Apologies for not knowing the right way to phrase this question.
Given a domain name and an alias, for example CONTOSO\steveh how can I get the friendly display name for that alias? For example, in Outlook email sent to CONTOSO\steveh appears as 'Steve Holt'?
If you are using .net 3.5, add references to System.DirectoryServices and System.DirectoryServices.AccountManagement and try this:
PrincipalContext c = new PrincipalContext(ContextType.Domain,"CONTOSO");
UserPrincipal principal = UserPrincipal.FindByIdentity(c,"steveh");
Console.WriteLine(principal.DisplayName);
I can't verify if it works for a domain since I'm running on a standalone machine but it should help you get started.
You can query ActiveDirectory through LDAP I recommend taking a look at this question which has some basic information. You should be able to get a general direction from there.
Related
I am developing a webapp in ASP.NET MVC C# where you can create automated emails that are sent out in the company yearly.
I am looking for a way to verify that the To-addresses specified by the user are valid and exist in the company.
I thought this could be accomplished by looking up Outlook's address book, since it contains all email addresses in the company.
I have searched around and found https://msdn.microsoft.com/en-us/library/ff184631.aspx which suggests using the Microsoft.Office.Interop.Outlook package. However, as far as I can see, using this package requires that the Outlook application is installed. I suppose this can be problematic for a solution that runs on a server.
Can I use the Microsoft.Office.Interop.Outlook package to accomplish my goal, or do I need to use another method that better supports a server?
Following the tip of Filburt in the comments, I found this code piece that accomplishes my goal
https://code.msdn.microsoft.com/windowsdesktop/A-very-simple-example-to-8bbe95f0
It looks up in Active Directory.
I have simplified the code from the link to the following. In this example we check if the email address addyToCheck#domain.com exists in the AD:
using System.DirectoryServices;
// check if address exists
var searcher = new DirectorySearcher();
searcher.Filter = "(&(mail=" + "addyToCheck#domain.com" + "))";
if (searcher.FindOne() != null) {
// the email exists in AD - all good!
}
This works for me locally and I suppose it will on the server as well. Let me know if you see anything wrong. Thank you.
I'm using the .net directory searcher to query data from OpenLDAP. It connects OK and I can query the user data, but operational attributes don't seem to be returned. This is a problem, as I need the entryUUID. I've tried adding "entryUUID" to the propertiesToLoad parameter when constructing the DirectorySearcher, and have also tried "+" (which according to the OpenLDAP documentation should return all operational attributes), but no joy.
Does anyone have any suggestions please?
I couldn't find a way of doing this, so in the end I used the LDAPConnection class in the DirectoryServices.Protocols namespace instead. The DirectorySearcher class seems to be primarily designed for querying Active Directory - while it can query other LDAP Directories its functionality is limited.
I have a WPF app that needs to determine if the current user is a member of an AD group.
I created AD group "TestGroup" in the following location in the AD "tree":
Apps/Shared/Groups/TestGroup
I'm testing the app under VS 2010, running as my domain login, which is a member of TestGroup (and yes, I've logged-off/on since I added myself to that group).
My domain name is ABC.
I first get the WindowsPrincipal by doing:
if (!Thread.CurrentPrincipal.Identity.IsAuthenticated)
Thread.CurrentPrincipal = new WindowsPrincipal(GetWindowsIdentity());
(which, BTW, always invokes GetWindowsIdentity()... could that be the problem?)
Then I do:
_windowsPrincipal.IsInRole(#"ABC\TestGroup")
... which always returns false.
Am I passing the correct string to IsInRole? Or do I need to specify the full path of the AD "tree", like: #"ABC\Apps\Shared\Groups\TestGroup" (I've tried just about every permutation). Or could this problem be caused by running in debug under VS?
Or ????
Thanks!
DadCat
Per my comment: It appears that the problem is not in the code. Instead, I had not rebooted since I added myself to the group. I had thought that a logoff/logon ("sign off/on") was all that was needed, but apparently a full reboot is necessary. Maybe this is a new "feature" of Win8.
Recently I was trying to find answer to question "How to determine if current logged in user is part of domain or not"
On Stackoverflow I found pretty decent answers for the above which involved usage of
using System.Security.Principal;
using System.DirectoryServices.AccountManagement;
But I also see a simple solution saying
System.Environment.UserDomainName; - gives name of the current user's domain name.
System.Environment.MachineName; - gives name of the machine.
If above two are not the same means the user is part of domain returned by UserDomainName
Fair enough, also confirmed by this link from MSDN
Now the question is what if the "Domain name" and "Machine name" are identical?
or
Is it possible that a machine with the exact same name as domain name can join the domain?
If this is true, is there any possibilities to counter check this by adding something to this simple solution
I bet you the current logged on user does not have a distingished name if he or she isn't logged on to a domain. Use GetUserNameEx with the EXTENDED_NAME_FORMAT type NameFullyQualifiedDN (1).
If you get a value back then you know the current user is logged on to a domain. Though, Calling this function might block your program unexpectedly for a period of time. You probably want to call this function in a asynchronous fashion as it might atempt to connect to some Active Directory service and just eventually fail or timeout.
An yet more resilient way to accomplish this would be to look up the account SID and check whether the EqualPrefixSid can compare it with the machine. If this is the case, then you know the current account is local to the machine (i.e. not in a domain). This does not involve crossing the network and waiting for a timeout, so it's a more direct approach. Interestingly, it also implies that if the machine name is the same as the user domain, Windows would have to assume that the domain you want to logon on to is the local machine and it should therefore be almost impossible to logon to the actual domain if the machine name really is the same as the domain.
Using .net, I'm trying to pull info from this AD field: Computer Name(pre-Windows 2000). However, I don't know what the property identifier for it is.
For instance, if you want to look for the city property, you use "l". I'm wondering what the corresponding identifier is for computer name.
dSearch.PropertiesToLoad.Add("l"); //load city property
dSearch.PropertiesToLoad.Add("?"); //what is computer name?
Does anyone know what to use here? Help would be much appreciated.
The AD ldap attribute for the pre-Windows 2000 computer name is "sAMAccountName". I verified it myself on AD by creating a bogus computer account, giving it a unique pre-win 2000 name, and then checking the AD attributes using LDAP Admin.
In our environment both of these return the computer name but I can't tell which is tied to Computer Name(pre-Windows 2000).
dSearch.PropertiesToLoad.Add("cn");
dSearch.PropertiesToLoad.Add("name");
Turns out the identifier was "employeeID".