 0)
 {
 Console.Write($"Object Class: ");
 foreach (var value in result.Properties["objectClass"])
 {
 Console.Write($"{value}, "); // Print each value
 }
 }
 foreach (string propertyName in result.Properties.PropertyNames)
 {
 var propertyValues = result.Properties[propertyName];
 if (propertyValues.Count > 0)
 {
 Console.Write($"{propertyName}: ");
 foreach (var value in propertyValues)
 {
 Console.Write($"{value}, "); // Print each value
 }
 Console.WriteLine(); // New line after values
 }
 else
 {
 Console.WriteLine($"{propertyName}: Not Available or Empty");
 }
 }
 Console.WriteLine("---------------------------------------------------");
 }
 }
 }
 }
 }
 catch (ActiveDirectoryObjectNotFoundException ex)
 {
 Console.WriteLine($"Error: {ex.Message} - Check domain name and connectivity.");
 }
 catch (ActiveDirectoryOperationException ex)
 {
 Console.WriteLine($"AD Operation Error: {ex.Message}");
 }
 catch (DirectoryServicesCOMException ex)
 {
 Console.WriteLine($"Directory Services Error: {ex.Message}");
 }
 catch (Exception ex)
 {
 Console.WriteLine($"Unexpected Error: {ex.Message}");
 }
 }
}
asked Sep 25, 2024 at 12:20
6
  • Why does it need to be LDAP? Can you use Powershell eg Get-ADReplicationConnection learn.microsoft.com/en-us/powershell/module/activedirectory/… It's really unclear what information exactly you want, please be clear. Commented Sep 25, 2024 at 14:00
  • I aim to use C# and it needs to be run on a PC where it can communicate with other PCs to get information about the domain. So, if anything happens I can know the status of the domain controller and the state of the AD replication. Is it possible to execute the Powershell remotely and get output of the query? like PC1 will run a Get-ADReplicationConnection on PC2 and get the output about the state of the Domain Controller Commented Sep 25, 2024 at 14:06
  • Any PC joined to the domain should be able to execute those scripts. Also did you not just ask this exact question last week? stackoverflow.com/questions/79001660/… Commented Sep 25, 2024 at 14:36
  • @Charlieface In that link I was able to solve it using WMI, but I started to look into the LDAP and thought if it is possible to implement using LDAP and get the same results as the WMI queries that I used in the OP above. But in my approach that I mentioned in comment I am trying to access PC2 that lives in different domain. Commented Sep 26, 2024 at 7:38
  • You can execute Powershell remotely using Invoke-Command, but you'd need some way to log in, probably using a one or two way domain trust, or using runas /netonly to give custom credentials. Commented Sep 26, 2024 at 8:57

0

Know someone who can answer? Share a link to this question via email, Twitter, or Facebook.

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.