DirectoryEntry Constructor (String, String, String) (System.DirectoryServices)

Switch View :

Classic

Lightweight

ScriptFree

Site Feedback

.NET Framework Class Library

DirectoryEntry Constructor (String, String, String)

Initializes a new instance of the DirectoryEntry class.

Namespace: System.DirectoryServices
Assembly: System.DirectoryServices (in System.DirectoryServices.dll)

Syntax

Visual Basic

Public Sub New ( _
	path As String, _
	username As String, _
	password As String _
)

public DirectoryEntry(
	string path,
	string username,
	string password
)

Visual C++

public:
DirectoryEntry(
	String^ path, 
	String^ username, 
	String^ password
)

new : 
        path:string * 
        username:string * 
        password:string -> DirectoryEntry

Parameters

path: Type: System.String

username: Type: System.String
The user name to use when authenticating the client. The Username property is initialized to this value.

password: Type: System.String

Version Information

.NET Framework

Supported in: 4, 3.5, 3.0, 2.0, 1.1, 1.0

.NET Framework Client Profile

Supported in: 4, 3.5 SP1

.NET Framework Security

DirectoryServicesPermission
Demand

Platforms

Windows 7, Windows Vista SP1 or later, Windows XP SP3, Windows XP SP2 x64 Edition, Windows Server 2008 (Server Core not supported), Windows Server 2008 R2 (Server Core supported with SP1 or later), Windows Server 2003 SP2

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

Reference

DirectoryEntry Class

DirectoryEntry Overload

System.DirectoryServices Namespace

Community Content

Jeffrey S. Patton

DirectoryEntry Alternate Credentials

A lot of the samples I've found online appear to work if we're querying objects in the AD that our computer account and user account are homed in. In my situation, my computer account is in a trusting domain, and my user account is in a trusted domain. Every combination that I tried with the DirectoryEntry contructor failed with invalid login.

In order for this to work properly for my queries, I've had to adjust my path string to include the name of a domain controller in my domain, only then were the passed in credentials allowed. If I had access to the logs on the trusted domain, I think I would find several attempts where my trusting account was attempting to auth against a trusted DC.

Here is a quick little sample that works in my environment.

Write-Verbose "An LDAP Url for where you want to search"
$AdsPath = 'LDAP://OU=1132,OU=Learned,OU=People,DC=soecs,DC=ku,DC=edu'
Write-Verbose "Pull out the root from the path"
$Root = $AdsPath.Substring(($AdsPath.ToLower().IndexOf('dc=')),$AdsPath.Length-($AdsPath.ToLower().IndexOf('dc=')))
Write-Verbose "Cast the modified root, pointing at the Domain Controllers OU to get the first DC listed"
$DC = (([adsi]"LDAP://OU=Domain Controllers,$($Root)").Children |ForEach-Object {$_.Name})[0]
Write-Verbose "Modified DirectoryEntry that contains a newly formated adspath and passes in stored credentials"
$directoryEntry = New-Object System.DirectoryServices.DirectoryEntry("LDAP://$($DC)/$($AdsPath.Replace('LDAP://',''))",$Credentials.UserName,$Credentials.GetNetworkCredential().Password)