System.DirectoryServices.Protocols is a namespace designed for LDAP programming. It provides capabilities that were previously unavailable to managed code programmers such as running an attribute scoped query against an LDAP directory or binding to a directory server using X.509 client and server certificates. Therefore, if you plan to use .NET managed code against other LDAP directories, a great place to focus is on S.DS.P

Common Patterns:

LdapConnection connection = new LdapConnection("");

DirectoryRequestType request = new DirectoryRequestType(parameters…);

DirectoryResponseType response = (DirectoryResponseType)connection.SendRequest(request);


The System.DirectoryServices.ActiveDirectory namespace provides a high level abstraction object model for forest, domain, site, subnet, partition, and schema. It is used to automate Active Directory management tasks. It is not used to access data that resides within Active Directory or any other directory service. The System.DirectoryServices namespace should be used for this purpose.

The .NET Framework System.DirectoryServices namespace

The System.DirectoryServices namespace contains two component classes, DirectoryEntry and DirectorySearcher, which use the ADSI technology.
The DirectoryEntry class encapsulates a single entry in the Active Directory database hierarchy. Use this class for binding to objects, reading properties, updating attributes and enumerating children. You can delete objects, create child objects, modify the attributes on objects or read attributes off of objects.
The DirectorySearcher Class allows us to perform queries against the Active Directory Domain Services hierarchy. Executing a search through DirectorySearcher returns a SearchResult, which are contained in an instance of the SearchResultCollection class. A SearchResult or a SearchResultCollection is a read-only representation of these objects. If you want to do any read/write operations with them, you need to convert it to a DirectoryEntry object.

Active directory programming with .NET

When programming with Active Directory you can use several technologies. Microsoft has created 4 namespaces for directory services programming in managed code:

  • System.DirectoryServices: a simple managed interop layer over Active Directory Service Interfaces (ADSI) COM component. This namespace provides simple programming access to LDAP directories, such as Active Directory and any type of LDAP Server (ex: open LDAP Server). While the programming model is reasonably powerful, there’s no strongly typed objects, you’re responsible for a lot of things
  • System.DirectoryServices.ActiveDirectory: introduced in .NET Framework 2.0, it is a wealth of new classes for strongly typed management of directory infrastructure-level components, such as servers, domains, forests, schema, and replication
  • System.DirectoryServices.Protocolsintroduced in .NET Framework 2.0, provides raw access to underlying LDAP-based directories, such as Active Directory and Active Directory Lightweight Directory Services (AD LDS). This skips ADSI, so you get better performance, but it’s a lot harder to use.
  • System.DirectoryServices.AccountManagement: it is built on System.DirectoryServices and was introduced with .NET 3.5. This namespace is only for Active Directory or AD LDS. It works against User, Group, and Computer objects and they are strongly typed objects.
Microsoft Directory Services Programming Architecture

Microsoft Directory Services Programming Architecture