Article describes “Querying Active Directory using CSharp (C#)” via LDAP Service. I have developed a sample application around this topic with following goals, download source code and try it out yourself.
- Retrieve User Details or an Object from AD based on Username – sAMAccountName
- Retrieve User Details or an Object from AD based on Email ID – mail
Video Tutorial by Webucator
Following details required to retrieve any information from Active Directory and it’s required for sample application too.
- LDAP address (For e.g.: mydomain.com or IP of the Domain Controller/Global Catalog[GC])
- Port # (For e.g.: 3289 or 389) where would you to like search?
- Domain Username
- Domain Password
How to do – Step by Step approach
For an easy understanding, we are going to follow step by step approach. Experts can combine the few steps into single line of code or as you see fit.
Compose LDAP address (you can use IP address too), create DirectoryEntry object using composed ldapAddress, username and password
// Creating a directory entry object by passing LDAP address
string ldapAddress = "LDAP://mydomain.com:3289";
DirectoryEntry de = new DirectoryEntry(ldapAddress, username, password);
Create DirectorySearcher object using DirectoryEntry object we created from Step 1.
DirectorySearcher ds = new DirectorySearcher(de);
Create an Filter and apply that filter in the DirectorySearcher object. Below you will find two filters to perform different needs. To know more about Filter Syntax click here.
Filter based on Username - sAMAccountName
ds.Filter = "(&((&(objectCategory=Person)(objectClass=User)))(samaccountname="+ username + "))";
Filter based on Email ID - mail
ds.Filter = "(&((&(objectCategory=Person)(objectClass=User)))(mail=" + email + "))";
Apply the SearchScope in the DirectorySearcher object.
ds.SearchScope = SearchScope.Subtree;
Use an API from DirectorySearcher class; choose according to your need and storing the result object using SearchResult class object. This example using FindOne API, it returns object found at first during search.
SearchResult rs = ds.FindOne();
Retrieving an attribute value from SearchResult object (default Attribute List ), so you can retrieve appropriate one according to your requirement. Few attributes used below as an example.
// Accessing few attributes like-
// samaccountname => Username
// givenName => First Name
// sn => Last Name
// mail => Email Id
if (rs.GetDirectoryEntry().Properties["samaccountname"].Value != null)
lblUsernameDisplay.Text = "Username : " + rs.GetDirectoryEntry().Properties["samaccountname"].Value.ToString();
if (rs.GetDirectoryEntry().Properties["givenName"].Value != null)
lblFirstname.Text = "First Name : " +rs.GetDirectoryEntry().Properties["givenName"].Value.ToString();
if (rs.GetDirectoryEntry().Properties["sn"].Value != null)
lblLastName.Text = "Last Name : " + rs.GetDirectoryEntry().Properties["sn"].Value.ToString();
if (rs.GetDirectoryEntry().Properties["mail"].Value != null)
lblEmailId.Text = "Email ID : " + rs.GetDirectoryEntry().Properties["mail"].Value.ToString();
Accessing User Certificate from Active Directory
DirectoryEntry de = rs.GetDirectoryEntry();
Byte certificateBytes = de.Properties["userCertificate"].Value as byte;
X509Certificate2 cert = new X509Certificate2(certificateBytes);
Once you have Certificate object, do as your requirement. Just a start point like
DateTime dateAfter = cert.NotAfter;
DateTime dateBefore = cert.NotBefore;
As we discussed step by step approach to retrieve user details or an object from Active Directory. Complete source code present in GitHub also downloadable archive below.Download – ActiveDirectory.zip
Beginning of yours
Now, you have learned “Querying Active Directory using CSharp (C#)” and how to interact with ActiveDirectory to do retrieving/search user. Have fun and make use of provided source code from article.