Im wondering how to get a list of all computers / machines / pc from active directory?
(Trying to make this page a search engine bait, will reply myself. If someone has a better reply il accept that )
If you have a very big domain, or your domain has limits configured on how how many items can be returned per search, you might have to use paging.
using System.DirectoryServices; //add to references
public static List<string> GetComputers()
{
List<string> ComputerNames = new List<string>();
DirectoryEntry entry = new DirectoryEntry("LDAP://YourActiveDirectoryDomain.no");
DirectorySearcher mySearcher = new DirectorySearcher(entry);
mySearcher.Filter = ("(objectClass=computer)");
mySearcher.SizeLimit = int.MaxValue;
mySearcher.PageSize = int.MaxValue;
foreach(SearchResult resEnt in mySearcher.FindAll())
{
//"CN=SGSVG007DC"
string ComputerName = resEnt.GetDirectoryEntry().Name;
if (ComputerName.StartsWith("CN="))
ComputerName = ComputerName.Remove(0,"CN=".Length);
ComputerNames.Add(ComputerName);
}
mySearcher.Dispose();
entry.Dispose();
return ComputerNames;
}
What EKS suggested is correct, but is performing a little bit slow.
The reason for that is the call to GetDirectoryEntry() on each result. This creates a DirectoryEntry object, which is only needed if you need to modify the active directory (AD) object. It's OK if your query would return a single object, but when listing all object in AD, this greatly degrades performance.
If you only need to query AD, its better to just use the Properties collection of the result object. This will improve performance of the code several times.
This is explained in documentation for SearchResult class:
Instances of the SearchResult class are very similar to instances of
DirectoryEntry class. The crucial difference is that the
DirectoryEntry class retrieves its information from the Active
Directory Domain Services hierarchy each time a new object is
accessed, whereas the data for SearchResult is already available in
the SearchResultCollection, where it gets returned from a query that
is performed with the DirectorySearcher class.
Here is an example on how to use the Properties collection:
public static List<string> GetComputers()
{
List<string> computerNames = new List<string>();
using (DirectoryEntry entry = new DirectoryEntry("LDAP://YourActiveDirectoryDomain.no")) {
using (DirectorySearcher mySearcher = new DirectorySearcher(entry)) {
mySearcher.Filter = ("(objectClass=computer)");
// No size limit, reads all objects
mySearcher.SizeLimit = 0;
// Read data in pages of 250 objects. Make sure this value is below the limit configured in your AD domain (if there is a limit)
mySearcher.PageSize = 250;
// Let searcher know which properties are going to be used, and only load those
mySearcher.PropertiesToLoad.Add("name");
foreach(SearchResult resEnt in mySearcher.FindAll())
{
// Note: Properties can contain multiple values.
if (resEnt.Properties["name"].Count > 0)
{
string computerName = (string)resEnt.Properties["name"][0];
computerNames.Add(computerName);
}
}
}
}
return computerNames;
}
Documentation for SearchResult.Properties
Note that properties can have multiple values, that is why we use Properties["name"].Count to check the number of values.
To improve things even further, use the PropertiesToLoad collection to let the searcher know what properties you are going to use in advance. This allows the searcher to only read the data that is actually going to be used.
Note that the DirectoryEntry and DirectorySearcher objects should
be properly disposed in order to release all resources used. Its best
done with a using clause.
An LDAP query like: (objectCategory=computer) should do the trick.
if you only want to get the enabled computers:
(&(objectclass=computer)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
Related
My customer has a huge Active Directory forerst. For example:
Root
company.com
de.company.com
us.company.com
in.company.com
xx.company.com
When i get the current user i get domainname\username. When i grab domainname and want to search in this domain for other users in the world, i can't cause i need to know company.com to do a directory search.
Is there a way in C# to get the root object which i use with the DirectorySearcher or any other C# method to query the AD?
