locked
using C# to access active directory and pull "active" users... RRS feed

  • Question

  • User144366335 posted

    I am using C# to access active directory and pull a list of all "users" back. What I am doing actually works quite well except it is literally pulling ALL users back. How would I filter out those users that are designated in the DISABLED folder in AD ?

    Any suggestions would be greatly appreciated

    Brian

    bsusol@goulstonstorrs.com

    The following is my code.

     

    try

    {

    string path = "LDAP://xxxx/CN=Users,DC=firm,DC=xxxx,DC=com";

    DirectoryEntry AD = new DirectoryEntry(path);

    AD.Username = "xx\\xxxx";AD.Password = "xxxx";

     

    AD.Username = "xx\\xxxx";

    AD.Password = "xxxx";AD.Children.SchemaFilter.Add("user");

     

     

    foreach (DirectoryEntry obj in AD.Children)

    {

    string replaced = FixString(obj.Name.ToString(), "CN=", "");replaced = FixString(replaced, "\\", "");

    ADUsersList.Items.Add(replaced);

    }

    }

    catch

    {

    }

    Friday, October 19, 2007 12:39 PM

Answers

  • User863160722 posted

    Try using the DirectorySearcher class:  

    try
    {
        string path = "LDAP://xxxx/CN=Users,DC=firm,DC=xxxx,DC=com";
    string filter = "(&(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2))";
    string[] propertiesToLoad = new string[1] { "name" };

    using (DirectoryEntry root = new DirectoryEntry(path, "xx\\xxxx", "xxxx"))
    using (DirectorySearcher searcher = new DirectorySearcher(root, filter, propertiesToLoad))
    using (SearchResultCollection results = searcher.FindAll())
    {
    foreach (SearchResult result in results)
    {
    string name = (string)result.Properties["name"][0];
    ADUsersList.Items.Add(name);
    }
    }
    }
    catch { }
     

    The search filter syntax looks a bit complicated, but basically it filters the search results to only include users - "objectCategory=person" and "objectClass=user" - and excludes disabled user accounts by performing a bitwise AND of the userAccountControl flags and the "account disabled" flag, and negating the results.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Monday, October 22, 2007 3:18 PM

All replies

  • User863160722 posted

    Try using the DirectorySearcher class:  

    try
    {
        string path = "LDAP://xxxx/CN=Users,DC=firm,DC=xxxx,DC=com";
    string filter = "(&(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2))";
    string[] propertiesToLoad = new string[1] { "name" };

    using (DirectoryEntry root = new DirectoryEntry(path, "xx\\xxxx", "xxxx"))
    using (DirectorySearcher searcher = new DirectorySearcher(root, filter, propertiesToLoad))
    using (SearchResultCollection results = searcher.FindAll())
    {
    foreach (SearchResult result in results)
    {
    string name = (string)result.Properties["name"][0];
    ADUsersList.Items.Add(name);
    }
    }
    }
    catch { }
     

    The search filter syntax looks a bit complicated, but basically it filters the search results to only include users - "objectCategory=person" and "objectClass=user" - and excludes disabled user accounts by performing a bitwise AND of the userAccountControl flags and the "account disabled" flag, and negating the results.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Monday, October 22, 2007 3:18 PM
  • User144366335 posted

    This actually worked very well. Thank you VERY much

     

    I did have one other question based on this, which I am reasearching now and hope to find, but I figure ill toss it out..

     

    What if I do not want to pull the name? but the username?   All our usernames in AD are in the Pre Windows 2000 field. Any idea what that field might be called OR better yet, any sort of reference I can visit that might have the info?

     

    Again, thank you VERY much

     

     

    Tuesday, October 23, 2007 10:30 AM
  • User863160722 posted

    The NT user name is stored in the sAMAccountName property.

    You can find the list of attributes in the MSDN documentation for the User class. You'll need to load the topic for each attribute to find the property name, which is the Ldap-Display-Name.

    Tuesday, October 23, 2007 10:46 AM
  • User144366335 posted

    Yep!

    I found it at http://www.computerperformance.co.uk/Logon/LDAP_attributes_active_directory.htm

     

    but I really appreciate it and thank you again.... Its working great!

     

    Tuesday, October 23, 2007 10:54 AM
  • User1857902878 posted

     That was a great job.

     I need to display all the users available in the domain. How is that possible? And if I type a name, it should use that name to filter the users and display. Can you help me?

    Tuesday, August 19, 2008 12:12 AM
  • Sunday, August 25, 2013 10:33 PM