I did some research and managed to make an ADWS (Active Directory Web Services) connection from a .NET application work. I thought I should share that information.
This is how I connected to ADWS from a .NET application:
- Create a file "ADWS.wsdl" with the Full WSDL which can be found here
http://msdn.microsoft.com/en-us/library/dd304094(v=PROT.10).aspx
- Generate the config and proxy class using: svcutil /config:"App.config" /out:"Proxy.cs" "ADWS.wsdl" (from VS console)
- Add the proxy.cs to your .NET project (I used a simple WinForms Application created with VS 2010)
- Add an "Application Configuration File" to your project; use the XML from "App.config" generated before
As the custom binding generated by svcutil does not work, the binding from the ADWS server config has to be used in the config file.
The server bindings can be found here:
C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe.config
It should look like this:
<netTcpBinding>
<binding name="ActiveDirectoryWebServicesNetTcpBindingConfiguration"
maxReceivedMessageSize="1048576"
receiveTimeout="00:10:00" >
<readerQuotas maxArrayLength="16384"
maxStringContentLength="32768"
maxDepth="10" />
</binding>
</netTcpBinding>
- Add the "netTcpBinding" above to the <bindings> section of your config file.
- change the client endpoint configuration at the bottom of your config file to use "netTcpBinding" instead of the custom binding
It should look like this now:
<client>
<endpoint binding="netTcpBinding"
contract="AccountManagement" name="NetTcpBinding_AccountManagement_AccountManagement"
address="net.tcp://YOURDC.YOURDOMAIN.net:9389/ActiveDirectoryWebServices/Windows/AccountManagement" />
<endpoint binding="netTcpBinding"
contract="TopologyManagement" name="NetTcpBinding_TopologyManagement_TopologyManagement"
address="net.tcp://YOURDC.YOURDOMAIN.net:9389/ActiveDirectoryWebServices/Windows/TopologyManagement" />
</client>
Now you can connect to ADWS, e.g.:
//sample code to connect to an ADWS service
AccountManagementClient ac = new AccountManagementClient();
//use impersonation; credentials will be used to authenticate towards the LDAP (AD) server
ac.ClientCredentials.Windows.AllowedImpersonationLevel =System.Security.Principal.TokenImpersonationLevel.Impersonation;
ActiveDirectoryPrincipal[] arP = ac.GetADGroupMember("ldap:389", "CN=Administrators,CN=Builtin,DC=YOURDOMAIN,DC=net", "DC=YOURDOMAIN,DC=net", true);
In order to add some debugging to server and/or client follow the instructions given here:
http://blogs.msdn.com/b/adpowershell/archive/2009/10/05/how-to-view-soap-xml-messages-to-and-from-ad-webservices-and-powershell.aspx
