UserPrincipal.FindByIdentity Permissions
I'm attempting to use the .NET System.DirectoryServices.AccountManagement library to obtain the UserPrincipal for a particular Active Directory user.
I've got the following code:
PrincipalContext context = new PrincipalContext(ContextType.Domain, "DomainName");
userPrincipal = UserPrincipal.FindByIdentity(context, IdentityType.SamAccountName, username);
This code is running as a valid domain user, but when I execute it I get the following exception:
System.DirectoryServices.DirectoryServicesCOMException (0x8007052E): Logon failure: unknown user name or bad password.
What's interesting is that I can make the following call, using the same context, without a problem:
context.ValidateCredentials(username, password, ContextOptions.Negotiate)
Ideas?
Answer
You need to use the the PrincipalContext constructor that takes username and password.
The reason that Validate works is because its using the provided credentials to bind to the directory.