Active Directory and Network ID

Question

I know that I can get the fully qualified domain name by using the windows NT network domain. I'd like to do the reverse: Ex: User.Identity.Name = "slaterock\fflintstone"; Active Directory returns fully qualified domain name of slaterock.bedrock.us.com. I would like to be able to get the domain portion of User.Identity.Name by querying Active Directory (LDAP) by that user. I would be using the user's email address: (&(objectClass=user)(objectCategory=Person)([email protected]))

I have no trouble returning the AD attributes, but I cannot figure out an absolute link between the attributes I have and the domain name returned in User.Identity.Name. I see parts of it in the domain components (DC=slaterock,DC=bedrock,DC=US,DC=blah,blah) but I need the direct link.

Thanks

Answer 1

First, a bit of terminology to be clear (and to help any searches you do):

• the 'slaterock' in 'slaterock\fflintstone' is the NetBIOS Domain Name for the domain.
• 'DC=slaterock,DC=bedrock,DC=US,DC=blah,blah' is the defaultNamingContext for the domain.
• CN=fred flinstone,OU=Quarry1,DC=slaterock,DC=bedrock,... is the user account's distinguishedName.

To translate from the user's distinguishedName to the NetBIOS Domain Name of their domain:

• get the user account's distinguishedName and chop it up to get the defaultNamingContext.
• Then do a search against the container: "CN=Partitions,CN=Configuration,DC=JohnLewis,DC=co,DC=uk" for an object with an nCName value that matches the defaultNamingContext from above.
• Get the nETBIOSName attribute of that object and you've got what you're after.