Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Querying Active Directory in C#

  • 30-05-2013 11:34am
    #1
    Registered Users, Registered Users 2 Posts: 4,114 ✭✭✭


    I have a piece of code that I am using to retrieve a first name from Active Directory based on a logon id (called a COMITID) that is also in Active Directory.
    I am using a filter

    The code is as follows
    [LIST=1]
    [*]WindowsIdentity currentIdentity = WindowsIdentity.GetCurrent();
    [*]            //code above gets the Windows logon ID of the current user
    [*]            string _userID = System.Security.Principal.WindowsIdentity.GetCurrent().Name.Split('\\').Last();
    [*]            //all the code below is to strip out everything so I am left with just the domain (string domain)
    [*]            string s = currentIdentity.Name;
    [*]            int stop = s.IndexOf("\\");
    [*]            string domain = (stop > -1) ? s.Substring(0, stop) : string.Empty;
    
    [*]            //code below setting the DirectoryEntry and DirectorySearcher variables
    [*]            DirectoryEntry entry = new DirectoryEntry("LDAP://" + domain);
    [*]            DirectorySearcher dSearch = new DirectorySearcher(entry);
    [*]           
    [*]            //code below is the filter
    [*]            dSearch.Filter = "(&(objectClass=user))";
    
    [*]            //code below sets the properties I want to retrieve to the givenName (Fisrt name), sn (the surname) and samAccountName (the logon id)
    [*]            var propertiesToLoad = new[] 
    [*]            { 
    [*]            "givenName",
    [*]            "sn",
    [*]            "samAccountName>"
    [*]            };
    
    [*]            //adding the properties
    [*]            dSearch.PropertiesToLoad.AddRange(propertiesToLoad);
    
    [*]           //looping through Active Directory
    [*]            foreach (SearchResult searchEntry in dSearch.FindAll())
    [*]            {
    [*]                //getting the entry I want
    [*]                var userEntry = searchEntry.GetDirectoryEntry();
    [*]                //in reality "XBBLDZQ" will not be hardcoded in; this example is just for testing
    [*]                if (userEntry.Properties["samAccountName"].Value.ToString().Trim().Contains("XBBLDZQ"))
    
    [*]                {
    [*]                    //shows the first name in a messagebox
    [*]                    MessageBox.Show(userEntry.Properties["givenName"].Value.ToString());
    [*]                }
    [*]            }
    [/LIST]
    
    
    


    This does not give me back the first name (line 31). However when I change the filter (line 12) from what is there now:
    dSearch.Filter = "(&(objectClass=user))";
    
    to
    dSearch.Filter = "(&(objectClass=user)(samAccountName=XBBLDZQ))";
    
    then it works.
    This is obviously not the way I want it to work as I don't want to filter by a single COMITID (XBBLDZQ), I want to loop through them all and pick out the one with the COMITID I want (XBBLDZQ). This is what line 28 should do.
    This makes no sense to me as if I change line 12 in the way I described above, it is setting the filter to say "only give me the users with the COMITID XBBLDZQ". If I remove the filter it should give me all COMITID's (so line 31 should still execute).
    Am I right or maybe I don't understand the way filters work. If I remove the filter completely then it doesn't work either. The only way it works is if I add the COMITID as a filter.
    dSearch.Filter = "(&(objectClass=user)(samAccountName=XBBLDZQ))";
    

    But that kind of defeats the purpose of what I want to do in the first place.


Comments

  • Closed Accounts Posts: 8,015 ✭✭✭CreepingDeath


    The "&" in LDAP Queries is "AND" and it expects two arguments.
    You only provided one

    dSearch.Filter = "(&(objectClass=user))";

    If you just want to search for all users use

    "(objectClass=user)"


  • Closed Accounts Posts: 8,015 ✭✭✭CreepingDeath


    There's a handy utility I use in Java called JXplorer which is an open source LDAP Browser.

    Be careful with it in Active Directory and be careful not to drag and drop LDAP items to different branches by mistake in the UI.

    But it allows you to connect to an Active Directory server and perform LDAP queries.... test your queries before you code.


  • Registered Users, Registered Users 2 Posts: 4,114 ✭✭✭lukin


    The "&" in LDAP Queries is "AND" and it expects two arguments.
    You only provided one

    dSearch.Filter = "(&(objectClass=user))";

    If you just want to search for all users use

    "(objectClass=user)"

    No that didn't work (changed it to dSearch.Filter = "(objectClass=user)";)


Advertisement