Active Directory - how to retrieve all schema entries for a user

Question

I am wanting to develop a staff directory application, listing all people in the organization, including name, email address, phone number, office location - all of that information. We currently have that in Active Directory, and I'm wanting to develop a simple .Net application to allow people to search and retrieve it. Getting the information appeared simple - there are many examples around using the DirectorySearcher class. I start with

    Dim objADAM As DirectoryEntry                   ' Binding object.
    Dim objGroupEntry As DirectoryEntry             ' Group Results.
    Dim objSearchADAM As DirectorySearcher          ' Search object.
    Dim objSearchResults As SearchResultCollection  ' Results collection.
    Dim strPath As String                           ' Binding path.

    objADAM = New DirectoryEntry(strPath)
    objADAM.RefreshCache()
    objSearchADAM = New DirectorySearcher(objADAM)
    objSearchADAM.Filter = "((&(objectClass=user)(objectCategory=person)))"
    objSearchADAM.SearchScope = SearchScope.Subtree
    objSearchResults = objSearchADAM.FindAll()

I then have a for each loop for each SearchResult Object in the objSearchResults set.

            If objSearchResults.Count <> 0 Then
            Dim objResult As SearchResult
            For Each objResult In objSearchResults
                objGroupEntry = objResult.GetDirectoryEntry

I also looked at all of the directory entry properties - the core properties are there, but if I use Active Directory Explorer to browser an actual user object, there are many more attributes listed. Is there some more complex structure to Active Directory that means I need to do more that just the simple FindAll method of a DirectorySearcher?

Thanks...

Answer 1

Are you guys running SQL Server?

This is much simpler if you are, you can then just add ADSI as a linked server and pull all relevant AD information.

Let me know

Answer 2

When you're using DirectorySearcher, you should specify which exactly properties you want to load (PropertiesToLoad). When i was manipulating big chunks of AD data it was more useful for me to make an instance of DirectoryEntry trought the ADPath. if you do this, you can enlist the properties for yourself.

also, it was pretty handy to use ADSI Edit tool (i think it's from Microsoft). it allows you to see all possible entries in AD node.

if you need more info, just give a more precise question, i will try my best to answer. spent some time investigating this topic :))

Answer 3

Go into management studio and click on the server objects folder. Then expand to linked servers and add a "New Linked Server". You will need to entire your information here such as the local server login to remote server login mappings. For instance, you can use a domain account here.

You will want to give your linked server a name such as ADSI or whatever you like. Once you establish this linked server you can write queries against this data including SELECT or INSERT queries to push this AD data to your own business objects / tables.

For instance here is a sample query to pull all AD users:

 SELECT 
       *
        FROM 
        OPENQUERY(ADSI, 
                          '<LDAP://YourDomainControllerGoesHere/DC=YourDomain,DC=YourDCGoesHere>;(&(objectCategory=Person)(objectClass=user)( !(userAccountControl:1.2.840.113556.1.4.803:=2)));name, sAMAccountName,userAccountControl,
                          telephoneNumber,mobile, facsimileTelephoneNumber, mail, employeeNumber, department, company, manager, title, versionNumber, adspath, displayname, sn, comment, givenName;subtree') 
        Rowset_1

You will want to work with your network admins if you do not know what goes after LDAP:// as well as your DC. Once you do this run the query and you will get the user names, emails, telephone numbers, etc directly from AD.

Answer 4

Just discovered the problem I thought that I was having - properties not being returned - wasn't correct. In the SearchResult collection, the only properties that are included in the list are those for which there is an actual value for that AD record.