I'm trying to search for users in AD with their surname (sn
) and first name (givenName
) using DirectorySearcher
in .NET.
I can find a user based on sAMAccountname
with this code:
DirectorySearcher searcher1 = new DirectorySearcher(entry);
searcher1.Filter = string.Format("(&(objectCategory=person)(objectClass=user)(SAMAccountname={0}))",aLogin);
SearchResult results1;
results1 = searcher1.FindOne();
But when I try to do it with givenName
and sn
:
DirectorySearcher searcher1 = new DirectorySearcher(entry);
searcher1.Filter = string.Format("(&(objectCategory=person)(objectClass=user)(givenname={0})(sn={1})", aName, aSName);
SearchResultCollection results1;
results1 = searcher1.FindAll();
It doesn't work; the message says "Invalid Filter";
Can I not filter based on givenName
and sn
?
How can I achieve this?
The Get-ADUser cmdlet gets a specified user object or performs a search to get multiple user objects. The Identity parameter specifies the Active Directory user to get. You can identify a user by its distinguished name (DN), GUID, security identifier (SID), or Security Account Manager (SAM) account name.
Using Get-ADGroupMember in Powershell This command-let returns a list of Active Directory group members. Users, groups, and machines can all be members. Simply type the cmdlet in a PowerShell window and you'll be prompted to input the group name.
In Active Directory (AD), the display names of AD users can be obtained using the Get-ADUser cmdlet .
They must be different, they cannot be the same.
If you're using .NET 3.5 or newer, you could also make use of the PrincipalSearcher
and a "query-by-example" principal to do your searching:
// create your domain context
PrincipalContext ctx = new PrincipalContext(ContextType.Domain);
// define a "query-by-example" principal - here, we search for a UserPrincipal
// and with the first name (GivenName) of "Bruce" and a last name (Surname) of "Miller"
UserPrincipal qbeUser = new UserPrincipal(ctx);
qbeUser.GivenName = "Bruce";
qbeUser.Surname = "Miller";
// create your principal searcher passing in the QBE principal
PrincipalSearcher srch = new PrincipalSearcher(qbeUser);
// find all matches
foreach(var found in srch.FindAll())
{
// do whatever here - "found" is of type "Principal" - it could be user, group, computer.....
}
If you haven't already - absolutely read the MSDN article Managing Directory Security Principals in the .NET Framework 3.5 which shows nicely how to make the best use of the new features in System.DirectoryServices.AccountManagement
. Or see the MSDN documentation on the System.DirectoryServices.AccountManagement namespace.
Of course, depending on your need, you might want to specify other properties on that "query-by-example" user principal you create:
DisplayName
(typically: first name + space + last name)SAM Account Name
- your Windows/AD account nameUser Principal Name
- your "[email protected]" style nameYou can specify any of the properties on the UserPrincipal
and use those as "query-by-example" for your PrincipalSearcher
.
You're missing a closing parentheses in your filter. Try:
searcher1.Filter = string.Format("(&(objectCategory=person)(objectClass=user)(givenname={0})(sn={1}))", aName, aSName);
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With