I'm trying to search using the System.DirectoryServices.AccountManagement library in c#. The goal is to find an AD user with the pager field containing a string.
For example, if I have .pager = "F1234b!@" I need to find a user who's pager field contains "1234".
I can't figure out how to search the contents of the pager field in s.ds.am to contain a string.
If you want to experiment with S.DS.AM, try using this method. Put a breakpoint at the return listPrincipal line and inspect each of the principal variables for what they contain.
private static List<Principal> GetPrincipalList (string strPropertyValue, string strDomainController)
{
List<Principal> listPrincipal = null;
Principal principal = null;
GroupPrincipal groupPrincipal = null;
UserPrincipal userPrincipal = null;
ComputerPrincipal computerPrincipal = null;
PrincipalSearchResult<Principal> listPrincipalSearchResult = null; // Groups
PrincipalContext principalContext = null;
ContextType contextType;
IdentityType identityType;
try
{
// Setup a UserPrincipal list.
listPrincipal = new List<Principal>();
// Set the contextType to Domain because we are going through the AD directory store.
contextType = ContextType.Domain;
// Setup a domain context.
principalContext = new PrincipalContext(contextType, strDomainController);
// Setup the IdentityType. This is required, otherwise you will get a MultipleMatchesException error that says "Multiple principals contain a matching Identity."
// This happens when you have two objects that AD thinks match whatever you're passing to UserPrincipal.FindByIdentity(principalContextDomain, strPropertyValue)
// Use IdentityType.Guid because GUID is unique and never changes for a given object.
identityType = IdentityType.Guid;
// Find user.
principal = Principal.FindByIdentity(principalContext, identityType, strPropertyValue);
groupPrincipal = GroupPrincipal.FindByIdentity(principalContext, identityType, strPropertyValue);
userPrincipal = UserPrincipal.FindByIdentity(principalContext, identityType, strPropertyValue);
computerPrincipal = ComputerPrincipal.FindByIdentity(principalContext, identityType, strPropertyValue);
// Return the listPrincipal list.
return listPrincipal;
}
finally
{
// Cleanup objects.
listPrincipal = null;
listPrincipalSearchResult = null;
principalContext = null;
groupPrincipal = null;
userPrincipal = null;
computerPrincipal = null;
}
}
Use the * character as a wildcard. For example, in the filter criteria for DirectoryEntry, you can use the following:
(&(objectCategory=person)(objectClass=user)(pager=*1234*))
https://msdn.microsoft.com/en-us/library/ms679102(v=vs.85).aspx
Also, be careful using S.DS.AM. I know it provides a lot of useful functionality, but it is much slower than S.DS.AD.
Active Directory: The Principal Class - S.DS.AM vs S.DS.AD
Update: Keep in mind that Microsoft introduced the following classes in the S.DS.AM namespace wrapper:
https://msdn.microsoft.com/en-us/library/system.directoryservices.accountmanagement.principal.aspx
Study the inheritance hierarchy and inspect the properties/attributes that are available - WYSWIG. If the attribute that you want to search for is not included then you will not be able to use S.DS.AM - you will need to use S.DS.AD.
The * wildcard still stands when searching for properties that are available within the Principal class that contain specific character strings.
A useful post when searching on available properties in S.DS.AM: search by samaccountname with wildcards
Update 2:
I ran across the following post on SO that might be useful for what you are trying to do: How to get Active Directory Attributes not represented by the UserPrincipal class