Active Directory lookup

  • Thread starter Thread starter ptran123
  • Start date Start date
P

ptran123

I want to do an AD lookup of the current logged on user. From ASP.NET
I can get the identity name of the user in the form of
"<domain>\<user>". How do I perform an AD search based on that
information using the syntax "LDAP://"?
 
Something like the code example below should work. Some keys things to
mention:
1) ASP.NET does not have access to domains Active Directory. You need to
create a domain user, with minimal permissions, which the app can then use
to perform ldap queries: this would be used to set the ldapUser and
ldapPassword noted in code below.
2) You will obviously need to store the username and password noted above so
they should be encrypted to keep someone from misusing the account.
3) You need to know the name of your AD domain to format the ldapPath
properly. If your domain was "mycompany.net", the format of the ldapPath
would be something like "LDAP://DC=mycompany,DC=net". See the Active
Directory docs or at least the doc for framework classes such as
DirectoryEntry for more info.

Hope this helps.


Imports System.Security.Principal
Imports System.DirectoryServices

Friend Class MySearcher

Public Sub DoSearch
' Need to get or set ldapPath, ldapUser and ldapPassword

Dim de As DirectoryEntry = New DirectoryEntry(ldapPath, ldapUser,
ldapPassword)
Dim searcher As DirectorySearcher = New DirectorySearcher(de)

' Parse domain\user to get just the user
Dim domainUserName As String = WindowsIdentity.GetCurrent.Name
Dim myID As String = myID.Substring(domainUserName.IndexOf("\") + 1)

searcher.Filter = String.Format("(SAMAccountName={0})",myID)"
searcher.FindOne()
Dim sr As SearchResult = searcher.FindOne

If Not (sr Is Nothing) Then

' "my" objects below would be something like class properties

myUserName = GetAdProperty(sr, "SAMAccountName")
myFirstName = GetAdProperty(sr, "givenname")
myMiddleName = GetAdProperty(sr, "middlename")
myLastName = GetAdProperty(sr, "sn")
myCompany = GetAdProperty(sr, "company")
myDepartment = GetAdProperty(sr, "department")
myTitle = GetAdProperty(sr, "title")
myEmail = GetAdProperty(sr, "mail")
myPhone = GetAdProperty(sr, "telephonenumber")

' more properties are available....just some examples of
typical ones

End If
End Sub

'**************************************
' Helper function to get the value in the AD property
Private Function GetAdProperty(ByVal sr As SearchResult, ByVal
propertyName As String) As String
Try
Return sr.Properties(propertyName)(0).ToString
Catch ex As Exception
Return ""
End Try
End Function

End Class
 
Brad,

What happens when you have two different users in two different
domains with the same sAMAccount. For example domain1\user and
domain2\user. I can't use the sAMAccount because AD doesn't know which
one to choose. Is there a way to query AD without having me to code an
if-else statement for each domain lookup.
 
I don't know....I haven't had to do that. I suppose one option would be to
set the value of the LDAP path according to the domain of the user (which
you would parse out of the windowsidentity). That way you would still be
using the samaccount and only be searching the domain which is applicable to
the specific domain\user.
 
Back
Top