We see issues from time to time with LDAP connection strings for Active Directory failing to work even when folks know the connection string and bind credentials are correct. Even if you copy a distinguished name value from a tool like ADSIEdit or Active Directory Explorer, many times you must specify a provider in the connection string and this can cause problems if you don’t set up the provider correctly.

Since ADSI uses the ADsPath syntax for connecting to objects in Active Directory, you must follow one simple rule here.

Make sure your provider is capitalized.

The provider portion of the connection string (referred to as the scheme in URL nomenclature) is the portion of the connection string that comes before the :// character sequence. Whether you use an LDAP or GC provider or something else, ensure the provider portion of the connection string is capitalized or your connection string will not work and you will receive a “0x80005000 Unknown Error” COM error.

The remainder of the string is case insensitive but you cannot connect to Active Directory DS using ADSI if your provider is not capitalized.

Good Connection Strings

The following connection strings will work fine as long as your forest and domain is homed to mydomain.local the the OU exists. Remember that case does not matter after the provider but it’s good to be consistent with your casing as a best practice.

LDAP://mydomain.local/OU=SomeOU,DC=mydomain,DC=local
GC://mydomain.local

Bad Connection String

This connection string fails to connect because the provider is incorrectly specified.

Ldap://mydomain.local/OU=SomeOU,DC=mydomain,DC=local
Gc://mydomain.local