Using .net, I'm trying to pull info from this AD field: Computer Name(pre-Windows 2000). However, I don't know what the property identifier for it is.
For instance, if you want to look for the city property, you use "l". I'm wondering what the corresponding identifier is for computer name.
dSearch.PropertiesToLoad.Add("l"); //load city property
dSearch.PropertiesToLoad.Add("?"); //what is computer name?
Does anyone know what to use here? Help would be much appreciated.
The AD ldap attribute for the pre-Windows 2000 computer name is "sAMAccountName". I verified it myself on AD by creating a bogus computer account, giving it a unique pre-win 2000 name, and then checking the AD attributes using LDAP Admin.
In our environment both of these return the computer name but I can't tell which is tied to Computer Name(pre-Windows 2000).
dSearch.PropertiesToLoad.Add("cn");
dSearch.PropertiesToLoad.Add("name");
Turns out the identifier was "employeeID".
Related
I try to find sid of the administrator group for example.
According to Microsoft the sid of that group is: S-1-5-21-machine-500
when the machine is identifier represents the three sub-authority values associated with a specific machine.
You can see it in the follow link:
https://msdn.microsoft.com/en-us/library/cc980032.aspx
I don't understand what the meaning of the <machine> and how I can get it using in c#.
Anybody know what is it or how I can get it?
Everything up to the 500 identifies the issuer of the SID, in this case the machine.
S-1-5 means "NT AUTHORITY", i.e. this SID is issued by is a Windows NT system. (The reason for this distinction is that SIDs are a subset of OIDs, an OSI standard for generating unique IDs, part of the DCE project and also used in LDAP).
S-1-5-21-X-X-X means "Issued by a domain", where X-X-X is a unique random number generated when the domain was created, or when the machine was installed.
This is also known as the "machine SID" or "domain SID" if it is for the domain. Specifically, the 21 identifies that the next three groups identify a domain, which will in turn issue more SIDs.
S-1-5-21-X-X-X-500 is the administrator account of the machine identified by S-1-5-21-X-X-X
The 500 is the RID or Relative ID. That's equivalent to the GID on Linux. 500 is the first local account or group to be created because RIDs are allocated beginning with 500. The next local account or group would get RID 501, and so on. 500 is generally the account Administrator, not a group though.
If you want to find information about security groups from C#, you should use the ADSI API, accessible from the System.DirectoryServices namespace. For local groups you need to use WinNT://MACHINENAME/ as your initial path.
https://msdn.microsoft.com/en-us/library/system.directoryservices.directoryentry.path(v=vs.110).aspx
Note that users are not listed as members of their primary group (usually Users). You have to look at the User's PrimaryGroup property for that.
Is it possible to get the computer name for a person that is found through Active Directory?
I am currently getting the person via DirectorySearcher object, and from there can get the user's SID, but i don't know where to look next in order to find the actual computer name that is assigned to that SID or person?
Or maybe there is an easier way to get this information from Active Directory?
There is no association of computers to users in default AD - so there is no way to get such information.
You may find last/currently logged on set of machines for a user (also I don't think this is available in AD, see How to find what user last logged onto a given computer through Active Directory in C#? for some starting points) or maybe you add custom information that gives that association in AD (Retrieving custom Active Directory properties of users).
i have active directory configured and i have added two user x and y and my domain is DOMAIN. And i have created an application where i these two can login with their username DOMAIN/X and DOMAIN/Y. But Here's the scenario i will add the intended user details into the database like their username and password and I want to show a login button without username and password fields who were within my LAN and i should be able to get the PC name and then i will verify it across username which i have saved in Db and get the username and password to validate him. So basically is there any way to get the Computer name from where the user tried to access the application within my LAN
you can use this piece of code to get the pc name
System.Security.Principal.WindowsIdentity.GetCurrent().Name.ToString();
but if you will be saving the name of the pc as just the name it might end up having more then one name of the same.
if its just for each computer you want to register I would suggest going for MAC address
not sure exactly how its done but maybe this link will help you
MAC Address
Recently I was trying to find answer to question "How to determine if current logged in user is part of domain or not"
On Stackoverflow I found pretty decent answers for the above which involved usage of
using System.Security.Principal;
using System.DirectoryServices.AccountManagement;
But I also see a simple solution saying
System.Environment.UserDomainName; - gives name of the current user's domain name.
System.Environment.MachineName; - gives name of the machine.
If above two are not the same means the user is part of domain returned by UserDomainName
Fair enough, also confirmed by this link from MSDN
Now the question is what if the "Domain name" and "Machine name" are identical?
or
Is it possible that a machine with the exact same name as domain name can join the domain?
If this is true, is there any possibilities to counter check this by adding something to this simple solution
I bet you the current logged on user does not have a distingished name if he or she isn't logged on to a domain. Use GetUserNameEx with the EXTENDED_NAME_FORMAT type NameFullyQualifiedDN (1).
If you get a value back then you know the current user is logged on to a domain. Though, Calling this function might block your program unexpectedly for a period of time. You probably want to call this function in a asynchronous fashion as it might atempt to connect to some Active Directory service and just eventually fail or timeout.
An yet more resilient way to accomplish this would be to look up the account SID and check whether the EqualPrefixSid can compare it with the machine. If this is the case, then you know the current account is local to the machine (i.e. not in a domain). This does not involve crossing the network and waiting for a timeout, so it's a more direct approach. Interestingly, it also implies that if the machine name is the same as the user domain, Windows would have to assume that the domain you want to logon on to is the local machine and it should therefore be almost impossible to logon to the actual domain if the machine name really is the same as the domain.
Apologies for not knowing the right way to phrase this question.
Given a domain name and an alias, for example CONTOSO\steveh how can I get the friendly display name for that alias? For example, in Outlook email sent to CONTOSO\steveh appears as 'Steve Holt'?
If you are using .net 3.5, add references to System.DirectoryServices and System.DirectoryServices.AccountManagement and try this:
PrincipalContext c = new PrincipalContext(ContextType.Domain,"CONTOSO");
UserPrincipal principal = UserPrincipal.FindByIdentity(c,"steveh");
Console.WriteLine(principal.DisplayName);
I can't verify if it works for a domain since I'm running on a standalone machine but it should help you get started.
You can query ActiveDirectory through LDAP I recommend taking a look at this question which has some basic information. You should be able to get a general direction from there.