How to get Active Directory users on non domain controller

Question

Using these 2 examples:

I was able to get users from "Domain Users" when running the them on the Domain controller.

However, I was not able to on member machine that belong to the same domain.

I even logon to the member machine as the Domain Administrator

The errors messages:

Example 1

Unhandled Exception: System.Runtime.InteropServices.COMException: The specified domain either does not exist or could not be contacted.

Example 2

Unhandled Exception: System.DirectoryServices.AccountManagement.PrincipalServerDownException: The server could not be contacted. ---> System.DirectoryServices.Protocols.LdapException: The LDAP server is unavailable.

Can somebody please point me to an example or how to fix this problem ?

Thanks.

drf drf · Accepted Answer · 2015-11-14T14:16:49

Accounts that are local to a workstation or server are not Active Directory accounts, even if the machine is itself a member of an Active Directory domain. Active Directory APIs generally use LDAP to connect to a domain controller (DC), which will not work for local accounts since there is no DC involved.

Assuming you are working with local users and groups, you can still use the System.DirectoryServices.AccountManagement API to get local users and groups. The DirectoryContext class provides a ContextType property, which you will set to Machine to access local users and groups.

The below code is a simple example that will list all the users on the provided workstation:

string workstationName = null; // null --> localhost
PrincipalContext cxt = new PrincipalContext(ContextType.Machine, workstationName);
foreach (var u in new PrincipalSearcher(new UserPrincipal(cxt)).FindAll())
{
    var userPrincipal = u as UserPrincipal;
    Console.WriteLine(u.Name);
}

How to get Active Directory users on non domain controller

1 Answers