How i get the list of active directory user attributes(not of particular user i.e.all attributes) e.g.cn,mail etc. using c#?
If you're on .NET 3.5 and up, you need to check out the classes in System.DirectoryServices.ActiveDirectory for this. You need to look at classes like ActiveDirectorySchema and ActiveDirectorySchemaClass.
You can get hold of the current AD schema by using:
ActiveDirectorySchema currSchema = ActiveDirectorySchema.GetCurrentSchema();
When you have the current schema, you can inspect the various class definitions, e.g.:
ActiveDirectorySchemaClass userSchema = currSchema.FindClass("person");
Once you have that object, you can inspect and enumerate its properties, things like:
MandatoryProperties
OptionalProperties
and so on to get an insight into the AD schema.
DirectoryEntry dir = new DirectoryEntry();
dir.Path = "LDAP://YourActiveDirServername ";
DirectorySearcher sea = new DirectorySearcher(dir);
sea.Filter = "(sAMAccountName=Uname)";
SearchResult seares = sea.FindOne();
StringBuilder str = new StringBuilder();
System.DirectoryServices.ResultPropertyCollection prop = seares.Properties;
ICollection coll = prop.PropertyNames;
IEnumerator enu = coll.GetEnumerator();
while (enu.MoveNext())
{
str.Append(enu.Current + " = " + seares.Properties[enu.Current.ToString()][0] + "\n");
}
Also, take a look at: http://www.codeproject.com/KB/system/everythingInAD.aspx
You could use WMI:
ObjectGetOptions objectGetOptions = new ObjectGetOptions(null, System.TimeSpan.MaxValue, true);
ManagementClass managementClass = new ManagementClass("root\\directory\\LDAP", "ads_user", objectGetOptions);
foreach (PropertyData dataObject in managementClass.Properties)
{
Console.WriteLine(dataObject.Name);
}
While ADExplorer does not list all the available attributes, I have found it a great tool for seeing what goes where.
You can download it from http://technet.microsoft.com/en-us/sysinternals/bb963907.aspx
UserPropertyList = new List<string>();
ActiveDirectorySchema currSchema = ActiveDirectorySchema.GetCurrentSchema();
ICollection Collection = currSchema.FindAllProperties();
IEnumerator Enumerator = Collection.GetEnumerator();
while (Enumerator.MoveNext())
{
UserPropertyList.Add(Enumerator.Current.ToString());
}
The above code will add all search attributes of Active Directory to the UserPropertyList...
Expanding on marc_s's answer here. Here is a complete code example that prints the common name and the actual attribute name.
ActiveDirectorySchema schema = ActiveDirectorySchema.GetCurrentSchema();
ActiveDirectorySchemaClass person = schema.FindClass("user");
foreach( ActiveDirectorySchemaProperty property in person.GetAllProperties() )
{
Console.WriteLine("{0} = {1}", property.CommonName, property.Name);
}
Example output.
Common-Name = cn
Instance-Type = instanceType
NT-Security-Descriptor = nTSecurityDescriptor
Object-Category = objectCategory
Object-Class = objectClass
Object-Sid = objectSid
SAM-Account-Name = sAMAccountName
Account-Expires = accountExpires
...
Related
I can successfully get a complete list of all AD Attributes with the following code (including things like extensionAttribute1 - 15)
// get whatever attributes are available
List<string> allAttributes = new List<string>();
var context = new DirectoryContext(DirectoryContextType.Forest, "mydomain.com");
using (var schema = System.DirectoryServices.ActiveDirectory.ActiveDirectorySchema.GetSchema(context)) {
var userClass = schema.FindClass("user");
foreach (ActiveDirectorySchemaProperty property in userClass.GetAllProperties()) {
allAttributes.Add(property.Name);
}
}
However, when I retrieve a user account with the following code, most of these attributes (especially the extensionAttributes) are not present:
SearchResultCollection results;
DirectoryEntry de = new DirectoryEntry("LDAP://RootDSE");
DirectorySearcher ds = new DirectorySearcher("LDAP://" + de.Properties["defaultNamingContext"][0].ToString());
ds.Filter = "(&(objectCategory=User)(objectClass=person))";
results = ds.FindAll();
foreach (SearchResult sr in results) {
Console.WriteLine(sr.Properties["extensionAttribute1"][0].ToString()); // == null
}
What am I doing wrong?
most of these attributes (especially the extensionAttributes) are not present
That is normal. Attributes are only returned if they have a value. If an attribute does not have a value, it is not returned at all.
