Can not retrieve Active Directory user in C#

Question

I built a test Active Directory server in Window 2008 and I also run the DNS server on it. On my client machine which runs the C# application, I can authenticate the user against the Active directory server using the function below:

public static UserPrincipal GetUserPrincipal(string usrName,string pswd,string domainName)
{
   UserPrincipal usr;
   PrincipalContext ad;

   // Enter Active Directory settings
   ad = new PrincipalContext(ContextType.Domain, domainName,usrName,pswd);

   //search user
   usr = new UserPrincipal(ad);
   usr.SamAccountName = usrName;

   PrincipalSearcher search = new PrincipalSearcher(usr);
   usr = (UserPrincipal)search.FindOne();
   search.Dispose();
   return usr;
}

In a separate logic I tried to retrieve a user back from the server using a user name. I used the functions below:

public static DirectoryEntry CreateDirectoryEntry()
{
   // create AD connection
   DirectoryEntry de = new DirectoryEntry("LDAP://CN=Users,DC=rootforest,DC=com","LDAP","password");
   de.AuthenticationType = AuthenticationTypes.Secure;
   return de;
}

public static ResultPropertyCollection GetUserProperty(string domainName, string usrName)
{
    DirectoryEntry de = CreateDirectoryEntry();
    DirectorySearcher deSearch = new DirectorySearcher();
    deSearch.SearchRoot = de;
    deSearch.Filter = "(SamAccountName=" + usrName + ")";
    SearchResult results = deSearch.FindOne();

    return null;
}

However, I got no response back from the LDAP server at all, not even an exception. Am I missing certain settings on LDAP server, any of you able to see a flaw in my code (pls don't mind the hard code values, I was testing with this code).

As part of my troubleshooting, I confirmed that I can ping to the rootforest.com from the client machine. I confirmed the user with property samaccountname "LDAP" exists. My path seems to be right because when I go onto the LDAP server and type :

dsquery user -name LDAP*      

I got the following:

CN=LDAP L. LDAP,CN=Users,DC=rootforest,DC=com

Any help would be greatly appreciated, I've spent most of my day troubleshooting and researching this little bugger and I think it could be something small which I overlooked.

Answer 1

I think your code have a few problems:

1. Why do you return null in your GetUserProperty() function? You should return results instead.
2. The attribute you are using in your search filter is misspelled. Use sSAMAccountName instead. Furthermore extend your query to search only for user accounts. Here is an example: (&(objectCategory=person)(objectClass=user)(sAMAccountName=usrName))
3. You could also use the UserPrincipal class to search for an identity in Active Directory. The UserPrincipal class provides a static method called FindByIdentity() to search for a user identity.

Hope, this helps.

Answer 2

I don't understand why you're using the new PrincipalContext / UserPrincipal stuff in your first example, but fall back to the hard to use DirectoryEntry stuff in your second example.... doesn't really make sense... also: your second function GetUserProperty seems to return null always - typo or not??

Since you're on already using the System.DirectoryServices.AccountManagement (S.DS.AM) namespace - use it for your second task, too! Read all about it here:

• Managing Directory Security Principals in the .NET Framework 3.5
• MSDN docs on System.DirectoryServices.AccountManagement

Basically, you can define a domain context and easily find users and/or groups in AD:

public static ????? GetUserProperty(string domainName, string usrName)
{
   // set up domain context
   PrincipalContext ctx = new PrincipalContext(ContextType.Domain);

   // find a user
   UserPrincipal user = UserPrincipal.FindByIdentity(ctx, usrName);

   if(user != null)
   {
      // return what you need to return from your user principal here
   }
   else
   {
       return null;
   }
}

The new S.DS.AM makes it really easy to play around with users and groups in AD: