Reputation: 2184
Query Active Directory using DistinguishedName
I have an application that uses Windows authentication and I am trying to get logged in users info using their domain IDs.
Part of the data returned is the user's manager's DN (in manager property). I need to query AD again to get manager's info (domain id, email, name, etc.).
I searched and can't find any hint of what I have to use in my filter.
This is what I am using and I always get null returned:
private static DirectoryEntry GetUserDEByDN(string sDN)
{
using (HostingEnvironment.Impersonate())
{
PrincipalContext pc = new PrincipalContext(ContextType.Domain, adUSADomain, adUSAContainer);
//UserPrincipal up = UserPrincipal.FindByIdentity(pc, IdentityType.SamAccountName, UserID);
UserPrincipal qbeUser = new UserPrincipal(pc);
//qbeUser.SamAccountName = UserID.Trim().ToUpper();
PrincipalSearcher srch = new PrincipalSearcher(qbeUser);
PrincipalSearchResult<Principal> psr = srch.FindAll();
string sDomain = ConfigurationManager.AppSettings["Domain"].ToString();
string adPath = ConfigurationManager.AppSettings["ADPath"].ToString();
DirectoryEntry de = new DirectoryEntry(adPath);
DirectorySearcher deSearch = new DirectorySearcher();
deSearch.SearchRoot = de;
deSearch.Filter = "(&(objectClass=user)(| (cn = " + sDN + ")(dn = " + sDN + ")))";
//deSearch.Filter = "(&(objectClass=user)(SAMAccountName=" + UserID + "))";
deSearch.SearchScope = SearchScope.Subtree;
SearchResult results = deSearch.FindOne();
if (null != results)
{
de = new DirectoryEntry(results.Path);
return de;
}
else
{
return null;
}
}
}
Is it possible to search Active Directory by DN? If so, what I am doing wrong?
Upvotes: 4
Views: 8350
Answers (2)
Reputation: 12407
You can directly resolve a full distinguishedName using the DirectoryEntry class, but you have to modify the DN string first.
When I used DirectorySearcher as you had to find users, then I'd get back manager strings that looked like this:
string mgr = "CN=antiduh,OU=Users,DC=domain,DC=antiduh,DC=com";
If I fed that string as is to new DirectoryEntry(mgr), it wouldn't work - lots of COMException.
However, I found that if you prepend the string with "LDAP://" first, then it works like a charm.
string mgrDN = (string)employee.Properties["manager"].Value;
DirectoryEntry manager = new DirectoryEntry( "LDAP://" + mgrDN );
Upvotes: 0
Reputation: 2184
This is what worked for me. However, I believe it is supposed to work with objectClass=user but I kept getting null returned. When I changed to distinguishedName = sDN, it worked.
The whole point of this code
DirectoryEntry de = new DirectoryEntry(adPath + "/" + sDN);
is to start the directory search at the user object; there shouldn’t be the need for the additional search of saying which distinguishedName.
private static DirectoryEntry GetUserDEByDN(string sDN)
{
string adPath = ConfigurationManager.AppSettings["ADPath"].ToString();
DirectoryEntry de = new DirectoryEntry(adPath + "/" + sDN);
DirectoryEntry deManager = null;
using (DirectorySearcher Search = new DirectorySearcher())
{
Search.SearchRoot = de;
Search.Filter = "(&(distinguishedName=" + sDN + "))";
//Search.Filter = "(objectClass = user)";
Search.SearchScope = SearchScope.Base;
SearchResult Result = Search.FindOne();
if (null != Result)
deManager = Result.GetDirectoryEntry();
}
return deManager;
}
Upvotes: 4
Related Questions
- How can I search Active Directory by username using C#?
- C# Active Directory DirSync. Is it possible to get distinguished name attribute?
- Get distinguished name from Active Directory of currently logged in user
- Get fullname from Active Directory on C#
- How to get a username in Active Directory from a display name in C#?
- Convert Distinguished Name to Canonical Name
- Query Active Directory in C#
- How to query Active Directory given multiple user names?
- Retrieve name of user from Active Directory
- Query Active directory to get the email property of a distinguished name directly?