Is it possible to retrieve a list of all attributes/values from LDAP without specifying, if so how can this be possible?
Asked
Active
Viewed 1.1e+01k times
16
-
Did you get final solution using `PrincipalContext` ? Which .NET Framework versión you use ? – Kiquenet Jun 14 '16 at 07:28
7 Answers
31
I grab list of all parameters my DirectoryEntry class object. I hope it will help:
objectClass = System.Object[]
cn = Administrator
sn = Kwiatek (Last name)
c = PL (Country Code)
l = Warszawa (City)
st = Mazowieckie (Voivodeship)
title = .NET Developer
description = Built-in account for administering the computer/domain
postalCode = 00-000
postOfficeBox = Warszawa Ursynów
physicalDeliveryOfficeName = Wojskowa Akademia Techniczna
givenName = Piotr (First name)
distinguishedName = CN=Administrator,CN=Users,DC=helpdesk,DC=wat,DC=edu
instanceType = 4
whenCreated = 2012-11-23 06:09:28
whenChanged = 2013-02-23 13:24:41
displayName = Piotr Kwiatek (Konto administratora)
uSNCreated = System.__ComObject
memberOf = System.Object[]
uSNChanged = System.__ComObject
co = Poland
company = HELPDESK
streetAddress = Kaliskiego 2
wWWHomePage = http://www.piotr.kwiatek.org
name = Administrator
objectGUID = System.Byte[]
userAccountControl = 512
badPwdCount = 0
codePage = 0
countryCode = 616
badPasswordTime = System.__ComObject
lastLogoff = System.__ComObject
lastLogon = System.__ComObject
logonHours = System.Byte[]
pwdLastSet = System.__ComObject
primaryGroupID = 513
objectSid = System.Byte[]
adminCount = 1
accountExpires = System.__ComObject
logonCount = 178
sAMAccountName = Administrator
sAMAccountType = 805306368
objectCategory = CN=Person,CN=Schema,CN=Configuration,DC=helpdesk,DC=wat,DC=edu
isCriticalSystemObject = True
dSCorePropagationData = System.Object[]
lastLogonTimestamp = System.__ComObject
mail = spam@kwiatek.org
nTSecurityDescriptor = System.__ComObject
And here You have code:
string currentUserSid = WindowsIdentity.GetCurrent().User.Value;
PrincipalContext ctx = new PrincipalContext(
ContextType.Domain,
"helpdesk.wat.edu");
UserPrincipal up = UserPrincipal.FindByIdentity(
ctx, IdentityType.Sid,
currentUserSid);
/*
*
*/
DirectoryEntry entry = up.GetUnderlyingObject() as DirectoryEntry;
PropertyCollection props = entry.Properties;
/*
*
*/
foreach (string propName in props.PropertyNames)
{
if (entry.Properties[propName].Value != null)
{
Console.WriteLine(propName + " = " + entry.Properties[propName].Value.ToString());
}
else
{
Console.WriteLine(propName + " = NULL");
}
}
Console.ReadKey();
Piotr Kwiatek
- 687
- 8
- 10
-
3How get the value for `System.Object[]`, `System.__ComObject`, `System.Byte[]`, etc ***properties*** ? – Kiquenet Jun 14 '16 at 09:18
-
1@Kiquenet is probably a bit too late to answer as i saw this, you have cast them to something else, Object[], _ComObject and Byte[] have a lot of info wrapped in them, using value.tostring() in method above will not able to display what is within. I would advise to have some if-else cases, checking these types, when it come across, assign the values you want to a string object, and append. E.g. if (val is byte[]) { string tempString = BitConverter.ToString((byte[])val);//.Replace("-", ""); sb.Append(tempString + "; "); } – csamleong Sep 04 '18 at 06:41
22
Specify "*" as the only value in the list of attributes to return.
If you want the operational attributes as well, add "+" to the list.
user207421
- 305,947
- 44
- 307
- 483
-
3Worked perfectly thank you. search.PropertiesToLoad.Add("*"); search.PropertiesToLoad.Add("+"); – DFTR Apr 03 '13 at 16:14
6
// This will list ALL the properties from AD (between 200 and 800..or more)
// If someone has a solution for non AD servers please post it!
