These snippets of code shows how to search Active Directory using LDAP to return all domains in the current Forest (based on current authentication).

For VB and C# a reference to System.DirectoryServices is required within the project.


[code lang=”csharp”]
// Connect to RootDSE
DirectoryEntry RootDSE = new DirectoryEntry(“LDAP://rootDSE”);

// Retrieve the Configuration Naming Context from RootDSE
string configNC = RootDSE.Properties[“configurationNamingContext”].Value.ToString();

// Connect to the Configuration Naming Context
DirectoryEntry configSearchRoot = new DirectoryEntry(“LDAP://” + configNC);

// Search for all partitions where the NetBIOSName is set.
DirectorySearcher configSearch = new DirectorySearcher(configSearchRoot);
configSearch.Filter = (“(NETBIOSName=*)”);

// Configure search to return dnsroot and ncname attributes
SearchResultCollection forestPartitionList = configSearch.FindAll();

// Loop through each returned domain in the result collection
foreach (SearchResult domainPartition in forestPartitionList)
// domainName like “”. ncName like “DC=domain,DC=com”
string domainName = domainPartition.Properties[“dnsroot”][0].ToString();
string ncName = domainPartition.Properties[“ncname”][0].ToString();





  1. Hi, thank you for the scripts.
    I tried PS and c# codes. They retrieve only one domain in my environment.
    But I have 6 domains, if I open my Network Places->Microsoft Windows Networks I see them.
    Also, I can retrieve 6 items when I use this code
    [code lang=”csharp”]
    DirectoryEntry rootEntry = new DirectoryEntry("WinNT:");
    foreach (DirectoryEntry child in rootEntry.Children)

    But I’d like ot use LDAP because of WinNT is legacy provider.


  2. A slightly different way to do it is over a search of the trusted Domains. needed it some time ago to search on different domains in a forrest and fill up objects with the “DomainUsername” notation …
    [code lang=”csharp”]
    /// Gets All Trusted Domains in the Domain Forrest
    public Dictionary GetDomains()
    SearchResultCollection srCollection;
    DirectoryEntry deRoot = new DirectoryEntry(@"LDAP://,DC=com");
    DirectorySearcher deSearcher = new DirectorySearcher(deRoot);
    deSearcher.Filter = ("(objectClass=trustedDomain)");
    deSearcher.PageSize = 1000;
    deSearcher.SearchScope = SearchScope.Subtree;
    srCollection = deSearcher.FindAll();

    //ArrayList DomainList = new ArrayList();
    Dictionary DomainList = new Dictionary();

    foreach (SearchResult se in srCollection)
    string currentDomainName = se.GetDirectoryEntry().Name.ToString();
    string currentNomainFlatName = se.GetDirectoryEntry().Properties["flatname"].Value.ToString();
    currentDomainName = currentDomainName.Replace(".", ",DC=");
    currentDomainName = currentDomainName.Replace("CN", "DC");

    return DomainList;

    nice article, thx


  3. In the VBScript code, the query on line 12 will fail with a “Table does not exist” error unless “LDAP” is in upper case.

    Otherwise, thanks for this, saved me an hour writing it from scratch.


  4. Hello!
    I know this is a bit old, but i’ll try my luck… since few days ago i’m trying to connect remotely to my ad with no luck. All what i’d found works fine if run my app whithin the LAN, when i need to do it from outside it just doesn’t work at all. No matter what or how i set in the path it doesn’t work.
    Can some one please help me with the right sintax to connect to a remote ad?
    Thanks a lot.


    • Remote connectivity requires a server to bind to as well. e.g.

      All of the existing examples use Serverless Binding which, in turn, uses the DCLocator algorithm to locate servers.



Leave a Reply

Your email address will not be published. Required fields are marked *