5

I am trying to set the attribute Manager on an object of type UserPrincipal documented here:

http://msdn.microsoft.com/en-us/library/windows/desktop/ms680857(v=vs.85).aspx

but cannot simply say 

UserPrincipal.Manager = "some value"

Can someone please explain to me how this works? Thanks!

marc_s
  • 732,580
  • 175
  • 1,330
  • 1,459
RatBoyStl
  • 71
  • 1
  • 7

2 Answers2

12

The basic UserPrincipal in the S.DS.AM namespace does not feature that attribute - but you can extend the user principal class and add additional attributes that you need.

Read more about it here:

Managing Directory Security Principals in the .NET Framework 3.5
(there's a section on extensibility towards the end of the article)

Here's the code:

[DirectoryRdnPrefix("CN")]
[DirectoryObjectClass("Person")]
public class UserPrincipalEx : UserPrincipal
{
    // Inplement the constructor using the base class constructor. 
    public UserPrincipalEx(PrincipalContext context) : base(context)
    { }

    // Implement the constructor with initialization parameters.    
    public UserPrincipalEx(PrincipalContext context,
                         string samAccountName,
                         string password,
                         bool enabled) : base(context, samAccountName, password, enabled)
    {} 

    // Create the "Manager" property.    
    [DirectoryProperty("manager")]
    public string Manager
    {
        get
        {
            if (ExtensionGet("manager").Length != 1)
                return string.Empty;

            return (string)ExtensionGet("manager")[0];
        }
        set { ExtensionSet("manager", value); }
    }

    // Implement the overloaded search method FindByIdentity.
    public static new UserPrincipalEx FindByIdentity(PrincipalContext context, string identityValue)
    {
        return (UserPrincipalEx)FindByIdentityWithType(context, typeof(UserPrincipalEx), identityValue);
    }

    // Implement the overloaded search method FindByIdentity. 
    public static new UserPrincipalEx FindByIdentity(PrincipalContext context, IdentityType identityType, string identityValue)
    {
        return (UserPrincipalEx)FindByIdentityWithType(context, typeof(UserPrincipalEx), identityType, identityValue);
    }
}

Now you can find and work with a UserPrincipalEx class which has the .Manager property for you to use:

UserPrincipalEx userEx = UserPrincipalEx.FindByIdentity(ctx, "YourUserName");

// the .Manager property contains the DN (distinguished name) for the manager of this user
var yourManager = userEx.Manager;
marc_s
  • 732,580
  • 175
  • 1,330
  • 1,459
  • I assume I have to do this for every Attribute that is not a "standard" part of the UserPrincipal class such as Email address or custom attributes like WorkCellPhone? – RatBoyStl Jul 02 '12 at 18:19
  • @user574376: yes - but of course, you can have one class `UserPrincipalEx` that contains all those attributes - that's what I have, the code above is just a small section from my real class. – marc_s Jul 02 '12 at 18:40
  • There isn't an easier way of doing this? Like by calling PropertiesToLoad when I search for the initial UserPrincipal object? This seems like a lot of work to go through. – RatBoyStl Jul 02 '12 at 18:47
  • If you don't want to subclass `UserPrincipal`, then you need to look into using `DirectorySearcher` and `DirectoryEntry`. – Brian Cauthon Jul 02 '12 at 19:15
  • @user574376: no - deriving from `UserPrincipal` is the defined extensibility mechanism - and it's really not that hard! Just try it! – marc_s Jul 02 '12 at 19:17
  • +1 But what about directReports? I am trying to get this to work for the directReports attribute but the call is failing with "constraint violation exception!" http://stackoverflow.com/questions/29882196/assigning-multiple-value-property-directreports-using-system-directoryservices – Lzh Apr 26 '15 at 19:27
  • That's what I was looking for, thanks! – Attila Mar 04 '22 at 11:50
4

I love the example but totally get where the RatBoyStl is coming from. Sometimes you just want a value and not a new class.

If you have a UserPrinciple object for a given user then you can easily retrieve the manager property with this code. I took it a step futher and used the manager value to find their UserPrinciple and display the email address.

            //set the principal context to the users domain
        PrincipalContext pc = new PrincipalContext(ContextType.Domain, userDomain);

        //lookup the user id on the domain
        UserPrincipal up = UserPrincipal.FindByIdentity(pc, userId);
        if (up == null)
        {
            Console.WriteLine(string.Format("AD USER NOT FOUND {0}", userGc));
            return;

        }

        //grab the info we need from the domain
        Console.WriteLine(up.ToString());

        DirectoryEntry d = up.GetUnderlyingObject() as DirectoryEntry;
        string managerCN = d.Properties["manager"].Value.ToString(); 
        Console.WriteLine(managerCN);

        UserPrincipal manager = UserPrincipal.FindByIdentity(pc, managerCN);
        Console.WriteLine(manager.EmailAddress);
Cezar
  • 55,636
  • 19
  • 86
  • 87
John C. Lieurance
  • 89
  • 3
  • I've had terrible luck getting the PrincipalEx Save to actually save in Active Directory, but the GetUnderlyingObject() method simplifies using the old way of setting Properties[X]... Thank you. – Dscoduc May 10 '17 at 23:45