locked
List of users from Active Directory? RRS feed

  • Question

  • User755602676 posted

    Can someone please tell me how to get a listing of users and their user account numbers (in string type, or easily convertible to string type) from active directory? Sample code would be nice. I've googled this already with no success; lot's of code that claims to do it, none that I have been able to get to work.

    Thanks!

    Tuesday, October 14, 2008 3:40 PM

All replies

  • User-349297501 posted

     With this code, you can search an active directory create a list of usernames, if you need more propertys,build a struct, and fill a list with this structs.

     

    DirectoryEntry domain1;
    DirectorySearcher searcher1;
    List<string> lista1 = new List<string>();
    
    dominio = new DirectoryEntry("LDAP://test.com/DC=dept1,DC=com", "domainadmin", "12345", AuthenticationTypes.ReadonlyServer);
    
    searcher1= new DirectorySearcher("(&(objectCategory=Person)(objectClass=user)");
    searcher1.SearchRoot = domain1;
    searcher1.SearchScope = SearchScope.Subtree;
    SearchResultCollection results1;
    results1= searcher1.FindAll();
                for (int i = 0; i < results1.Count; i++)
                {
    
                    lista1 .Add(results1[i].Properties["samaccountname"][0].ToString());
                }
    
     

     

    Tuesday, October 14, 2008 4:02 PM
  • User755602676 posted

    Thank you! Any chance you might have this in vb.net? I can translate most of it, but I don't know how to translate the <string> thing.

     Also, how would I find out what to put in the green part? I take it that that part needs to be customized to my AD environment?

    Tuesday, October 14, 2008 8:44 PM
  • User-349297501 posted

     yes, the green part is the connection string to ldap or active directory that you will use.

    You need the active directory server and OU of your domain, a user and a password, minimum with readonly, a common user it's enought to extract the user list.

     

     the list<string> in c# to vb.net :

    Dim stringlist As New System.Collections.Generic.List(Of String)()

    where the <string> translate like (Of String), because is a generic list.

    I hope this can help you .

     

    Wednesday, October 15, 2008 2:10 PM
  • User755602676 posted

    Thank you for your continued help!

    I translated it to vb like this (you have an item called "dominio" in your c# that I think you meant to be domain1?). My questions follow:

    Dim Domain1 As DirectoryEntry = New DirectoryEntry("LDAP://test.com/DC=dept1,DC=com", "domainadmin", "12345", AuthenticationTypes.ReadonlyServer)
    Dim Searcher1 As DirectorySearcher = New DirectorySearcher("(&(objectCategory=Person)(objectClass=user)")
    Dim Lista1 As New System.Collections.Generic.List(Of String)()

    Searcher1.SearchRoot = Domain1
    Searcher1.SearchScope = SearchScope.Subtree

    Dim Results1 As New SearchResultCollection
    Results1 = Searcher1.FindAll()

    For i As Integer = 0 To Results1.Count
            Lista1.Add(Results1(i).Properties(
    "samaccountname")(0).ToString())
    Next

    I have these questions, if you don't mind:

    1. VS is complaining about the Dim Results1 statement with a blue squiggly under Results1 that says that "Type 'System.DirectoryServices.SearchResultCollection' has no constructors". I've tried rearranging that statement in every possible syntax I can think of, but that hasn't helped. Do you know what the problem is?

    2. Do you know how I can find out what the "active directory server and ou of my domain" is? And how do I arrange that in the code?

    3. What account do I put in for "somaccountname"? How can find a list of eligible accounts?

    Thanks again.

    Tuesday, October 21, 2008 6:08 PM
  • User755602676 posted

    Never mind my first question about the Dim Results1 statement. I fixed that. But if you could please answer questions 2 and 3, that would help. thanks again.

