Given a GUID representing a user in Active Directory, how would I use this to determine the distinguished name?

Question

Given a GUID representing a user in Active Directory, how would I use this to determine the user's "distinguished name" using C#?

The GUID is retrieved earlier in our application using directoryEntry.Guid; MSDN Link

Answer 1

You do not. The GUID is not a conversion to start with, it is totally random unique.

Basically, you have to have your SID, then CALL into active diretory and get the User object that has the same sid, then read out the distinguished name from that. Note that this is not a CONVERSION, o that is why the answer is no.

if a conversion back would be possible, the SID would be useless for conversion purposes, as I could always generate a SID from your distinguished name, which is - within the domain - public.

Answer 2

As you've made it clear a GUID is what you're searching on, try this:

using System;
using System.DirectoryServices.AccountManagement;

public static class DomainHelpers
{    
    public string GetDistinguishedName(string domain, string guid)
    {
        var context = new PrincipalContext(ContextType.Domain, domain); 
        var userPrincipal  = UserPrincipal.FindByIdentity(context, IdentityType.Guid, guid);

        return userPrincipal.DistinguishedName;
    }
}

I've used this with IdentityType.Name so can't be sure it'll work for IdentityType.Guid, but it's worth a try.