How do I determine if "DirectoryEntry" found my user?

Question

I am using this simple method of finding a user in the current domain, that works for all users that 'exist' but I can't find any way to determine if the user does not exist.

string userLDAP = @"MYDOMAIN/username";
string path = "WinNT://" + userLDAP ;
DirectoryEntry root = new DirectoryEntry(path, null, null, AuthenticationTypes.Secure);

Other than letting an exception be thrown, how can I use a directory entry to determine if a user does not exist?

 if (root.Properties != null)
      if (root.Properties["objectSid"] != null)  //// EXCEPTION HERE
          if (root.Properties["objectSid"][0] != null)

Answer 1

Are you looking for a specific user, or all users?

I have an application that checks if a user is present by checking the account name - it uses SecurityIdentifier in the System.Security.Principal namespace to check if the Sid is valid.

public bool AccountExists(string name)
        {
            bool SidExists = false;
            try
            {
                NTAccount Acct = new NTAccount(name);
                SecurityIdentifier id = (SecurityIdentifier)Acct.Translate(typeof(SecurityIdentifier));
                SidExists = id.IsAccountSid();
            }
            catch (IdentityNotMappedException)
            {
                //Oh snap.
            }
            return SidExists;
        }

You can specify the Domain when creating your NTAccount object

NTAccount Acct = new NTAccount("SampleDomain", "SampleName");

EDIT

In reference to your comment, would this work for you? Didnt check it, might have to handle a possible null return before evaulating the IsAccountSid() method...

public SecurityIdentifier AccountSID(string myDomain, string myAcct)
{
   SecurityIdentifier id;

   try
   {
     NTAccount Acct = new NTAccount(myDomain, myAcct);
     id = (SecurityIdentifier)Acct.Translate(typeof(SecurityIdentifier));
   }
   catch (IdentityNotMappedException)
   {
     //Oh snap.
   }

   return id;
}

SecurityIdentifier AcctSID = AccountSID("ExampleDomain", "ExampleName");

if (AcctSID.IsAccountSid())
   //Do Something

Answer 2

The answer to this question on how to check if Windows user account name exists in domain may be helpful to you.

Answer 3

It's better to use DirectorySearcher for this purpose...

 string userName = "TargetUserName";

        using (DirectorySearcher searcher = new DirectorySearcher("GC://yourdomain.com"))
        {
            searcher.Filter = string.Format("(&(objectClass=user)(sAMAccountName={0}))", userName);

            using (SearchResultCollection results = searcher.FindAll())
            {
                Debug.WriteLine("Found User");

            }
        }

This sample will search and entire forest including child domains. If you want to target only a single domain use "LDAP://mydomain.com" instead of "GC://mydomain.com". You can also supply searcher.SearchRoot with a DirectoryEntry to use as the root of a search (i.e. a specific OU or domain).

Don't forget most of the AD stuff is IDisposable so dispose properly as shown above.