Reputation: 149
Get just the Enabled Accounts from Active Directory
I am using System.DirectoryServices.AccountManagement.dll to deal with Active Directory
to get all the users in the "Domain Users" group.
This is returning all the users in the domain but I need to get just the enabled ones.
Here is some sample code:
List<string> users = new List<string>();
PrincipalContext pcContext = GetPrincipalContext();
GroupPrincipal grp = GroupPrincipal.FindByIdentity(pcContext,
IdentityType.Name,
"Domain Users");
foreach (Principal user in grp.GetMembers(true).OfType<UserPrincipal>())
{
if (user.Enabled != false)
{
users.Add(user.Name);
}
}
Other groups work fine, but when the group is "Domain Users", the value of the Enabled property is false for all users. This makes it impossible to distinguish between enabled and disabled users without doing a further query for each user.
Upvotes: 8
Views: 6826
Answers (3)
Reputation: 213
A method around this problem could be to first search for Enabled Users using the PrincipalSearcher class and then use the Principal's method of IsMemberOf()
List<string> users = List<string>();
PrincipalContext pcContext = GetPrincipalContext();
GroupPrincipal grp = GroupPrincipal.FindByIdentity(pcContext, IdentityType.Name, "Domain Users");
UserPrincipal searchFilter = new UserPrincipal(pcContext){ Enabled = true }
PrincipalSearcher searcher = new PrincipalSearcher(searchFilter);
PrincipalSearchResult<Principal> results = searcher.FindAll();
foreach (Principal user in results)
if (user.IsMemberOf(grp))
users.Add(user.SamAccountName);
Upvotes: 1
Reputation: 1249
There's a remark on the MSDN page of the Enabled property saying :
If the principal has not been persisted in the store, this property returns null. After the principal is persisted, the default enabled setting depends on the store. The AD DS and AD LDS stores disable new principals when they are persisted, whereas SAM enables new principals when they are persisted. The application can only set this property to a value after it has been persisted in the store.
Perhaps it's related if the default is false ?
Also, there's a post on the MSDN forum about UserPrincipal.Enabled returns False for accounts that are in fact enabled? and that really sound similar to your issue. According to the post there's perhaps a solution here :
I think I misunderstood. Disregard what I posted before. I think I know what's happening. The GetMembers method apparently isn't loading the UserPrincipal data. I don't know if there is a better solution, but the following works (at least on my AD):
foreach (UserPrincipal user in group.GetMembers(false))
{
UserPrincipal tempUser = UserPrincipal.FindByIdentity(context, user.SamAccountName);
// use tempUser.Enabled
// other code here
}
Upvotes: 0
Reputation: 489
UserPrinciple objects have a bool Enabled property for this.
// Add this to GetUserDetails
objUserDetails.EmployeeId = UserPrinical.EmployeeId;
// Then condition the add to only add enabled
if (objUserDetails.Enabled) {
objUserDetails.Add(GetUserDetails(p.Name));
}
Upvotes: 1
Related Questions
- How to retrieve only enabled users from the Active Directory
- Retrieving only enabled accounts on active directory
- C# Filter List of Active Directory Users & return Active/Enabled Users
- How to get the number of enabled and non expired accounts members of an AD group
- Retrieving only enabled accounts from Azure Active Directory
- querying LDAP - get account status (like disabled , active, etc.)
- Using C#, how do you check if a computer account is disabled in active directory?
- find if user account is enabled or disabled in AD
- How to check that windows account is disabled in C#?
- Get members of Active Directory Group and check if they are enabled or disabled