How do you transform a upn name to a login name?

Question

How do you transform a upn name like "[email protected]" to the corresponding NT account name, which is frequently "EXAMPLE\user"? In the domains I'm familiar with, I can take the first part after the '@' sign, but I'm concerned that this is not guaranteed to be correct. Do I have to run an ldap query? Would it be a property on the user's DirectoryEntry if I did?

I'm trying to do this in C#, but I'd welcome any pointers or corrections to my terminology.

Thanks

Answer 1

You can use the NameTranslateClass of the ActiveDs library which is present in windows.

Look at: http://www.rlmueller.net/NameTranslateFAQ.htm

It is written for VBScript but you can easily transfer it via interop to c#.

See MSDN: http://msdn.microsoft.com/en-us/library/aa706046%28VS.85%29.aspx

Answer 2

I ended up using p-invoke to call DsCrackNames, rather than using the COM interface Mischa suggested (which I understand is a wrapper around the same function).