How do I query ActiveDirectory using LDAP with a username, not a CN?

Question

If I set the .NET DirectoryEntry.Path to something like:

LDAP://CN=John Smith,OU=Group Name,DC=example,DC=com

Everything works great, and I get

Answer 1

You can't just query by means of creating an LDAP string - you'll need to use code for that.

Something like:

DirectoryEntry deRoot = new DirectoryEntry("LDAP://yourserver/CN=Users,dc=YourCompany,dc=com");

DirectorySearcher dsFindUser = new DirectorySearcher(deRoot);
dsFindUser.SearchScope = SearchScope.SubTree;

dsFindUser.PropertiesToLoad.Add("sn"); // surname = last name
dsFindUser.PropertiesToLoad.Add("givenName"); // first name

dsFindUser.Filter = string.Format("(&(objectCategory=Person)(anr={0}))", yourUserName);

SearchResult rseult = dsFindUser.FindOne();

if(result != null)
{
   if(result.Properties["sn"] != null)
   {  
      string lastName = result.Properties["sn"][0].ToString();
   }

   if(result.Properties["givenName"] != null)
   {  
      string lastName = result.Properties["givenName"][0].ToString();
   }
}

The full MSDN documentation on the System.DirectoryServices.DirectorySearcher class can be found on MSDN - it has lots of additional properties and settings.

If you're on .NET 3.5, things have gotten quite a bit easier with a strongly-typed library of routines for handling users and groups - see this excellent MSDN article on the topic for more info.

Hope this helps

Marc