I'm attempting to use the .NET System.DirectoryServices.AccountManagement
library to obtain the UserPrincipal for a particular Active Directory user.
I've got the following code:
PrincipalContext context = new PrincipalContext(ContextType.Domain, "DomainName");
userPrincipal = UserPrincipal.FindByIdentity(context, IdentityType.SamAccountName, username);
This code is running as a valid domain user, but when I execute it I get the following exception:
System.DirectoryServices.DirectoryServicesCOMException (0x8007052E): Logon failure: unknown user name or bad password.
What's interesting is that I can make the following call, using the same context, without a problem:
context.ValidateCredentials(username, password, ContextOptions.Negotiate)
Ideas?
You need to use the the PrincipalContext
constructor that takes username and password.
The reason that Validate works is because its using the provided credentials to bind to the directory.