ansaurus

Question

Answer 1

+1 A:

What version of the .NET framework can you use? Searching and looking up stuff in AD has become extremely easy in .NET 3.5 - see this great MSDN article by Ethan Wilanski and Joe Kaplan on using the security principals API for that.

If you're not on .NET 3.5 yet, you'll have to use the DirectorySearcher class and set up the search filters as you need. Getting the LDAP filter right is probably the biggest obstacle.

Robbie Allen also has two great intro article on System.DirectoryServices programming: - Part 1 - Part 2

There are some really good resources at http://www.directoryprogramming.net (Joe Kaplan's site - he's a Microsoft Active Directory MVP), and Richard Mueller has some great reference excel sheets on what properties are available for each of the ADSI providers, and what they mean, and how their LDAP name is - see http://www.rlmueller.net.

Marc

EDIT: Ok- here's the .NET 2.0 / 3.0 approach:

// set the search root - the AD container to search from
DirectoryEntry searchRoot = new DirectoryEntry("LDAP://dc=yourdomain,dc=com");

// create directory searcher
DirectorySearcher ds = new DirectorySearcher(searchRoot);

ds.SearchScope = SearchScope.Subtree;

// set the properties to load in the search results
// the fewer you load, the better your performance    
ds.PropertiesToLoad.Add("cn");
ds.PropertiesToLoad.Add("sn");
ds.PropertiesToLoad.Add("givenName");
ds.PropertiesToLoad.Add("mail");

// set the filter - here I'm using objectCategory since this attribute is
// single-valued and indexed --> much better than objectClass in performance
// the "anr" is the "ambiguous name resolution" property which basically
// searches for all normally interesting name properties
ds.Filter = "(&(objectCategory=person)(anr=user-name-here))";

// get the result collection
SearchResultCollection src = ds.FindAll();

// iterate over the results
foreach (SearchResult sr in src)
{
    // do whatever you need to do with the search result
    // I'm extracting the properties I specified in the PropertiesToLoad
    // mind you - a property might not be set in AD and thus would
    // be NULL here (e.g. not included in the Properties collection)
    // also, all result properties are really multi-valued, so you need
    // to do this trickery to get the first of the values returned
    string surname = string.Empty;
    if (sr.Properties.Contains("sn"))
    {
        surname = sr.Properties["sn"][0].ToString();
    }

    string givenName = string.Empty;
    if (sr.Properties.Contains("givenName"))
    {
        givenName = sr.Properties["givenName"][0].ToString();
    }

    string email = string.Empty;
    if (sr.Properties.Contains("mail"))
    {
        email = sr.Properties["mail"][0].ToString();
    }

    Console.WriteLine("Name: {0} {1} / Mail: {2}", givenName, surname, email);
 }

Hope this helps!

Marc

marc_s 2009-05-23 16:57:29

using .net 3.0I anticipated that i would be using the searcher class.I've never played with AD before. What do i do?

2009-05-23 17:01:15

thank you marc!

2009-05-23 17:49:01

do i have to import anything to use directory entry???

2009-05-23 17:54:28

Ah, yes - you have to add a .NET assembly reference to "System.DirectoryServices" and add a "using System.DirectoryServices" (or whatever it is in VB.NET) to your code.

marc_s 2009-05-23 20:36:01

ansaurus

tags:

views:

answers:

programming the active directory

related questions