Where is the domain name in a UserPrincipal object?

Question

I\'m using the System.DirectoryServices.ActiveDirectory classes to find all Active Directory users. The code is very simple:

var context = new P         


        

Answer 1

OK, here' the final code I came up with using JPBlanc's answer and the answer linked by MichaelZ. It shows the SID, Display Name and DOMAIN\username for each user.

    var ldapUrl = "LDAP://" + defaultNamingContext;

    using (var rootDe = new DirectoryEntry(ldapUrl))
    using (var searcher = new DirectorySearcher(rootDe))
    {
        searcher.SearchScope = SearchScope.Subtree;
        searcher.PropertiesToLoad.Add("objectSid");
        searcher.PropertiesToLoad.Add("displayName");
        searcher.PropertiesToLoad.Add("msDS-PrincipalName");
        searcher.Filter = "(&(objectClass=user)(objectCategory=person))";

        var results = searcher.FindAll();

        foreach (SearchResult result in results)
        {
            var qualifiedUsername = GetSinglePropertyValue(result, "msDS-PrincipalName");
            var displayName = GetSinglePropertyValue(result, "displayName");
            var sid = new SecurityIdentifier((byte[])GetSinglePropertyValue(result,"objectSid"), 0);

            Console.WriteLine("User: {0}\r\n\tDisplay name: {1}\r\n\tSID: {2}",
                qualifiedUsername, displayName, sid);
        }
    }

    private static object GetSinglePropertyValue(SearchResult result, string propertyName)
    {
        var value = result.Properties[propertyName];
        if (value.Count == 0)
            return null;
        if (value.Count == 1)
            return value[0];
        throw new ApplicationException(string.Format("Property '{0}' has {1} values for {2}",
            propertyName, value.Count, result.Path));
    }

And to get the default naming context for the machine's domain (as answered here):

private static string GetDefaultNamingContext()
{
    // This check is fast
    try
    {
        Domain.GetComputerDomain();
    }
    catch (ActiveDirectoryObjectNotFoundException)
    {
        return null;
    }

    // This takes 5 seconds if the computer is not on a domain
    using (var rootDe = new DirectoryEntry("LDAP://RootDSE"))
    {
        try
        {
            return (string)rootDe.Properties["defaultNamingContext"][0];
        }
        catch (COMException ex)
        {
            if (ex.ErrorCode == -2147023541)
                return null;
            throw;
        }
    }
}

Answer 2

For AD DS, the value of msDS-PrincipalName is the NetBIOS domain name, followed by a backslash ("\").

You can find it using :

/* Retreiving the root domain attributes
 */ 
sFromWhere = "LDAP://DC_DNS_NAME:389/dc=dom,dc=fr"; 
DirectoryEntry deBase = new DirectoryEntry(sFromWhere, "AdminLogin", "PWD"); 

DirectorySearcher dsLookForDomain = new DirectorySearcher(deBase); 
dsLookForDomain.Filter = "(objectClass=*)"; 
dsLookForDomain.SearchScope = SearchScope.base; 
dsLookForDomain.PropertiesToLoad.Add("msDS-PrincipalName"); 

SearchResult srcDomains = dsLookForDomain.FindOne();