Query Active Directory under NT AUTHORITY/NETWORK SERVICE

I have a Windows Service running under the NETWORK SERVICE account and have a need to query Active Directory for extended information about users.

It looks like in this situation there are access restrictions that prevent the service from accessing Active Directory. And the service has to be run as NETWORK SERVICE, not domain user.

开发者_开发百科So far I'm passing credentials (login and password) of a domain user to DirectorySearcher. Credentials are retrieved from config file, which is, of course, not good.

Is there another more elegant way to query Active Directory from service running under the NETWORK SERVICE?

Unless your domain administrator bans this deliberately, Active Directory by default allows any computer accounts to run LDAP query.

So, if your computer has joined to the domain, using NT AUTHORITY\Network Service account should just work.

Alternatively, you can set the domain user as the service account. Then, you don't need to pass in any username or password into DirectorySearcher

You can give the computer account (COMPUTERNAME$) read permissions in Active Directory but as @Harvery Kwok said it should have this by default (if the computer is a domain member).