Active Directory - Questions regarding how to properly/best query AD from a website RRS feed

  • Question

  • User1864322503 posted

    Hello all,

    We have an upcoming project that is basically to create an employee timesheet/tracking app. Users will login to the application, and enter time for each day.

    I'm looking for some direction on the best way to interact with Active Directory. We will want to get the current user or if the current user is a manager, get the current user + subordinates of the manager. Managers will be able to view subordinates' timesheets.

    Now, researching the way to interact with AD has left me pretty confused. There is the AD Graph explorer out there,  I also see people directly interacting with a PricipalContext class for retrieving data. There's GraphServiceClients, ActiveDirectoryClients, etc. and I just really am having a hard time understanding which direction I should go in.

    The plan is to develop this in .NET Core MVC, if that makes any difference.



    Monday, August 5, 2019 3:35 PM

All replies

  • User1724605321 posted

    Hi nvielbig ,

    You can use System.DirectoryServices(System. DirectoryServices. AccountManagement) to authenticate/query AD from .net core 2.1 .

    If using .net core 2.0 or lower version, you can use  Windows Compatibility Pack:


    Or third-party Novell.Directory.Ldap.NETStandard :


    Best Regards,

    Nan Yu

    Tuesday, August 6, 2019 2:06 AM
  • User1864322503 posted

    Hi Nan,

    Thanks for your reply. I will look into the System.DirectoryServices DLL.

    My other thought is with the Microsoft Graph, why would I go to use Graph instead of DirectoryServices? Is the Graph there to help you get data from more than just AD, whereas the System.DirectoryServices DLL only allows you to access AD Data?

    Tuesday, August 6, 2019 2:09 PM
  • User753101303 posted


    Microsoft Graph is for "Azure Active Directory" and more generally most if not all Microsoft cloud services. You are using Windows authentication  with a local Active Directory ?

    Tuesday, August 6, 2019 3:14 PM
  • User1864322503 posted

    Hi Patrice,

    I would be getting the logged in user via Windows Authentication. I'd then go to AD, get the logged in user's AD Data

    Tuesday, August 6, 2019 6:50 PM
  • User1724605321 posted

    Hi fnvielbig,

    So that you can't use Microsoft Graph , it's used for cloud based microsoft services .

    Best Regards,

    Nan Yu

    Wednesday, August 7, 2019 2:03 AM
  • User753101303 posted

    So as suggested earlier give a try at https://www.nuget.org/packages/System.DirectoryServices.AccountManagement/

    The "old" documentation for the .NET 4.x version should apply. In particular you should be able to use User.Identity.Name and UserPrincipal.FindByIdentity to find the AD information for the currently connected user.

    Wednesday, August 7, 2019 6:42 AM