Obtain specific user (not current user) domain name from Active directory
Question
While I realise that there is a lot of material online relating to this issue, there doesn't seem to be a lot for this specific issue.
I am looking to query Active Directory in C# to not only obtain the user name, but the user's domain name also. I am NOT looking for the domain name of the current user or current session.
The reason for this is that many users will be from multiple domains and will not be on the same name as the administrator that is manipulating a user's credentials via the UI
So when the admin adds a user, I need to check the user's domain name and input that preceding the users name eg DOMAIN\\username As the added user's domain name might not necessarily be the same as the previously added user.
2 answers
solution1
1 2011-08-04 18:47:40
So the netbios name of the domain being the first component of the domain in the userPrincipalName (eg brian@contoso.com being CONTOSO\\brian) is purely coincidental. There is absoutely no reason they have to match in AD.
The place to get the netBIOS name of the user's domain is from that domain's crossRef object. In order to do this, you need to get the domain portion of the user's distinguishedName (that's the portion of the string starting with DC=) and then search the configuration NC for the matching crossRef using a filter like this: (&(objectClass=crossRef)(ncName=)). You can then inspect the nETBIOSName attribute.
To get the DN of the configuration NC to root your search in, you can ask LDAP://RootDSE for the configurationNamingContext attribute.
solution2
0 2011-08-01 13:16:13
A possible solution would be to use LDAP. That will let you connect and query different domains. The full name is stored as a userprincipal eg username@domainname.com
You'll still need to know which tree to connect to though for a given domain name. Also, unless the domains are in a forest, you could get duplicate domain usernames if you're searching purely on username.
If the domains are in a forest, there is a shortcut where you can search on the forest root using the global catalog. You'll then be searching in every child domain. This may take a while though, dependant on the size of the tree to search.
Edit
these are some code fragments for checking LDAP that I've used. You should be able to put them together into something useful.
LdapConnection connection = new LdapConnection(new LdapDirectoryIdentifier(_Parser.Host, _Parser.Port));
connection.Bind(new System.Net.NetworkCredential(_Parser.Username, _Parser.Password));
x--- snip
request = new SearchRequest();
request.Filter = query;
request.Scope = SearchScope.Subtree;
request.DistinguishedName = _Parser.SearchBase;
response = (SearchResponse)connection2.SendRequest(request);
The response contains a collection of results you can then enumerate to find the entry you're interested in.
An LDAP query uses reverse polish notation & the one i think you want is (samaccountname=<your value here>) replace with the username you want to look for. you don't need to quote the value.
replace _Parser.SearchBase with a string that is the dn of the object you want to start searching from. this is probably your domain root, eg dc=somedomain,dc=com if you domain is somedomain.com host should be the name of the AD server you want to connect to. Use 3268 for the port as that's the global catalog and since it's read-only is quicker and has all partition. specify the username you use to connect as username@somedomain.com.
Look for the attribute called userprincipalname. the msdn documentation should help you how on how to read a result object.
Simon
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.