Looking for help querying active directory
-
Hello, I was reading through the active directory tutorial "almost everything in active directory" but I'm not able to figure out (from it) how to query active directory for values. I'd like to query all domains based on certain attributes, log in name, last name and email address. From that key value, I'd then like to return an array of all AD objects associated to that account. Can anyone help me with this? I can post my code, but it doesn't work at all so it probably wouldn't be of much help. Thanks for reading.
-
Hello, I was reading through the active directory tutorial "almost everything in active directory" but I'm not able to figure out (from it) how to query active directory for values. I'd like to query all domains based on certain attributes, log in name, last name and email address. From that key value, I'd then like to return an array of all AD objects associated to that account. Can anyone help me with this? I can post my code, but it doesn't work at all so it probably wouldn't be of much help. Thanks for reading.
What do you mean by "all AD objects associated to that account"?
A guide to posting questions on CodeProject[^]
Dave Kreskowiak -
What do you mean by "all AD objects associated to that account"?
A guide to posting questions on CodeProject[^]
Dave KreskowiakHi Dave, I'd like to enter a unique identifier and get all of the account related objects for that account. After I receive all, I can then parse through and display the ones I want in my gui. An example would be first name, last name, phone, email, any status codes/custom attributes, etc.
-
Hi Dave, I'd like to enter a unique identifier and get all of the account related objects for that account. After I receive all, I can then parse through and display the ones I want in my gui. An example would be first name, last name, phone, email, any status codes/custom attributes, etc.
There's a problem with what you want to do.
turbosupramk3 wrote:
a unique identifier
Such as??? Are you looking for everything about a User object, or are you looking for everything related to ANY kind of object in AD??
turbosupramk3 wrote:
get all of the account related objects for that account.
Such as what "related objects"?? What kind of objects are you talking about?? Give an example.
turbosupramk3 wrote:
An example would be first name, last name, phone, email, any status codes/custom attributes, etc.
Those are not objects, they are Properties of a User object. Maybe you're confusing terms here?
A guide to posting questions on CodeProject[^]
Dave Kreskowiak -
There's a problem with what you want to do.
turbosupramk3 wrote:
a unique identifier
Such as??? Are you looking for everything about a User object, or are you looking for everything related to ANY kind of object in AD??
turbosupramk3 wrote:
get all of the account related objects for that account.
Such as what "related objects"?? What kind of objects are you talking about?? Give an example.
turbosupramk3 wrote:
An example would be first name, last name, phone, email, any status codes/custom attributes, etc.
Those are not objects, they are Properties of a User object. Maybe you're confusing terms here?
A guide to posting questions on CodeProject[^]
Dave KreskowiakI may be using the wrong terminology, if so I am sorry. I've always called them object attributes, but I noticed in my googling that .net calls them properties which is inline with what you have said. I would like to return all properties associated with a user object. I'll provide the GUI with a user id, last name or email, which I believe are properties named "samaccountname", "sn" and "mail", and with any of those being the unique identifier, query AD and return all other properties associated to that account into a parsable format.
-
Hello, I was reading through the active directory tutorial "almost everything in active directory" but I'm not able to figure out (from it) how to query active directory for values. I'd like to query all domains based on certain attributes, log in name, last name and email address. From that key value, I'd then like to return an array of all AD objects associated to that account. Can anyone help me with this? I can post my code, but it doesn't work at all so it probably wouldn't be of much help. Thanks for reading.
using (var rootDirectory = new DirectoryEntry("LDAP://[Server IP or Host name]", "[user name in the directory]", "[User Password]")) {
using (var directorySearch = new DirectorySearcher(rootDirectory)) {
// your filter should be an LDAP Query, the one i put in the sample look a matching name or sAMAccountName
directorySearch.Filter = string.Format("(|(sAMAccountName={0})(name={0}))", "[User Name you want or account you want]");
// you can add non standard properties to your query:
// some samples are "memberOf" for getting all groups the entry you want are related to (1 level up only)
// or "member" for all members of a group (1 level down only
directorySearch.PropertiesToLoad.Add("[Name of the property you want, exactly as it appears in the AD]");// return an entry if there's a match var result = directorySearch.FindOne(); if (result != null) { // by the search result, get the associated directory entry, as the result object can be complex to work with. var directoryEntry = result.GetDirectoryEntry(); // Note that entries contain between 40-60 properties by default, plus whatever properties you asked to load // in the directory search, as long as your domain admin did not restrict access to them // (in which case the root user you used to start this chain need to have permissions to read those properties) var propertyIwant = directoryEntry.Properties\["Name of the property you want"\]; } } }this should get you started, if you want more then the first item associated with your query, use "FindAll" and then iterate on the results Edit: totally forgot, remember you need to reference System.DirectoryServices to use this code.