root forest name can be ontained from RootDSE partition. Look at rootDomainNamingContext attribute. This wiil return you forest root domain. I do not recommend to extract forest name from user DN, as it will not work in case if you have 2 domain trees in one forest. The second option is to search users in global catalog of current domain. Global catalog contains partial replica of all users from the entire forest
The code below performs the search over the global catalog. I have 2 domains, in my forest so it returns me 2 users. Be aware, that you will have to deal with multiple results returned:
var forest = Forest.GetCurrentForest();
var globalCatalog = GlobalCatalog.FindOne(new DirectoryContext(DirectoryContextType.Forest, forest.Name));
using (var connection = new LdapConnection(new LdapDirectoryIdentifier(globalCatalog.Name, 3268)))
{
var entries = new List<SearchResultEntry>();
var searchRequest = new SearchRequest(string.Empty, "(samaccountname=administrator)", SearchScope.Subtree, null);
var searchOptionsControl = new SearchOptionsControl(System.DirectoryServices.Protocols.SearchOption.DomainScope);
searchRequest.Controls.Add(searchOptionsControl);
var pageResultRequestControl = new PageResultRequestControl(1000);
searchRequest.Controls.Add(pageResultRequestControl);
do
{
var response = (SearchResponse)connection.SendRequest(searchRequest);
if (response != null)
{
if (response.ResultCode != ResultCode.Success)
{
throw new ActiveDirectoryOperationException(response.ErrorMessage, (int) response.ResultCode);
}
foreach (var c in response.Controls.OfType<PageResultResponseControl>())
{
pageResultRequestControl.Cookie = c.Cookie;
break;
}
entries.AddRange(response.Entries.Cast<SearchResultEntry>());
}
}
while (pageResultRequestControl.Cookie != null && pageResultRequestControl.Cookie.Length > 0);
}
Several notes on this code:
1. of course this code it not a production one. You can write more general LdapSearcher, for example one can be found here. You can make a synchronous version of this searcher if needed.
2. I do strongly recommend to use LdapConnection instead of DirectorySearcher in service based applications, because using DirectorySearcher in enterprise environment leads to memory leaks and other issues
To get the root object of a user, use the property or attribute distinguished name to determine the fully qualified path in the Active Direcotry. Read the structure from right and extract the root element.
E. g. cn=John Doe, ou=People, dc=sun.com
I'm using C# to work with AD (Win 2012R2).
We are syncing AD users,groups and their relationship to SQL database.
Full sync works well.
But when using synchronization cookie, the relationship changes does not detected.
What may be the reason?
Thanks.
Here is my code:
public void DirSyncChanges(DirectoryEntry de, byte[] cookie)
{
DirectorySynchronization syncData = new DirectorySynchronization(cookie);
srch = new DirectorySearcher(de)
{
Filter = "(&(objectClass=user)(objectCategory=person))",
SizeLimit = Int32.MaxValue,
Tombstone = true
};
srch.DirectorySynchronization = syncData;
syncData.Option = DirectorySynchronizationOptions.None;
using(SearchResultCollection results = srch.FindAll())
foreach (SearchResult res in results)
{
//results is empty. no loop
}
}
Please specify the DirectorySearcher.PropertiesToLoad. Only if any of the attributes in PropertiesToLoad are updated, you will get them in delta sync.
As i remember the search root of DirSync must be naming context root object.
Better use paged search. No matter how large the value you set to SizeLimit. It will only return at most 1000 or 1500 (forgot exact number) results.
My answer is based on .NET 3.5.
the web shows dozens of examples to query the exchange's global address list but i want to query the specific address lists! So every user in our Enterprise is ofcourse listed in our global address list but i want to query the address list of a specific company within our Enterprise.
In the example below, Aswebo, Cosimco, etc.. are address lists.
How do I list these address lists?
How do I list the people within these address lists?
I don't have exchange setup to test this code, so it will need modifications but it should give you a starting point to explore.
The idea is that you set the ItemView to the ContactSchema to retrieve results by company.
// Get the number of items in the Contacts folder. To keep the response smaller, request only the TotalCount property.
ContactsFolder contactsfolder = ContactsFolder.Bind(service,
WellKnownFolderName.Contacts,
new PropertySet(BasePropertySet.IdOnly, FolderSchema.TotalCount));
// Set the number of items to the smaller of the number of items in the Contacts folder or 1000.
int numItems = contactsfolder.TotalCount < 1000 ? contactsfolder.TotalCount : 1000;
// Instantiate the item view with the number of items to retrieve from the Contacts folder.
ItemView view = new ItemView(numItems);
view.PropertySet = new PropertySet(ContactSchema.CompanyName, ContactSchema.EmailAddress1);
// Retrieve the items in the Contacts folder that have the properties you've selected.
FindItemsResults<Item> contactItems = service.FindItems(WellKnownFolderName.Contacts, view);
foreach(var contact in contactItems)
{
Contact contact = item as Contact;
// Filter / Group by company name
// contact.Companyname
}
You can also use service.FindItems(WellKnownFolderName, SearchFilter, ViewBase) to provide additional filtering.
See this MSDN blog for a code example.
