locked
Updating Attribute in Active Directory - Please Help! RRS feed

  • Question

  • User-1879028661 posted

    Here's what I need to do.
    I have a process that'll pull out the EmployeeID attribute from a user in AD.
    If the EmployeeID does not exist, then I need to populate it.

    I have searched this and other forums and I can only find how to reset a password or how to read LDAP.

    I have a web service that does all my AD searches.   I'm going to add a web method to it to populate the attribute.  The account on which the web service runs is an account operator so I know there won't be an issue with permissions.

    Any help would be greatly appreciated.
    Thanks
    Ron

    Wednesday, February 22, 2006 11:33 AM

All replies

  • User1354132231 posted
    This is a pretty easy thing to do assuming you have the permission to make updates.  The easiest way is to find the accounts without the attribute and update them in batch.  It will be a bit more efficient.

    DirectoryEntry searchRoot = new DirectoryEntry(
        "LDAP://DC=yourdomain,DC=com",
        null,
        null,
        AuthenticationTypes.Secure
        );
       
    using (searchRoot)
    {
        DirectorySearcher ds = new DirectorySearcher(
            searchRoot,
            "(&(objectClass=user)(objectCategory=person)(!employeeID=*))",
            );
           
        ds.PropertyNamesOnly = true;
        ds.PageSize = 500;
       
        using (SearchResultCollection src = ds.FindAll())
        {
            foreach (SearchResult sr in src)
            {
                using (DirectoryEntry user = sr.GetDirectoryEntry())
                {
                    //you have a user with no employeeID, so add it
                    user.Properties["employeeID"].Add(1234);
                    user.CommitChanges();
                }
            }
        }
    }

    Assuming you have permission, this will be successful.  If you are attempting to do this for a single user per call, it would be something similar, except perhaps you will filter based on 'sAMAccountName' or the like.

    Wednesday, February 22, 2006 3:34 PM
  • User-1879028661 posted

    Thank you,

    I used something like what you have (in VB) and some other code I found.
    I'll post it when I get into work.
    Thank you very much

    Ron[:)]

    Wednesday, February 22, 2006 8:26 PM