Communicating with an Active Directory Domain Controller

Platform SDK: Active Directory, ADSI, and Directory Services

Communicating with an Active Directory Domain Controller

If you want to communicate with an Active Directory domain controller, you can use three types of user names:

Downlevel logon. For example: FABRIKAM\jsmith, or just jsmith.
Distinguished name. For example: CN=Jeff Smith,OU=Marketing,DC=Fabrikam,DC=COM.
User principal name (UPN). For example: jsmith@Fabrikam.com.

The flags you can specify are listed in the following table.

Flag	Meaning
ADS_SECURE_AUTHENTICATION	A secured authentication is requested. You must supply the credentials.
ADS_USE_ENCRYPTION	To use this option, your server must support encryption, such as the SSL protocol. For Active Directory, the Certificate Server must be installed to support SSL encryption.
ADS_READONLY_SERVER	For the WinNT provider, it attempts to connect to a PDC (Primary Domain Controller) or a BDC (Backup Domain Controller). For an LDAP provider, this flag is only useful for a serverless binding, and indicates that a writeable server is not required.
ADS_PROMPT_CREDENTIALS	If your SSPI provider honors this flag, it will prompt a credential dialog when the authentication process is initiated.
ADS_NO_AUTHENTICATION	No authentication is requested. For an LDAP provider, a connection is established to the server, no binding occurs.