I've been searching all afternoon and came up with the code below. It works.. but looking dirty. I would like an entire Principal approach but it seems I'm too dumb :-)
Anyone that wants to translate this code to 100% 'System.DirectoryServices.AccountManagement'?
using System;
using System.Collections.Generic;
using System.DirectoryServices;
using System.DirectoryServices.AccountManagement;
namespace ConsoleApplication3
{
class Program
{
static void Main(string[] args)
{
DirectoryEntry ldap;
DirectorySearcher ldap_search;
SearchResultCollection ldap_results;
PrincipalContext ctx = new PrincipalContext(ContextType.Domain);
var addressLists = new Dictionary<string, string>();
// Flexible way (but visually complex!) for building the path LDAP://CN=All Address Lists,CN=Address Lists Container,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=DOMAIN,DC=local
ldap = new DirectoryEntry("LDAP://RootDSE");
ldap_search = new DirectorySearcher(new DirectoryEntry("LDAP://CN=Microsoft Exchange, CN=Services," + ldap.Properties["configurationNamingContext"].Value), "(objectClass=msExchOrganizationContainer)");
ldap_search = new DirectorySearcher(new DirectoryEntry("LDAP://CN=All Address Lists,CN=Address Lists Container," + ldap_search.FindOne().Properties["distinguishedName"][0]), "(objectClass=addressBookContainer)");
ldap_search.Sort = new SortOption("name", SortDirection.Ascending);
// Find All Address Lists alphabetically and put these into a dictionary
ldap_results = ldap_search.FindAll();
foreach (SearchResult ldap_result in ldap_results)
{
var addressList = new DirectoryEntry(ldap_result.Path);
addressLists.Add(addressList.Properties["name"].Value.ToString(), addressList.Properties["distinguishedName"][0].ToString());
}
//// list Address Lists
//foreach (var addressList in addressLists) Console.WriteLine(addressList.Key);
// List all users from Address List "Aswebo"
ldap = new DirectoryEntry("LDAP://" + ldap.Properties["defaultNamingContext"].Value); // rename ldap to LDAP://DC=DOMAIN,DC=local
ldap_search = new DirectorySearcher(ldap, string.Format("(&(objectClass=User)(showInAddressBook={0}))", addressLists["Aswebo"])); // Search all users mentioned within the specified address list
ldap_results = ldap_search.FindAll();
foreach (SearchResult ldap_result in ldap_results)
{
// Fetch user properties using the newer interface.. just coz it's nice :-)
var User = UserPrincipal.FindByIdentity(ctx, IdentityType.DistinguishedName, ldap_result.Path.Replace("LDAP://", ""));
Console.WriteLine(User.DisplayName);
}
Console.ReadLine();
}
}
}
I'm using this snippet of code to output a list of all the computers on my network (the language is jscript.net, but it's just a small manipulation of C#).
var parentEntry = new DirectoryEntry();
parentEntry.Path = "WinNT:";
for(var childEntry in parentEntry.Children) {
if(childEntry.SchemaClassName == "Domain") {
var parentDomain = new TreeNode(childEntry.Name);
this.treeView1.Nodes.Add(parentDomain);
var subChildEntry : DirectoryEntry;
var subParentEntry = new DirectoryEntry();
subParentEntry.Path = "WinNT://" + childEntry.Name;
for(subChildEntry in subParentEntry.Children) {
var newNode1 = new TreeNode(subChildEntry.Name);
if(subChildEntry.SchemaClassName == "Computer") {
parentDomain.Nodes.Add(newNode1);
}
}
}
}
I have 2 issues with this:
1) It is extremely slow. There's about 100 computers showing, and it takes about 1 minute to load.
2) I want to get only a list of computers that are currently online.
This can be done because I've seen other programs doing it and they are much faster, also they're able to show only the ones online.
Am I missing something?
I know it's a bit old, but for others...this snippet will return a 760 computer names from a domain using AD within 2-3 seconds....a significant improvement....enjoy!
Friend Shared Function DomainComputers() As Generic.List(Of String)
' Add a Reference to System.DirectoryServices
Dim Result As New Generic.List(Of String)
Dim ComputerName As String = Nothing
Dim SRC As SearchResultCollection = Nothing
Dim Searcher As DirectorySearcher = Nothing
Try
Searcher = New DirectorySearcher("(objectCategory=computer)", {"Name"})
Searcher.Sort = New SortOption("Name", SortDirection.Ascending)
Searcher.Tombstone = False
SRC = Searcher.FindAll
For Each Item As SearchResult In SRC
ComputerName = Item.Properties("Name")(0)
Result.Add(ComputerName)
Next
Catch ex As Exception
End Try
Return Result
End Function
I would look at Linq To Active Directory found on CodePlex
You'd also have to define "my network". Your subnet? Your Organizational Unit? Your domain? Your forest?
Also consider where your LDAP server is that you are querying. Is it close or is it on the other end of a remote link?
