ansaurus

Question

How can I get DOMAIN\USER from an AD DirectoryEntry?

Answer 1

A:

edit whoops, you haven't got .NET tagged...

Eehm? Or am i being to easy..?

User.Identity.Name()  'Gives DOMAIN\myuser

Ropstah 2009-06-02 18:17:20

Thanks but I'm looking to get DOMAIN\USER from the AD object, not from the current user.

chris 2009-06-02 18:23:06

Answer 2

+2 A:

If you are using the System.DirectoryServices libraries, you should have a SearchResultsCollection from a DirectorySearcher.

Within each SearchResult's Properties collection, there is a "distinguishedname" property. That will contain all the DC parts that make up the domain your directory entry belongs to.

joshua.ewer 2009-06-02 20:08:07

+1: I've done this to get all kinds of information like who they are employed by as well as a listing of all of their security groups.

RSolberg 2009-06-02 20:29:54

Yes but how does that help me? How do I get the domain name "company-central" from DC=Company,DC=com?

chris 2009-06-03 09:59:23

This is the right way to go...but remember a domain can often be an alias for the correct path in AD...e.g. in our organisation, the domain SOUTH_AMERICA is actually soa.company.com, EUROPE is eur.company.com which is represented by dc=eur,dc=company,dc=com etc so you might need a look up table and do a search in the distinguishedName string

davidsleeps 2009-07-01 05:11:35

Answer 3

+1 A:

You won't find what you're looking for in the DirectoryEntry, unfortunately.

You have the sAMAccountName which typically is something like myuser (without the domain). You have the distinguishedName which is something like LDAP://cn=joe myuser,cn=Users,dc=yourCompany,dc=com. You also have a userPrincipalName but that's usually a name in the format of [email protected].

But you won't find any attribute that has the domain\MyUser in it, unfortunately. You'll have to put that together from your information about the domain name, and the sAMAccountName of the DirectoryEntry.

For more information and some excellent Excel sheets on all the LDAP and WinNT properties in System.DirectoryServices, check out the Hilltop Lab website by ADSI MVP Richard Mueller.

Marc

marc_s 2009-06-02 20:27:34

Answer 4

A:

I found a partitions container in CN=Partitions,CN=Configuration that contains all domains.

When you match the user to the partion you can read the real domain name from the nETBIOSName+"\"+sAMAccountName property.

chris 2009-06-03 12:19:32

Answer 5

+1 A:

This assumes that results is a SearchResultCollection obtained from a DirectorySearcher, but you should be able to get the objectsid from a DirectoryEntry directly.

SearchResult result = results[0];
ResultPropertyValueCollection propertyValues = result.Properties["objectsid"];
byte[] objectsid = (byte[])propertyValues[0];

SecurityIdentifier sid = new SecurityIdentifier(sid, 0)

NTAccount account = (NTAccount) sid.Translate(typeof (NTAccount));
account.ToString(); // This give the DOMAIN\User format for the account

lintmachine 2009-06-04 20:06:02

Unfortunately this doesn't work for me - I have the objectsid but I get a IdentityNotMappedException on the Translate() call. This may be because the machine that runs the code is not part of the domain, I'm just querying AD.

chris 2009-06-05 06:53:15

Answer 6

A:

To get the DirectoryEntry domain name you can use recursion on directoryEntry.Parent. And then if directoryEntry.SchemaClassName == "domainDNS" you can get the domain name like this:

directoryEntry.Properties["Name"].Value

tchimev 2010-02-23 14:36:21

Answer 7

A:

directoryEntry.Parent worked perfectly for me :)

VorteX 2010-06-04 11:14:24

ansaurus

tags:

views:

answers:

How can I get DOMAIN\USER from an AD DirectoryEntry?

related questions