Getting "The server could not be contacted." when trying to access active directory

Vítor Martins picture Vítor Martins · Apr 7, 2015 · Viewed 15.7k times · Source

I'm trying this code:

public bool isTravelAdmin(string srvr, string usr, string password)
{
    System.Diagnostics.Debug.WriteLine("I'm in isTravelAdmin!");

    PrincipalContext domainctx = new PrincipalContext(ContextType.Domain, srvr);

    UserPrincipal userPrincipal = UserPrincipal.FindByIdentity(domainctx, IdentityType.SamAccountName, usr);

    bool isMember = userPrincipal.IsMemberOf(domainctx, IdentityType.Name, "traveladmin");

    if (isMember)
    {
        System.Diagnostics.Debug.WriteLine("This user is INDEED a member of that group");
        return true;
    }
    else
    {
        System.Diagnostics.Debug.WriteLine("This user is *NOT* member of that group");
        return false;
    }
}

Which is supposed to check if a user belongs to a certain group ("traveladmin"), but I'm getting

System.DirectoryServices.AccountManagement.PrincipalServerDownException

Any idea why and how to solve? by the way:

srvr = "LDAP://192.168.56.101/CN=Users,DC=estagioit,DC=local"

PS: I'm using the same srvr on another method and it's working and connecting.

PSS: If this is not the best way to go about this I'm open to suggestions.

Answer

Vítor Martins picture Vítor Martins · Apr 13, 2015

The problem is how the "Principal Context" is written... it should be:

PrincipalContext thisPrincipalContext = new PrincipalContext(ContextType.Domain, "DCESTAGIO");

in this case.

If you look at the documentation for the PrincipalContext constructors, it should be quite clear:

public PrincipalContext(ContextType contextType, string name)

or

public PrincipalContext(ContextType contextType, string name, string container)

So you basically need:

  • your context type (here: ContextType.Domain)
  • the domain name (try just the "Netbios" name, e.g. "YOURDOMAIN" - or leave NULL for "default" domain)
  • optionally a container (as an LDAP path - a "distinguished" name, full path but without any LDAP:// prefix)

as seen in this answer.