In a Windows 2000 Active Directory you are allowed to perform LDAP anonymous operations against AD. However, a Windows Server 2003 domain/forest does not allow this by default, except for the RootDSE object. But, it is a configurable option.
For a complete description you can check here, but a quick run-through follows:
Fire up ADSIEdit.msc and navigate to CN=Directory Service,CN=Windows NT,CN=Services, DC=mydomain, DC=com (or ServicesWindows NTDirectory Service). Right-click, select Properties and find the dsHeuristics attribute. Change the seventh character of the value to 2 (or put 0000002 as the value if it wasn’t set). All you need to do next is give the ANONYMOUS LOGON account Read access to the objects you wish to query and List Contents rights to the objects right above it.
There you go. You should be able to execute code like this against a Windows 2003 Active Directory:
staticvoid Main(string args)
// Note that we do not authenticate here like normally
// new DirectoryEntry(“LDAP://ADServer:389/DC=mydomain,
DC=local,CN=Users, “someuser”, “sTr0nGP4ssword”);
DirectoryEntry searchRoot = new DirectoryEntry
DirectorySearcher searcher = new DirectorySearcher(searchRoot);
searcher.Filter = “(sAMAccountName=UserNameToSearchFor)”;
SearchResult result = searcher.FindOne();
if (result != null)
DirectoryEntry userEntry = result.GetDirectoryEntry();