1

The following code works great for users in my domain (e.g., "TESTER" instead of "DEVELOPER"), but I can't figure out how to search higher than the current domain. I tried variation combinations of searches with the PrincipalSearcher class, but I'm not sure how to pass in a search by email address or username to look for other domains within my organization even though they're all in a single forest.

var name = "DEVELOPER\\JULIANI99";
var p = UserPrincipal.FindByIdentity(new PrincipalContext(ContextType.Domain), name);
Dinerdo
  • 560
  • 7
  • 27
  • 2
    try passing variant of principal context object. new PrincipalContext(ContextType.Domain,"domain name here"). I have not tried just a suggestion. – Hakunamatata Apr 04 '17 at 02:26
  • This does work when I know the domain. Thanks! I would still like to give users more options similar to the user fields in SharePoint, but this will do temporarily. – Dinerdo Apr 04 '17 at 15:37

1 Answers1

1

FindByIdentity doesn't work well for searching a forest.

I tried something like this:

var d = new PrincipalContext(ContextType.Domain, "domain.com:3268", "DC=com");
var p = UserPrincipal.FindByIdentity(d, IdentityType.SamAccountName, username);

But I keep getting an error saying a referral was returned. It might be different for you. The "3268" port tells it to use the global catalog (forest-wide search). The root (which I have as "DC=com") has to be the common across all the domains in your forest. So if all your domains are sub-domains of "domain.com", then you could put "DC=domain,DC=com". But if you have "domain.com" and "otherdomain.com" part of the same AD forest, then that wouldn't work.

FindByIdentity also won't work for searching by email address, so you may just be better off using PrincipalSearcher.

If you get the same referral error I got, you can tell it to follow the referral:

PrincipalSearcher srch = new PrincipalSearcher(User);
((DirectorySearcher) srch.GetUnderlyingSearcher()).ReferralChasing = ReferralChasingOption.All;
Community
  • 1
  • 1
Gabriel Luci
  • 38,328
  • 4
  • 55
  • 84
  • Yes, I got the same error about a referral being returned when I tried that approach earlier. I will try this method and let you know. – Dinerdo Apr 04 '17 at 14:22
  • How are you using this to get around the referral issue? I receive that error when setting User.EmailAddress or even when passing the User object into the PrincipalSearcher constructor before setting anything on the User object. – Dinerdo Apr 04 '17 at 15:34
  • Yeah, looks like I get that too. Looks like you're better off just using `DirectorySearcher` directly. `PrincipalSearcher` is just a wrapper for it "to make things easier", but in this case it just makes things impossible. – Gabriel Luci Apr 04 '17 at 17:03
  • Here's a handy link I've referred to often. In the section "Get an Object DistinguishedName: ADO.NET search (ADVANCED)" it shows how to use DirectorySearcher, although you'll have to change the filter used to search by the `mail` attribute. https://www.codeproject.com/articles/18102/howto-almost-everything-in-active-directory-via-c – Gabriel Luci Apr 04 '17 at 17:06
  • There's a much simpler example of searching the global catalog using `DirectorySearcher` here: http://stackoverflow.com/questions/21117741/using-directorysearcher-in-global-catalog-to-find-domain-username – Gabriel Luci Apr 04 '17 at 17:37