Directory Service Query Show NT-style Name?

[poi]

I query a Win2K domain controller to get the users inside a global
group. But my query only shows "name" and "(e-mail address removed)" , it does
not show it as
"domain\name". Where can I get the pre-windows 2000 domain nomenclature
to show?

DirectoryEntry userEntry = new DirectoryEntry( userSearch );
userEntry.Username = user;
userEntry.Password = password;
userEntry.AuthenticationType = AuthenticationTypes.FastBind;
DirectorySearcher userSearcher = new DirectorySearcher(userEntry);
userSearcher.SearchScope = SearchScope.Base;
userSearcher.PropertiesToLoad.Add("samAccountName");
userSearcher.PropertiesToLoad.Add("userPrincipalName");
SearchResult userResult = userSearcher.FindOne();
if ( userResult != null )
{
ResultPropertyCollection userProps = userResult.Properties;
if ( userProps.Contains( "samAccountName" ) == true )
{
ResultPropertyValueCollection propValue =
userProps["samAccountName"];
Console.WriteLine( propValue[0].ToString() );
}
if ( userProps.Contains( "userPrincipalName" ) == true )
{
ResultPropertyValueCollection propValue =
userProps["userPrincipalName"];
Console.WriteLine( propValue[0].ToString() );
}
}
Console.WriteLine();



Thanks.

 

[Marc Scheuner [MVP ADSI]]

I query a Win2K domain controller to get the users inside a global

group. But my query only shows "name" and "(e-mail address removed)" , it does
not show it as "domain\name".

No, because that's a deprecated style of showing user names....

Where can I get the pre-windows 2000 domain nomenclature
to show?

The user name of that name is stored in the "samAccountName" property.
The domain name isn't available directly from the user object, you'd
have to get the user's domainDNS object (by walking up the LDAP
hierarchy) and retrieve its NetBIOS short name.

Marc
================================================================
Marc Scheuner May The Source Be With You!
Bern, Switzerland m.scheuner(at)inova.ch

 

[poi]

It might be a deprecated style of showing user names,
but it is how user names are displayed in ASP.NET. I have
a site that does role-based authentication and authorization,
and when a browser hits the integrated authentication of
IIS, the user's Principal credential gets displayed as
"domain\user" (not (e-mail address removed)), so I need to
match that string with what's in AD. Or if there is a
way to force IIS to display things in the non-deprecated
format, I'm fine with that too.

Since I know what DC I am querying in the first place, is
it OK to get the "dc" property of the computer
than answers the LDAP query and prepend that to the user name?
Or will I have problems when users from different trusted
domains have the same samAccountName (which is all IIS uses)?

Thanks.

 

[poi]

How to walk back up the chain, anyway? I'm not having any luck with the
proper format for a string to do a new search based on where I am in AD.


Thanks.

 

[Marc Scheuner [MVP ADSI]]

Since I know what DC I am querying in the first place, is

it OK to get the "dc" property of the computer
than answers the LDAP query and prepend that to the user name?

Yes, that should work okay.

Marc
================================================================
Marc Scheuner May The Source Be With You!
Bern, Switzerland m.scheuner(at)inova.ch

 

[Marc Scheuner [MVP ADSI]]

How to walk back up the chain, anyway? I'm not having any luck with the

proper format for a string to do a new search based on where I am in AD.

DirectoryEntry deUser = new
DirectoryEntry("LDAP://cn=JoeBlow,cn=Users,dc=fabrikam,dc=com");

// do something with the user.....

// walk back the parent chain to the domain level
DirectoryEntry deParent = deUser.Parent;

// have we found the domainDNS entry yet??
while(deParent != null && deParent.SchemaClassName != "domainDNS")
{
deParent = deParent.Parent;
}

if(deParent != null)
{
// here, we have the domain the user's contained in
Console.WriteLine(deParent.Name);
}

Marc
================================================================
Marc Scheuner May The Source Be With You!
Bern, Switzerland m.scheuner(at)inova.ch