I want to read Parent-GUID attribute from ActiveDirectory.
I have tried below code to read all attributes of AD object from ActiveDirectory.
Code
var dirEntry = new DirectoryEntry(directoryEntryPath);
var directorySearcher = new DirectorySearcher(dirEntry, filter)
{
CacheResults = false,
Tombstone = true,
};
var searchResult = directorySearcher.FindAll(); // get mutiple AD Objects
foreach (SearchResult search in searchResult)
{
foreach (DictionaryEntry prop in search.Properties) // here I get all attributes values But not able to find parent-GUID attribute
{
}
}
Using above code I am able to get all properties of AD Object but I am not able to get value of Parent-GUID attribute.
According to https://learn.microsoft.com/en-us/windows/desktop/adschema/a-parentguid this is a constructed attribute. This means it won't be included in search results. The docs also imply it's there to support DirSync which tells me that it might not be available outside of a DirSync search.
Do you mean something like that?:
string path = "CN=someone,OU=yourOrganizationalUnit,DC=example,DC=com";
DirectoryEntry root = new DirectoryEntry(path);
root.Parent.Guid.ToString(); // this will display you the GUID from the parent of your path
Hope this is what you meant!
Cheers,
ov4rlrd
var searchResult = directorySearcher.FindAll();
foreach(SearchResult search in searchResult)
{
DirectoryEntry de = search.GetDirectoryEntry();
Guid ParentGUID = new Guid((byte[])de.Parent.Properties["objectGUID"][0]);
...
}
I'm trying to get Home Directory attribute value from active directory..
I used the following code:
public static void GetExchangeServerByWwidLdap(string wwid)
{
var exchange = string.Empty;
using (var ds = new DirectorySearcher())
{
ds.SearchRoot = new DirectoryEntry("GC:something");
ds.SearchScope = SearchScope.Subtree;
//construct search filter
string filter = "(&(objectclass=user)(objectcategory=person)";
filter += "(employeeid=" + wwid + "))";
ds.Filter = filter;
string[] requiredProperties = new string[] { "homeDirectory", "homemta" };
foreach (String property in requiredProperties)
ds.PropertiesToLoad.Add(property);
SearchResult result = ds.FindOne();
}
}
When I check result object data, I'm seeing only 2 values: "homemta" and "adspath".
Where is the "homeDirectory" value?
I entered AD website and searched the same values for same users - through the website I can see the all the data I searched for so I assuming that I have code issue somewhere.
What am I doing wrong?
You're trying to retrieve homeDirectory from global catalog.
It’s not there.
You can e.g. bind to the user by ADsPath property (i.e. “LDAP://…” string), then query the homeDirectory attribute of that user.
Or, if you only have a single domain, you can search within that domain instead of searching the GC. In this case you'll be able to retrieve all the properties you want.
I'm Trying to change a name of a group with c# and .NET. It's working well with the following code:
public void selectADSObject(string LDAP)
{
DirectoryEntry Entry = new DirectoryEntry(ADS_PATH);
Entry.Username = ADS_USER;
Entry.Password = ADS_PW;
DirectorySearcher Searcher = new DirectorySearcher(Entry);
Searcher.SearchScope = System.DirectoryServices.SearchScope.Subtree;
Searcher.Filter = LDAP;
AdObj = Searcher.FindOne();
AdObj.GetDirectoryEntry().Rename("cn=newName");
}
There is just the "windows-pre 2000" name that doesn't rename and I need it to rename too. On this page I figured out that the sAMAccountName is what I'm after. But when I add the following lines, it also doesn't change the pre-windows 2000 name:
AdObj.GetDirectoryEntry().Properties["sAMAccountName"].Value = "newName";
AdObj.GetDirectoryEntry().CommitChanges();
How can I change the sAMAccountName / pre-windows 2000 name?
Every time you invoke:
AdObj.GetDirectoryEntry()
It actually creates a new object! Every change is lost on the next line. Please use something like:
var dent = AdObj.GetDirectoryEntry()
dent.Properties["sAMAccountName"].Value = "newName";
dent.CommitChanges();
dent.rename("cn=newName");
I am trying to retrieve a list of Computer Names and the date they were last logged onto from Active Directory and return them in a datatable.
