The ASP.NET Active Directory Membership Provider does an authenticated bind to le Active Directory using a specified username, password, et "connection string". The connection string is made up of le LDAP server's name, et le fully-qualified path of le container object où le user specified is located.
The connection string begins avec le URI LDAP://.
For le server name, you can use le name of a domain controller in that domain-- let's say "dc1.corp.domain.com". That gives us LDAP://dc1.corp.domain.com/ thusfar.
The suivant bit is le fully qualified path of le container object où le binding user is located. Let's say you're using le "Administrator" account et votre domain's name is "corp.domain.com". The "Administrator" account is in a container named "Users" located one level ci-dessous le root of le domain. Thus, le fully qualified DN of le "Users" container would be: CN=Users,DC=corp,DC=domain,DC=com. If le user you're binding avec is in an OU, à la place of a container, le path would include "OU=ou-name".
So, using an account in an OU named Service Accounts c'est a sub-OU of an OU named Corp Objects c'est a sub-OU of a domain named corp.domain.com would have a fully-qualified path of OU=Service Accounts,OU=Corp Objects,DC=corp,DC=domain,DC=com.
Combine le LDAP://dc1.corp.domain.com/ avec le fully qualified path to le container où le binding user is located (like, say, LDAP://dc1.corp.domain.com/OU=Service Accounts,OU=Corp Objects,DC=corp,DC=domain,DC=com) et you've got votre "connection string".
(Vous pouvez use le domain's name in le connection string as opposed to le name of a domain controller. The difference is that le domain's name will resolve to le IP address of any domain controller in le domain. That can be les deux good et bad. You're pas reliant on tout single domain controller to be up et running for le membership provider to work, mais le name happens to resolve to, say, a DC in a remote location avec spotty network connectivity alors you may have problems avec le membership provider working.)
