How to get All attributes from an Active Directory user in C#

Question

I have been searching for quite some time for a solution using C# code that can query an Active Directory user for all the attributes it has registered to it, whether or not they have a NULL Value. These attributes are visible through the Attribute editor tab in the properties of the user in ADSI Edit on the domain server.

AD user attributes in ADSI edit

I need to dynamically retrieve these attributes, which means I probably can't reliably get these attribute names through the ADSI documentation on MSDN and because not all of these attributes might be user object specific: https://msdn.microsoft.com/en-us/library/ms675090(v=vs.85).aspx

Here is what I have tried so far, but only got a fraction of the attributes of the user object:

1. PS command Get-ADUser -Identity administrator -Properties: This retrieved a good part of the attributes, but not nearly all of them and I do not know what .NET Classes and methods are invoked during this command, since TypeName = Microsoft.ActiveDirectory.Management.ADUser, which does not exist in the .NET framework. How can I see the specific methods that are using from .NET in PS?

2. C# calling this method:

   public bool GetUserAttributes(out List<string> userAttributes, string userName)
   {
       userAttributes = new List<string>();
       var valueReturn = false;
   
       try
       {
           const string pathNameDomain = "LDAP://test.local";
   
           var directoryEntry = new DirectoryEntry(pathNameDomain);
   
           var directorySearcher = new DirectorySearcher(directoryEntry)
           {
               Filter = "(&(objectClass=user)(sAMAccountName=" + userName + "))"
           };
   
           var searchResults = directorySearcher.FindAll();
   
           valueReturn = searchResults.Count > 0;
   
           StreamWriter writer = new StreamWriter("C:\\LDAPGETUSERADEXAMPLE.txt");
   
           foreach (SearchResult searchResult in searchResults)
           {
               foreach (var valueCollection in searchResult.Properties.PropertyNames)
               {
                   userAttributes.Add(valueCollection.ToString() + " = " + searchResult.Properties[valueCollection.ToString()][0].ToString());
   
                   try
                   {
                       writer.WriteLine("Bruger attribut:" + valueCollection);
                   }
                   catch (Exception)
                   {
                       throw;
                   }
               }
           }
   

3. C# calling this method:

   public List<string> GetADUserAttributes()
   {
       string objectDn = "CN=testuser,OU=TEST,DC=test,DC=local";
   
       DirectoryEntry objRootDSE = new DirectoryEntry("LDAP://" + objectDn);
       List<string> attributes = new List<string>();
   
       foreach (string attribute in objRootDSE.Properties.PropertyNames)
       {
           attributes.Add(attribute);
       }
   
       return attributes;
   }
   

What should I do to not filter out any attributes of the user object I am trying to retrieve from?

I am aware that Active Directory by default will only shows attributes that are default or have a value in them, I am trying to overcome this limitation.

EDIT 1:

I have temporarily postponed the specific question. I have been trying to benchmark which of these methods are the fastest at retrieving (READ Operation) the SAM account name of 10.000 individual AD users called for example "testuser", the methods I benchmark are the following:

1. Time to complete: about 500 msec : ADSI - system.directoryservices
2. Time to complete: about 2700 msec: Principal - searcher system.directoryservices.accountmanagement
3. Time to complete: about NOT WORKING :LDAP - System.DirectoryServices.Protocols
4. Time to complete: about 60 msec : SQL - System.Data.SqlClient

I am querying for the user information from a workstation - Windows 10 machine in the domain I am querying. the workstation (4 vcpu), DC (2vpu) and DB (2vcpu) server is run as Hyper V vm's.

Answer 1

All attributes that any class can have are defined in Active Directory Schema

Use this to query for the user class. Then just call GetAllProperties method

var context = new DirectoryContext(DirectoryContextType.Forest, "amber.local");

using (var schema = System.DirectoryServices.ActiveDirectory.ActiveDirectorySchema.GetSchema(context))
{
    var userClass = schema.FindClass("user");

    foreach (ActiveDirectorySchemaProperty property in userClass.GetAllProperties())
    {
        // property.Name is what you're looking for
    }
}

However AD schema may vary from one AD environment to another. For example, third party programs or Exchange Server may extend schema with custom attributes. It means that the solution with pre-defined columns will work only for a specific environment.