Getting the names is easy enough but when I try to add the "lastLogon" or "lastLogonTimestamp" like shown below, the only values I get for the lastLogonTimestamp is "System._ComObject"
public DataTable GetListOfComputers(string domainName)
{
DirectoryEntry entry = new DirectoryEntry("LDAP://DC=" + domainName + ",DC=com");
DirectorySearcher search = new DirectorySearcher(entry);
string query = "(objectclass=computer)";
search.Filter = query;
search.PropertiesToLoad.Add("name");
search.PropertiesToLoad.Add("lastLogonTimestamp");
SearchResultCollection mySearchResultColl = search.FindAll();
DataTable results = new DataTable();
results.Columns.Add("name");
results.Columns.Add("lastLogonTimestamp");
foreach (SearchResult sr in mySearchResultColl)
{
DataRow dr = results.NewRow();
DirectoryEntry de = sr.GetDirectoryEntry();
dr["name"] = de.Properties["Name"].Value;
dr["lastLogonTimestamp"] = de.Properties["lastLogonTimestamp"].Value;
results.Rows.Add(dr);
de.Close();
}
return results;
}
If I query AD using a tool like LDP I can see that the property exists and is populated with data.
How can I get at this info?
It'd be easier to use the ComputerPrincipal class and a PrincipalSearcher from System.DirectoryServices.AccountManagement.
PrincipalContext pc = new PrincipalContext(ContextType.Domain, domainName);
PrincipalSearcher ps = new PrincipalSearcher(new ComputerPrincipal(pc));
PrincipalSearchResult<Principal> psr = ps.FindAll();
foreach (ComputerPrincipal cp in psr)
{
DataRow dr = results.NewRow();
dr["name"] = cp.Name;
dr["lastLogonTimestamp"] = cp.LastLogon;
results.Rows.Add(dr);
}
**The way to treat the property 'lastLogonTimestamp' retrieved from a DirectoryEntry is to convert it to IADSLargeInteger
from:
http://www.dotnet247.com/247reference/msgs/31/159934.aspx**
The __ComObject returned for these types is IADsLargeInteger for the
numeric values, and IADsSecurityDescriptor for SecurityDescriptors.
You can include a reference on the COM tab to Active DS Type Lib and get
the definition for these interfaces or manually define them. Here is a
sample:
using System;
using System.DirectoryServices;
using System.Runtime.InteropServices;
//This is the managed definition of this interface also found in
ActiveDs.tlb
[ComImport]
[Guid("9068270B-0939-11D1-8BE1-00C04FD8D503")]
[InterfaceType(ComInterfaceType.InterfaceIsDual)]
internal interface IADsLargeInteger
{
[DispId(0x00000002)]
int HighPart{get; set;}
[DispId(0x00000003)]
int LowPart{get; set;}
}
class Class1
{
[STAThread]
static void Main(string[] args)
{
DirectoryEntry entry = new
DirectoryEntry("LDAP://cn=user,cn=users,dc=domain,dc=com");
if(entry.Properties.Contains("lastLogon"))
{
IADsLargeInteger li =
(IADsLargeInteger)entry.Properties["lastLogon"][0];
long date = (long)li.HighPart << 32 | (uint)li.LowPart;
DateTime time = DateTime.FromFileTime(date);
Console.WriteLine("Last logged on at: {0}", time);
}
}
}
David Stucki
Microsoft Developer Support
Try using IADsLargeInteger (Source)
DirectoryEntry user = DirectoryEntry("LDAP://" + strDN);
if (user.Properties.Contains("lastlogontimestamp"))
{
// lastlogontimestamp is a IADsLargeInteger
IADsLargeInteger li = (IADsLargeInteger)
user.Properties["lastlogontimestamp"][0];
long lastlogonts =
(long)li.HighPart << 32 | (uint)li.LowPart;
user.Close();
return DateTime.FromFileTime(lastlogonts);
}
A simple answer to the original question is to access the property on your search result:
sr.Properties["lastLogonTimestamp"][0].ToString()
DateTime.FromFileTimeUTC(long.Parse(sr.Properties["lastLogonTimestamp"][0].ToString())) to obtain a datetime value
I'm having a similar issue, I can access the lastLogonTimestamp property in the SearchResult and obtain a value in the indexed result but after using SearchResult.GetDirectoryEntry() I am not able to access a valid result for the lastLogonTimestamp property on the DirectoryEntry.
Has anyone else run into this issue with the DirectoryEntry returned from SearchResult.GetDirectoryEntry() as it relates to access to the lastLogonTimestamp property?