You should try breaking this into separate parts, so it's easier to manage the logic, and easier to locate where your errors are occurring. I usually go with the following approach in this situation :

您应该尝试将其分解为单独的部分，以便更轻松地管理逻辑，并更轻松地定位发生错误的位置。在这种情况下，我通常采用以下方法：

• Create an LdapConnectionobject so you can set the options you need
• Setup a NetworkCredentialinstance with an administrative username and password
• Bind to the directory with the user so you can issue a direct LDAP query
• Return a SearchResultEntryso you can process the properties

• 创建一个LdapConnection对象，以便您可以设置所需的选项
• NetworkCredential使用管理用户名和密码设置实例
• 与用户绑定到目录，以便您可以发出直接 LDAP 查询
• 返回 aSearchResultEntry以便您可以处理属性

You have a few options to help you accomplish this, but I'd try something like this :

您有几个选项可以帮助您完成此操作，但我会尝试以下操作：

//Delcare your Network Credential with the administrative Username, Password, and your active directory domain
var credentials = new NetworkCredential(userName, password, domain);

//Create a directory identifier and connection, 
var ldapidentifier = new LdapDirectoryIdentifier(serverName, port, false, false);
var ldapconn = new LdapConnection(ldapidentifier, credentials);

Next, make sure you're setting the right AuthTypefor your particular instance. Since you're connecting over port 389, just use AuthType.Basic.

接下来，确保您AuthType为特定实例设置了权限。由于您通过端口 389 进行连接，因此只需使用AuthType.Basic.

ldapconn.AuthType = AuthType.Basic;

As you had asked, there is a very easy way to setup a direct LDAP query using this approach. I'm assuming you're searching by sAMAccountName, but you can modify this as needed :

正如您所问的，有一种非常简单的方法可以使用这种方法设置直接 LDAP 查询。我假设您正在搜索sAMAccountName，但您可以根据需要修改它：

string ldapFilter = "(&(objectCategory=person)(objectClass=user)(&(sAMAccountName={{UserYouAreTryingToFind}})))";

Now we just have to setup the search request, and send it accordingly :

现在我们只需要设置搜索请求，并相应地发送它：

//Send the search request with our delimited attribute list
var getUserRequest = new SearchRequest(domain, ldapFilter, SearchScope.Subtree, AttributeList)
                                     {SizeLimit = 1};

//Suppress any refferal creation from happening during the search
var SearchControl = new SearchOptionsControl(SearchOption.DomainScope);
getUserRequest.Controls.Add(SearchControl);
var userResponse = (SearchResponse)ldapconn.SendRequest(getUserRequest);

//This is where I load up the entry I've located, 
SearchResultEntry ResultEntry = userResponse.Entries[0];

That should return the user you've queried for, along with any properties you've put into AttributeList. In this context, AttributeListis just a string array (string[]) of property names - in your case you'll want to add one called "objectGUID".

这应该返回您查询的用户，以及您放入的任何属性AttributeList。在这种情况下，AttributeList它只是一个string[]属性名称的字符串数组 ( ) - 在您的情况下，您需要添加一个名为“objectGUID”的数组。

As for reading the properties on the SearchResultEntry, you can do exactly what you had originally :

至于阅读 上的属性SearchResultEntry，您可以完全按照您原来的方式进行操作：

 if(ResultEntry.Attributes.Contains("objectGUID"))
 {
     // do some stuff here
 }

That should help get you going in the right direction.

这应该有助于让你朝着正确的方向前进。

Also, if you don't already have a copy of wireshark, I highly suggest you download it - it will be invaluable in diagnosing connection issues with active directory.

此外，如果您还没有wireshark的副本，我强烈建议您下载它 - 它对于诊断与活动目录的连接问题非常有用。