-
using (var rootDirectory = new DirectoryEntry("LDAP://[Server IP or Host name]", "[user name in the directory]", "[User Password]")) {
using (var directorySearch = new DirectorySearcher(rootDirectory)) {
// your filter should be an LDAP Query, the one i put in the sample look a matching name or sAMAccountName
directorySearch.Filter = string.Format("(|(sAMAccountName={0})(name={0}))", "[User Name you want or account you want]");
// you can add non standard properties to your query:
// some samples are "memberOf" for getting all groups the entry you want are related to (1 level up only)
// or "member" for all members of a group (1 level down only
directorySearch.PropertiesToLoad.Add("[Name of the property you want, exactly as it appears in the AD]");// return an entry if there's a match var result = directorySearch.FindOne(); if (result != null) { // by the search result, get the associated directory entry, as the result object can be complex to work with. var directoryEntry = result.GetDirectoryEntry(); // Note that entries contain between 40-60 properties by default, plus whatever properties you asked to load // in the directory search, as long as your domain admin did not restrict access to them // (in which case the root user you used to start this chain need to have permissions to read those properties) var propertyIwant = directoryEntry.Properties\["Name of the property you want"\]; } } }this should get you started, if you want more then the first item associated with your query, use "FindAll" and then iterate on the results Edit: totally forgot, remember you need to reference System.DirectoryServices to use this code.
Thank you randprin. I'm trying to do directorySearch.FindAll(); and I can't seem to get results? I thought I'd be able to get a count and use a for statement, but when I'm debugging I cannot seem to display any values while paused over directorySearch.FindAll() and hovering over it with the mouse? Do you have any ideas? Under FindOne(), I'll see 77 properties, but I'm coming up empty with the FindAll() .
-
Thank you randprin. I'm trying to do directorySearch.FindAll(); and I can't seem to get results? I thought I'd be able to get a count and use a for statement, but when I'm debugging I cannot seem to display any values while paused over directorySearch.FindAll() and hovering over it with the mouse? Do you have any ideas? Under FindOne(), I'll see 77 properties, but I'm coming up empty with the FindAll() .
Here is what I ended up using in case this comes up in a search (you'll have to change the txtbox stuff to fit your gui or console app
using (var rootDirectory = new DirectoryEntry("LDAP://" + domain))//, "[user name in the directory]", "[User Password]"))
{
using (var directorySearch = new DirectorySearcher(rootDirectory))
{
if (tBoxPin.Text != "")
{
directorySearch.Filter = string.Format("(|(sAMAccountName={0}))", tBoxPin.Text);
}
if (tBoxLastName.Text != "")
{
directorySearch.Filter = string.Format("((sn={0}))", tBoxLastName.Text);} if (tBoxEmail.Text != "") { directorySearch.Filter = string.Format("((mail={0}))", tBoxEmail.Text); } var result = directorySearch.FindOne(); if (tBoxLastName.Text != "") { SearchResultCollection searchResults = directorySearch.FindAll(); foreach (SearchResult searchResult in searchResults) { foreach (string propertyKey in searchResult.Properties.PropertyNames) { ResultPropertyValueCollection valueCollection = searchResult.Properties\[propertyKey\]; ResultPropertyValueCollection accountCollection = searchResult.Properties\["userprincipalname"\]; foreach (Object propertyValue in valueCollection) { if (propertyKey == "name") { lastNames.Add(propertyValue.ToString()); if (tBoxLastName.Text != "") { tBoxDomains.Text += (propertyValue.ToString()) + " - "; foreach (Object account in accou