    Tuesday, October 21, 2008 6:20 PM
  • User-349297501 posted

     if you machine or server are already using active directory, then you can use directly without using a connection string like this:

     

    DirectorySearcher searcher = new System.DirectoryServices.DirectorySearcher("(samaccountname=johndoe)");
    SearchResult result=searcher.FindOne();
    DirectoryEntry dentry= result.GetDirectoryEntry();
    string fullname=dentry.Properties["displayName"].Value.ToString();
    
     
    in this case, the samAccountname is the short name o domain user that you are searching, if you need for example, searching all that star with the letter B, you can define a filter in the searcher:
    searcher.Filter = ("(&(objectCategory=person)(objectClass=user)(sAMAccountName=B*"))"); 
    and interate the results:
     System.DirectoryServices.SearchResultCollection userlist=  searcher.FindAll();
    for(int i=0;i<userlist.Count;i++)
    {
    userlist[i].Properties["displayName"].ToString();
    }

      There area a lot of properties in the activedirectory for example:

    TelephoneNumber,IPphone,Mobile ,Department,manager,employeeId,displayName,Name,givenName

    But, you need to check with your active directory admin, in other way, you can extract the properties names with this code snippet:

     

     List<string> propnames = new List<string>();
                System.DirectoryServices.PropertyCollection colprop;            
                    foreach(System.DirectoryServices.PropertyValueCollection elem in dentry.Properties)
                    {
                        propnames.Add(elem.PropertyName);
                    }      
    And check the contect of the string list to view what properties area available.
     
     
      
    Wednesday, October 22, 2008 1:49 PM
  • User755602676 posted

    thank you so much for your help.

    Thursday, October 23, 2008 6:43 PM
  • User830388994 posted

    I am trying to traverse through a active directory group in classic asp.

    example

    obj1 = getobject("LDAP://CN=name,DC=,DC=com")
    Dim memName = "test"

    for each memebr in obj1.members
        if (memName = obj1.name) then
               flag = 1
            else
              flag = 0
            end if
    next

    it doesn't work. I am trying ti compare the members of "obj1" group to "test". I am not sure what property I need to use to retrieve the member name from an active directory group.

    Please help me.

     

    Thanks,

    Niru

     

    Wednesday, October 29, 2008 11:55 PM
  • User-2079787324 posted

    try this

     Dim ADEntry As New System.DirectoryServices.DirectoryEntry("WinNT://domainname") '"LDAP://domainname") '"WinNT://" & a(0) & "/" & a(1))
    
          
            Dim adsUser As DirectoryEntry
            Dim i As Int32 = 0
            For Each adsUser In ADEntry.Children
    
                If adsUser.SchemaClassName = "User" Then
                    ListBox1.Items.Add(New ListItem(adsUser.Properties("FullName").Value.ToString, adsUser.Name.ToString))
                           
                End If
            Next
            


     

    Thursday, July 1, 2010 8:50 AM
  • User1309392347 posted

    Yes, Thanks!!! Finally I found what I needed.  I have been trying to find some help with this for two days now.  I have tried so many different solutions, but too no avail.  Based on my active directory groups setup, nothing worked for me.  My users are assigned to a  group in AD, but the users do not appear in that group.  However, this code was able to help me retrieve all users in AD. 

    Thanks again darkzen for your help!!!

    CDS

     

     

    Wednesday, July 20, 2011 3:50 PM
  • User-470152798 posted

    Hello, i like to get all list of active users who connected to server / domain. some of my  colleagues left the job even there user id are being displayed on the active directory so  i  would like to  remove those who are not  working present from active directory, and i want list of all users to display.

    can you develop the code?

    thank you in advance! 

    Thursday, February 16, 2017 2:30 AM
  • User753101303 posted

    Hi,

    Please avoid to post to a very old thread, create a new one instead. Here, it should be quite easy to use https://msdn.microsoft.com/en-us/library/system.directoryservices.accountmanagement.userprincipal.findbylogontime(v=vs.110).aspx to list all accounts not used since few months...

    It still seems to me it should be as best a check list and that it shouldn't replace having the proper leave management process in place (and I would never take any action jsut based oin this info).

    Friday, March 17, 2017 4:31 PM