Also what do you consider "online"? Do you expect to be able to ping it? Do you expect to be able to connect to it and perform an operation?
There are many things to consider here. Also if you have other infrastructure components such as an SCCM / SMS server they can often be queried much faster since all of the discovery data has flowed up into the data warehouse.
I am querying information from Active Directory. I have code that works, but it's really slow.
This is the code I currently use:
static void Main(string[] args)
{
SearchResultCollection sResults = null;
try
{
//modify this line to include your domain name
string path = "LDAP://EXTECH";
//init a directory entry
DirectoryEntry dEntry = new DirectoryEntry(path);
//init a directory searcher
DirectorySearcher dSearcher = new DirectorySearcher(dEntry);
//This line applies a filter to the search specifying a username to search for
//modify this line to specify a user name. if you want to search for all
//users who start with k - set SearchString to "k"
dSearcher.Filter = "(&(objectClass=user))";
//perform search on active directory
sResults = dSearcher.FindAll();
//loop through results of search
foreach (SearchResult searchResult in sResults)
{
if (searchResult.Properties["CN"][0].ToString() == "Adit")
{
////loop through the ad properties
//foreach (string propertyKey in
//searchResult.Properties["st"])
//{
//pull the collection of objects with this key name
ResultPropertyValueCollection valueCollection =
searchResult.Properties["manager"];
foreach (Object propertyValue in valueCollection)
{
//loop through the values that have a specific name
//an example of a property that would have multiple
//collections for the same name would be memberof
//Console.WriteLine("Property Name: " + valueCollection..ToString());
Console.WriteLine("Property Value: " + (string)propertyValue.ToString());
//["sAMAccountName"][0].ToString();
}
//}
Console.WriteLine(" ");
}
}
}
catch (InvalidOperationException iOe)
{
//
}
catch (NotSupportedException nSe)
{
//
}
finally
{
// dispose of objects used
if (sResults != null)
sResults.Dispose();
}
Console.ReadLine();
}
What would faster code look like to get user information from AD?
You can call UserPrincipal.FindByIdentity inside System.DirectoryServices.AccountManagement:
using System.DirectoryServices.AccountManagement;
using (var pc = new PrincipalContext(ContextType.Domain, "MyDomainName"))
{
var user = UserPrincipal.FindByIdentity(pc, IdentityType.SamAccountName, "MyDomainName\\" + userName);
}
The reason why your code is slow is that your LDAP query retrieves every single user object in your domain even though you're only interested in one user with a common name of "Adit":
dSearcher.Filter = "(&(objectClass=user))";
So to optimize, you need to narrow your LDAP query to just the user you are interested in. Try something like:
dSearcher.Filter = "(&(objectClass=user)(cn=Adit))";
In addition, don't forget to dispose these objects when done:
DirectoryEntry dEntry
DirectorySearcher dSearcher
Well, if you know where your user lives in the AD hierarchy (e.g. quite possibly in the "Users" container, if it's a small network), you could also bind to the user account directly, instead of searching for it.
DirectoryEntry deUser = new DirectoryEntry("LDAP://cn=John Doe,cn=Users,dc=yourdomain,dc=com");
if (deUser != null)
{
... do something with your user
}
And if you're on .NET 3.5 already, you could even use the vastly expanded System.DirectorySrevices.AccountManagement namespace with strongly typed classes for each of the most common AD objects:
// bind to your domain
PrincipalContext pc = new PrincipalContext(ContextType.Domain, "LDAP://dc=yourdomain,dc=com");
// find the user by identity (or many other ways)
UserPrincipal user = UserPrincipal.FindByIdentity(pc, "cn=John Doe");
There's loads of information out there on System.DirectoryServices.AccountManagement - check out this excellent article on MSDN by Joe Kaplan and Ethan Wilansky on the topic.
You can simplify this code to:
DirectorySearcher searcher = new DirectorySearcher();
searcher.Filter = "(&(objectCategory=user)(cn=steve.evans))";
SearchResultCollection results = searcher.FindAll();
if (results.Count == 1)
{
//do what you want to do
}
else if (results.Count == 0)
{
//user does not exist
}
else
{
//found more than one user
//something is wrong
}
If you can narrow down where the user is you can set searcher.SearchRoot to a specific OU that you know the user is under.
You should also use objectCategory instead of objectClass since objectCategory is indexed by default.
You should also consider searching on an attribute other than CN. For example it might make more sense to search on the username (sAMAccountName) since it's guaranteed to be unique.
I'm not sure how much of your "slowness" will be due to the loop you're doing to find entries with particular attribute values, but you can remove this loop by being more specific with your filter. Try this page for some guidance ... Search Filter Syntax