7

I am trying to get the user information for a specific domain which will be the input of the program. On the basis of the domain name it should return the list of the users name/ or NT Id and SID of the user. I am new for the ldap programming can any one help me for get this list.

GEOCHET
  • 21,119
  • 15
  • 74
  • 98
Eshwer
  • 153
  • 1
  • 5
  • 15
  • 2
    When you say *LDAP*, do you mean *Active Directory* on Windows, or do you need a "generic" LDAP solution for all possible LDAP servers.... – marc_s Feb 28 '12 at 05:51

1 Answers1

20

If you're on .NET 3.5 and up and talking about Active Directory, then you should check out the System.DirectoryServices.AccountManagement (S.DS.AM) namespace. Read all about it here:

Basically, you can define a domain context and easily find users and/or groups in AD:

// set up domain context
PrincipalContext ctx = new PrincipalContext(ContextType.Domain);

// find a user
UserPrincipal user = UserPrincipal.FindByIdentity(ctx, "SomeUserName");

if(user != null)
{
   // do something here....     
   var usersSid = user.Sid;

   // not sure what you mean by "username" - the "DisplayName" ? The "SAMAccountName"??
   var username = user.DisplayName;
   var userSamAccountName = user.SamAccountName;
}

The new S.DS.AM makes it really easy to play around with users and groups in AD!

Update: if you need to loop through all the users of a domain - try this:

You can use a PrincipalSearcher and a "query-by-example" principal to do your searching:

// create your domain context
PrincipalContext ctx = new PrincipalContext(ContextType.Domain);

// define a "query-by-example" principal - here, we search for a UserPrincipal 
UserPrincipal qbeUser = new UserPrincipal(ctx);

// create your principal searcher passing in the QBE principal    
PrincipalSearcher srch = new PrincipalSearcher(qbeUser);

// find all matches
foreach(var found in srch.FindAll())
{
    UserPrincipal user = found as UserPrincipal;

    if(user != null)
    {
       // do whatever here 
       var usersSid = user.Sid;

       // not sure what you mean by "username" - the "DisplayName" ? 
       var username = user.DisplayName;
       var userSamAccountName = user.SamAccountName;
    }
}

Update #2: if you can't (or don't want to) use the S.DS.AM approach - which is the easiest, for Active Directory, by far - then you need to fall back to the System.DirectoryServices classes and methods:

// define the root of your search
DirectoryEntry root = new DirectoryEntry("LDAP://dc=YourCompany,dc=com");

// set up DirectorySearcher  
DirectorySearcher srch = new DirectorySearcher(root);
srch.Filter = "(objectCategory=Person)";
srch.SearchScope = SearchScope.Subtree;

// define properties to load
srch.PropertiesToLoad.Add("objectSid");
srch.PropertiesToLoad.Add("displayName");

// search the directory
foreach(SearchResult result in srch.FindAll())
{
   // grab the data - if present
   if(result.Properties["objectSid"] != null && result.Properties["objectSid"].Count > 1)
   {
       var sid = result.Properties["objectSid"][0];
   }

   if(result.Properties["displayName"] != null && result.Properties["displayName"].Count > 0)
   {
       var userName = result.Properties["displayName"][0].ToString();
   }
}
marc_s
  • 732,580
  • 175
  • 1,330
  • 1,459
  • hi, Thanx for reply.. But in my case i wont be define any user.. it should be the loop through for every user for a perticular domain.. – Eshwer Feb 28 '12 at 06:21
  • @Eshwer: updated my response with a loop through **all** users of a given domain - this **WILL BE SLOW** if you have lots of users. – marc_s Feb 28 '12 at 06:24
  • Hi.. But where are u specifying the ldap url..? or it is not required? in this case from where it will take the user list? – Eshwer Feb 28 '12 at 06:31
  • 1
    @Eshwer: **read the article** I linked to! If you are using Active Directory (you still haven't confirmed this....), constructing the `PrincipalContext` will use the default AD domain (unless told otherwise) - so you basically don't need to specify anything for the current default AD domain. – marc_s Feb 28 '12 at 06:33
  • What is the namespace it required to use the PrincipalContext class. I tried to System.DirectoryServices.AccountManagement but it is throwing error. – Eshwer Feb 28 '12 at 07:03
  • 1
    @Eshwer: you need to **add a reference** to that assembly - it's available in .NET 3.5 and 4.0 - but only in the "full versions" 9f .NET - not the .NET 4 Client Profile – marc_s Feb 28 '12 at 07:53
  • 1
    @Eshwer: that's the **easiest** way to do it.... what isn't working for you?? Why can't you use the easiest way to the goal ?? You **ARE** using **Active Directory** - right?? (you still haven't confirmed - I asked several times already....) – marc_s Feb 28 '12 at 11:11
  • @Eshwer: updated my answer **again** with another approach that doesn't use `PrincipalContext` – marc_s Feb 28 '12 at 11:24
  • Hi mac, in PrincipalContext class how can i pass the ldap server url as i can pass in to DirectoryEntry class. – Eshwer Mar 06 '12 at 09:46
  • 1
    @Eshwer: check the [MSDN documentation](http://msdn.microsoft.com/en-us/library/system.directoryservices.accountmanagement.principalcontext.aspx) - the class has several overloaded constructors – marc_s Mar 06 '12 at 10:33
  • 1
    @NTDLS: there's no need to explicitly specify `IdentityType.SamAccountName` here - quite the contrary! If you do that, then you're searching **only** for SAM Account name. Without specifying it, you're searching for several name-related attributes and chances to find your user are higher! – marc_s May 23 '13 at 18:49