4

I have an application that uses Windows authentication and I am trying to get logged in users info using their domain IDs.

Part of the data returned is the user's manager's DN (in manager property). I need to query AD again to get manager's info (domain id, email, name, etc.). I searched and can't find any hint of what I have to use in my filter.

This is what I am using and I always get null returned:

private static DirectoryEntry GetUserDEByDN(string sDN)
{
    using (HostingEnvironment.Impersonate())
    {
        PrincipalContext pc = new PrincipalContext(ContextType.Domain, adUSADomain, adUSAContainer);
        //UserPrincipal up = UserPrincipal.FindByIdentity(pc, IdentityType.SamAccountName, UserID);
        UserPrincipal qbeUser = new UserPrincipal(pc);
        //qbeUser.SamAccountName = UserID.Trim().ToUpper();

        PrincipalSearcher srch = new PrincipalSearcher(qbeUser);
        PrincipalSearchResult<Principal> psr = srch.FindAll();

        string sDomain = ConfigurationManager.AppSettings["Domain"].ToString();
        string adPath = ConfigurationManager.AppSettings["ADPath"].ToString();

        DirectoryEntry de = new DirectoryEntry(adPath);
        DirectorySearcher deSearch = new DirectorySearcher();
        deSearch.SearchRoot = de;
        deSearch.Filter = "(&(objectClass=user)(| (cn = " + sDN + ")(dn = " + sDN + ")))";

        //deSearch.Filter = "(&(objectClass=user)(SAMAccountName=" + UserID + "))";
        deSearch.SearchScope = SearchScope.Subtree;
        SearchResult results = deSearch.FindOne();

        if (null != results)
        {
            de = new DirectoryEntry(results.Path);
            return de;
        }
        else
        {
            return null;
        }
    }
}

Is it possible to search Active Directory by DN? If so, what I am doing wrong?

marc_s
  • 732,580
  • 175
  • 1,330
  • 1,459
NoBullMan
  • 2,032
  • 5
  • 40
  • 93

1 Answers1

4

This is what worked for me. However, I believe it is supposed to work with objectClass=user but I kept getting null returned. When I changed to distinguishedName = sDN, it worked.

The whole point of this code

DirectoryEntry de = new DirectoryEntry(adPath + "/" + sDN);

is to start the directory search at the user object; there shouldn’t be the need for the additional search of saying which distinguishedName.

private static DirectoryEntry GetUserDEByDN(string sDN)
{
    string adPath = ConfigurationManager.AppSettings["ADPath"].ToString();
    DirectoryEntry de = new DirectoryEntry(adPath + "/" + sDN);
    DirectoryEntry deManager = null;

    using (DirectorySearcher Search = new DirectorySearcher())
    {
        Search.SearchRoot = de;
        Search.Filter = "(&(distinguishedName=" + sDN + "))";
        //Search.Filter = "(objectClass = user)";
        Search.SearchScope = SearchScope.Base;
        SearchResult Result = Search.FindOne();

        if (null != Result)
            deManager = Result.GetDirectoryEntry();
    }
    return deManager;
}
Sphinx
  • 10,519
  • 2
  • 27
  • 45
NoBullMan
  • 2,032
  • 5
  • 40
  • 93