Home
Using DirectoryServices to access Active Directory User’s Credentials
Coding

Using DirectoryServices to access Active Directory User’s Credentials

January 28, 2010
Use DirectoryServices to query AD

Use DirectoryServices to query AD

There will be times when using the Active Directory Membership to provide authentication to a web application is just not feasible. But the requirement can still be to match an Active Directory user to an entry at the application’s database. Thankfully Microsoft has provided developers with a good abstraction to access Active Directory (System.DirectoryServices). As part of my research I decided to create a small console application that will communicate with Active Directory, get a list of all users belonging to a specific group, be able to get all properties (like displayName, physicalDeliveryOfficeName, homeDirectory, countryCode, sAMAccountName, etc.) from the user’s Active Directory entry and specifically convert the objectsid (byte[] array) to a string representing the SID.

The namespace System.DirectoryServices provides access to Active Directory Domain Services and allows you to connect to Active Directory and search for objects within this special database.

using System.DirectoryServices namespace

using System.DirectoryServices namespace

DirectoryEntry represents an object in the Active Directory Domain Services tree hierarchy. By connecting you establish the returned object as your root for next searches. For this connection to happen you need to provide the path (in my case was the standard LDAP path, example: “LDAP://mydomainAD.net“) and your security credentials. Is best to ask your local AD Admin to setup an account for this application.

DirectoryEntry

DirectoryEntry

Next we need to perform a search and get our results:

Active Directory DirectorySearcher

Active Directory DirectorySearcher

When creating an instance of DirectorySearcher, the first parameter DirectoryEntry (created in the last step) is optionally. It will set your starting point for searching if present, but if not it will default to your current domain.
The second parameter is my filter to search and return only objects belonging to the specified group (setup was done separately in a config file).
You retrieve your results (collection of SearchResult, SearchResultCollection) by calling the FindAll method.

Another call to DirectoryEntry but passing each member’s information returns the AD properties for such user and allows me to query each of its properties like (sAMAccountName, name, homeDirectory, etc.)

Active Directory ResultPropertyCollection

Active Directory ResultPropertyCollection

I am interested in one particular property, the user’s “objectSid“. Once I have the value (byte[]) I pass it to another method to transform it to a security token (SID).

SecurityIdentifier

SecurityIdentifier

I used a SecurityIdentifier to transform the byte[] to a meaningful SID token. All happening within Windows’ own methods.

The resulting value (SID formatted) is: “S-1-5-21-1348824495-855021684-617735142-29890”

You can download this code sample: PublishADProperties.cs

Related Articles

About The Author

Codex Discipulus

Hello, my name is David and I am a disciple of coding, always learning and always ready to help. Welcome to my blog, I hope you find it useful, please send your comments and share an article with your friends.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.