Reputation: 62031

Where is the domain name in a UserPrincipal object?

I'm using the System.DirectoryServices.ActiveDirectory classes to find all Active Directory users. The code is very simple:

var context = new PrincipalContext(ContextType.Domain);
var searcher = new PrincipalSearcher(new UserPrincipal(context));
var results = searcher.FindAll();

I want to get the domain-qualified username in the "friendly" (aka. "pre-Windows 2000" format), eg. "CONTOSO\SmithJ". UserPrincipal.SamAccountName gives me the username part, but how do I get the domain part? I cannot assume that the domain will be the same as the machine's or current user's domain.

Upvotes: 10

Views: 8042

Answers (2)


Reputation: 62031

OK, here' the final code I came up with using JPBlanc's answer and the answer linked by MichaelZ. It shows the SID, Display Name and DOMAIN\username for each user.

    var ldapUrl = "LDAP://" + defaultNamingContext;

    using (var rootDe = new DirectoryEntry(ldapUrl))
    using (var searcher = new DirectorySearcher(rootDe))
        searcher.SearchScope = SearchScope.Subtree;
        searcher.Filter = "(&(objectClass=user)(objectCategory=person))";

        var results = searcher.FindAll();

        foreach (SearchResult result in results)
            var qualifiedUsername = GetSinglePropertyValue(result, "msDS-PrincipalName");
            var displayName = GetSinglePropertyValue(result, "displayName");
            var sid = new SecurityIdentifier((byte[])GetSinglePropertyValue(result,"objectSid"), 0);

            Console.WriteLine("User: {0}\r\n\tDisplay name: {1}\r\n\tSID: {2}",
                qualifiedUsername, displayName, sid);

    private static object GetSinglePropertyValue(SearchResult result, string propertyName)
        var value = result.Properties[propertyName];
        if (value.Count == 0)
            return null;
        if (value.Count == 1)
            return value[0];
        throw new ApplicationException(string.Format("Property '{0}' has {1} values for {2}",
            propertyName, value.Count, result.Path));

And to get the default naming context for the machine's domain (as answered here):

private static string GetDefaultNamingContext()
    // This check is fast
    catch (ActiveDirectoryObjectNotFoundException)
        return null;

    // This takes 5 seconds if the computer is not on a domain
    using (var rootDe = new DirectoryEntry("LDAP://RootDSE"))
            return (string)rootDe.Properties["defaultNamingContext"][0];
        catch (COMException ex)
            if (ex.ErrorCode == -2147023541)
                return null;

Upvotes: 0


Reputation: 72680

For AD DS, the value of msDS-PrincipalName is the NetBIOS domain name, followed by a backslash ("\").

You can find it using :

/* Retreiving the root domain attributes
sFromWhere = "LDAP://DC_DNS_NAME:389/dc=dom,dc=fr"; 
DirectoryEntry deBase = new DirectoryEntry(sFromWhere, "AdminLogin", "PWD"); 

DirectorySearcher dsLookForDomain = new DirectorySearcher(deBase); 
dsLookForDomain.Filter = "(objectClass=*)"; 
dsLookForDomain.SearchScope = SearchScope.base; 

SearchResult srcDomains = dsLookForDomain.FindOne();

Upvotes: 7

Related Questions