How can I search Active Directory by username using C#?

Question

I\'m trying to search active directory by the username \'admin\'. I know for a fact that there is a user with that username in the directory, but the search keeps coming bac

Answer 1

this should work

private void showUsers(string pUserName)
    {
        string uid = Properties.Settings.Default.uid;
        string pwd = Properties.Settings.Default.pwd;
        using (var context = new PrincipalContext(ContextType.Domain, "YOURDOMAIN", uid, pwd))
        {
            using (UserPrincipal user = new UserPrincipal(context))
            {
                user.SamAccountName = pUserName;
                using (var searcher = new PrincipalSearcher(user))
                {
                    foreach (var result in searcher.FindAll())
                    {
                        DirectoryEntry de = result.GetUnderlyingObject() as DirectoryEntry;
                        Console.WriteLine("First Name: " + de.Properties["givenName"].Value);
                        Console.WriteLine("Last Name : " + de.Properties["sn"].Value);
                        Console.WriteLine("SAM account name   : " + de.Properties["samAccountName"].Value);
                        Console.WriteLine("User principal name: " + de.Properties["userPrincipalName"].Value);
                        Console.WriteLine("Mail: " + de.Properties["mail"].Value);

                        PrincipalSearchResult<Principal> groups = result.GetGroups();

                        foreach (Principal item in groups)
                        {
                            Console.WriteLine("Groups: {0}: {1}", item.DisplayName, item.Name);
                        }
                        Console.WriteLine();
                    }
                }
            }
        }
        Console.WriteLine("End");
        Console.ReadLine();
    }

Answer 2

if you want to stick to DirectorySearcher, try searching by cn or samaccountname instead

var attributeName = "cn";
var searchString = "admin"
var ent = new DirectoryEntry("LDAP://"dc=corp,dc=contoso,dc=com")
var mySearcher = new DirectorySearcher(ent);
mySearcher.Filter = string.Format("(&(objectcategory=user)({0}={1}))", attributeName, searchString);

var userResult = mySearcher.FindOne();

Answer 3

It turns out that "userPrincipalName" needed to be all lower-case ("userprincipalname"). Good to know, thanks for your responses.

Answer 4

var attributeName = "userPrincipalName";
var = "admin"

You need change filter like this

string filter="(&(objectCategory=person)(objectClass=user)(!sAMAccountType=805306370)(attributeName =searchString))";



var ent = new DirectoryEntry("LDAP://"dc=corp,dc=contoso,dc=com")
var mySearcher = new DirectorySearcher(ent);
mySearcher.Filter = filter;

var userResult = mySearcher.FindOne();

Answer 5

If you're on .NET 3.5 and up, you should check out the System.DirectoryServices.AccountManagement (S.DS.AM) namespace. Read all about it here:

• Managing Directory Security Principals in the .NET Framework 3.5
• MSDN docs on System.DirectoryServices.AccountManagement

Basically, you can define a domain context and easily find users and/or groups in AD:

// set up domain context
PrincipalContext ctx = new PrincipalContext(ContextType.Domain);

// find a user
UserPrincipal user = UserPrincipal.FindByIdentity(ctx, "admin");

if(user != null)
{
   // do something here....     
}

With this code, you'll be searching for that user by the following attributes:

• DistinguishedName : The identity is a Distinguished Name (DN).
• Guid: The identity is a Globally Unique Identifier (GUID).
• Name: The identity is a name.
• SamAccountName: The identity is a Security Account Manager (SAM) name.
• Sid: The identity is a Security Identifier (SID) in Security Descriptor Definition Language (SDDL) format.
• UserPrincipalName: The identity is a User Principal Name (UPN).

The new S.DS.AM makes it really easy to play around with users and groups in AD!