Active Directory Attribute List Using c#

Question

我如何使用C＃获取活动目录用户属性（不是特定用户即所有属性）的列表，例如cn，mail等？

Answer 1

If you're on .NET 3.5 and up, you need to check out the classes in System.DirectoryServices.ActiveDirectory for this. You need to look at classes like ActiveDirectorySchema and ActiveDirectorySchemaClass .

You can get hold of the current AD schema by using:

ActiveDirectorySchema currSchema = ActiveDirectorySchema.GetCurrentSchema();

When you have the current schema, you can inspect the various class definitions, eg:

ActiveDirectorySchemaClass userSchema = currSchema.FindClass("person");

Once you have that object, you can inspect and enumerate its properties, things like:

• MandatoryProperties
• OptionalProperties

and so on to get an insight into the AD schema.

Answer 2

DirectoryEntry dir = new DirectoryEntry();
    dir.Path = "LDAP://YourActiveDirServername ";        
    DirectorySearcher sea = new DirectorySearcher(dir);
    sea.Filter = "(sAMAccountName=Uname)";
    SearchResult seares = sea.FindOne();      
    StringBuilder str = new StringBuilder();
    System.DirectoryServices.ResultPropertyCollection prop = seares.Properties;
    ICollection coll = prop.PropertyNames;
    IEnumerator enu = coll.GetEnumerator(); 
        while (enu.MoveNext())
        {
            str.Append(enu.Current + " = " + seares.Properties[enu.Current.ToString()][0] + "\n");
        }  

Also, take a look at: http://www.codeproject.com/KB/system/everythingInAD.aspx

Answer 3

Expanding on marc_s 's answer here. Here is a complete code example that prints the common name and the actual attribute name.

ActiveDirectorySchema schema = ActiveDirectorySchema.GetCurrentSchema();
ActiveDirectorySchemaClass person = schema.FindClass("user");
foreach( ActiveDirectorySchemaProperty property in person.GetAllProperties() )
{
    Console.WriteLine("{0} = {1}", property.CommonName, property.Name);
}

Example output.

Common-Name = cn
Instance-Type = instanceType
NT-Security-Descriptor = nTSecurityDescriptor
Object-Category = objectCategory
Object-Class = objectClass
Object-Sid = objectSid
SAM-Account-Name = sAMAccountName
Account-Expires = accountExpires
...

Answer 4

You could use WMI:

 ObjectGetOptions objectGetOptions = new ObjectGetOptions(null, System.TimeSpan.MaxValue, true);
 ManagementClass managementClass = new ManagementClass("root\\directory\\LDAP", "ads_user", objectGetOptions);

 foreach (PropertyData dataObject in managementClass.Properties)
 {
    Console.WriteLine(dataObject.Name);
 }

Answer 5

While ADExplorer does not list all the available attributes, I have found it a great tool for seeing what goes where.

You can download it from http://technet.microsoft.com/en-us/sysinternals/bb963907.aspx

Answer 6

UserPropertyList = new List<string>();

ActiveDirectorySchema currSchema = ActiveDirectorySchema.GetCurrentSchema();

ICollection Collection = currSchema.FindAllProperties();

IEnumerator Enumerator = Collection.GetEnumerator();

while (Enumerator.MoveNext())
{
   UserPropertyList.Add(Enumerator.Current.ToString());
}

The above code will add all search attributes of Active Directory to the UserPropertyList...