List<String> properties = new List<String>();
IPAddress[] ips = Dns.GetHostAddresses(Server).Where(w => w.AddressFamily == System.Net.Sockets.AddressFamily.InterNetwork).ToArray();
if (ips.Length > 0)
{
DirectoryContext directoryContext = new DirectoryContext(DirectoryContextType.DirectoryServer, ips[0].ToString() + ":389", Username, Password);
ActiveDirectorySchema adschema = ActiveDirectorySchema.GetSchema(directoryContext);
ActiveDirectorySchemaClass adschemaclass = adschema.FindClass("User");
// Read the OptionalProperties & MandatoryProperties
ReadOnlyActiveDirectorySchemaPropertyCollection propcol = adschemaclass.GetAllProperties();
foreach (ActiveDirectorySchemaProperty schemaProperty in propcol)
properties.Add(schemaProperty.Name.ToLower());
}
David
- 59
- 2
- 5
5
You could use a DirectoryEntry to generate a list of properties, you would ofcourse have to use a for each to go through the list of properties.
DirectoryEntry objADAM = default(DirectoryEntry);
string properties = string.Empty;
foreach (string property in objADAM.Properties.PropertyNames)
{
properties += property + ", ";
}
you could always however refer to http://www.codeproject.com/KB/system/everythingInAD.aspx when it comes to C# and Active Directory.
UPDATE: http://www.codeproject.com/Articles/18102/Howto-Almost-Everything-In-Active-Directory-via-C
Ghostfire
- 157
- 2
- 10
-
3Yes - but that **only** gets those properties that have a value assigned to them, for that particular `DirectoryEntry`. This does **not** enumerate the entire list of possible properties..... – marc_s Jul 13 '11 at 19:05
3
Well "retreiving all attributes" alone, as far as a Directory is concern does not make sense. Do you mean :
- All user possible attributes as they are discribed in the SCHEMA
- All user attributes valued
- All user and operational attributes
And I don't take care of the fact that some users attributes can be Read Only and other be only written with specific values. I add the way to get the content.
@Ghostfire gives the solution for retreiving all user attributes valued, and operational attributes.
DirectoryEntry deUser = new DirectoryEntry("LDAP://WM2008R2ENT:389/CN=AUser,OU=MonOu,DC=dom,DC=fr");
foreach (string property in deUser.Properties.PropertyNames)
{
Console.WriteLine("\t{0} : {1} ", property, deUser.Properties[property][0]);
}
But remember that in a LDAP search, the best way is to give the attributs you want to retreive :
/* Connection to Active Directory
*/
DirectoryEntry deBase = new DirectoryEntry("LDAP://WM2008R2ENT:389/dc=dom,dc=fr");
/* Directory Search
*/
DirectorySearcher dsLookFor = new DirectorySearcher(deBase);
dsLookFor.Filter = "(sn=users)";
dsLookFor.SearchScope = SearchScope.Subtree;
dsLookFor.PropertiesToLoad.Add("cn");
dsLookFor.PropertiesToLoad.Add("givenName");
dsLookFor.PropertiesToLoad.Add("telephoneNumber");
dsLookFor.Sort = new SortOption("givenName", SortDirection.Descending);
dsLookFor.VirtualListView = new DirectoryVirtualListView(1, 0, 2);
SearchResultCollection srcUsers = dsLookFor.FindAll();
JPBlanc
- 70,406
- 17
- 130
- 175
0
ADSI Edit is a great tool to help you figure stuff out. In this case, you are after Schema data. When you open ADSI Edit, you choose "Connect to..." and then for the well known Naming Context you select "Schema"... now you can take a look at the different schema classes: (subSchema, classSchema, attributeSchema) ...
What's tricky is knowing you need to choose a classSchema, then get its "schemaIDGUID" ... then you do a search on all attributeSchema and filter on "schemaIDGUID"
Ex. If you choose to look at "CN=User" you'll notice the schemaIDGUID == bf967aba-0de6-11d0-a285-00aa003049e2
Then if you choose to look at "CN=Pwd-Last-Set" you'll notice the schemaIDGUID matches....
With all this being said, it's probably far easier to use ActiveDirectorySchemaClass (as David has answered) but I felt like sharing some knowledge.
C Sharp Conner
- 378
- 2
- 11
-2
For a list of all possible properties you should look at querying the schema for a given objectClass.
Jeff Patton
- 551
- 4
- 15