How to retrieve the NT Account of a user using his display name

[yves.chevillat]

Dear All,

I'm currently converting a display name into an NTAccount using
NameTranslate object. But unfortunately there is no way to exclude
inactive accounts.
I'm searching to do it with ADSI, but all samples I found access the AD
using the NT Account. Does somebody have a sample that access the AD
using the user display name?

Regards

Yves

 

[Jerold Schulman]

Dear All,

I'm currently converting a display name into an NTAccount using
NameTranslate object. But unfortunately there is no way to exclude
inactive accounts.
I'm searching to do it with ADSI, but all samples I found access the AD
using the NT Account. Does somebody have a sample that access the AD
using the user display name?

Regards

Yves

Using the ADFind.exe freeware, tip 5898 in the 'Tips & Tricks' at http://www.jsifaq.com

adfind -default -rb cn=users -f "&(objectcategory=person)(displayName=Jerold Schulman)" sAMAccountName distinguishedName UserPrincipalName

Because displayName isn't indexed, it is slow.

 

[Richard Mueller [MVP]]

I'm currently converting a display name into an NTAccount using
NameTranslate object. But unfortunately there is no way to exclude
inactive accounts.
I'm searching to do it with ADSI, but all samples I found access the AD
using the NT Account. Does somebody have a sample that access the AD
using the user display name?

Hi,

You can use NameTranslate to convert the displayName to either the NT name
(sAMAccountName) or the distinguishedName, but only if the displayName is
unique in the domain. Is your problem that you have inactive accounts with
the same displayName? If there are duplicates, NameTranslate will raise an
error.

Besides the ADFind.exe utility suggested by Jerold, you can also use ADO to
retrieve info on users given the displayName. The filter could similar to
the one Jerold suggested. That is (watch for line wrapping):

(&(objectCategory=person)(objectClass=user)(displayName=Jim Smith))

The above will retrieve info on all user objects with the given value for
displayName, even inactive accounts. To filter out inactive accounts, use:

(&(objectCategory=person)(objectClass=user)(displayName=Jim
Smith)(!userAccountControl:1.2.840.113556.1.4.803:=2))

This filter should also work with ADFind.exe. You still may retrieve info on
more than one user. For tips on using ADO, see this link:

http://www.rlmueller.net/ADOSearchTips.htm

 

[yves.chevillat]

Great. Thanks a lot.
As I'm new with LDAP syntax, may I ask you 2 little things.
- I have no problem to query information about users of my domain, but
when I try with other domains I don't receive any records even if the
given domain does not generate an error (Table doest not exist with an
unknown domain). The recordset just contains 0 record. I suppose that
it must be related with access security. Should I have to give my
credentials in the request? Or is it not possible to query other
domains without special rights on domain controllers? Note that the
code will be used by all authenticated users of the domains.
- I try to get the list of all domains, but I have some problem to
retrieve all conditions (syntax name) to used in the LDAP query. Did
you have a sample?
On more time, thanks a lot for your help.
Yves