Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How can I search users in Active Directory based on surname and first name? [closed]

I'm trying to search for users in AD with their surname (sn) and first name (givenName) using DirectorySearcher in .NET.

I can find a user based on sAMAccountname with this code:

 DirectorySearcher searcher1 = new DirectorySearcher(entry);
 searcher1.Filter = string.Format("(&(objectCategory=person)(objectClass=user)(SAMAccountname={0}))",aLogin);

 SearchResult results1;
 results1 = searcher1.FindOne();

But when I try to do it with givenName and sn:

DirectorySearcher searcher1 = new DirectorySearcher(entry);
searcher1.Filter = string.Format("(&(objectCategory=person)(objectClass=user)(givenname={0})(sn={1})", aName, aSName);

SearchResultCollection results1;
results1 = searcher1.FindAll();

It doesn't work; the message says "Invalid Filter"; Can I not filter based on givenName and sn?

How can I achieve this?

like image 441
bAN Avatar asked Mar 07 '12 15:03

bAN


People also ask

How do I find Active Directory user details?

The Get-ADUser cmdlet gets a specified user object or performs a search to get multiple user objects. The Identity parameter specifies the Active Directory user to get. You can identify a user by its distinguished name (DN), GUID, security identifier (SID), or Security Account Manager (SAM) account name.

How do I use ADGroupMember?

Using Get-ADGroupMember in Powershell This command-let returns a list of Active Directory group members. Users, groups, and machines can all be members. Simply type the cmdlet in a PowerShell window and you'll be prompted to input the group name.

How do I get the Active Directory display name?

In Active Directory (AD), the display names of AD users can be obtained using the Get-ADUser cmdlet .

Can we create 2 users with the same name in the Active Directory?

They must be different, they cannot be the same.


2 Answers

If you're using .NET 3.5 or newer, you could also make use of the PrincipalSearcher and a "query-by-example" principal to do your searching:

// create your domain context
PrincipalContext ctx = new PrincipalContext(ContextType.Domain);

// define a "query-by-example" principal - here, we search for a UserPrincipal 
// and with the first name (GivenName) of "Bruce" and a last name (Surname) of "Miller"
UserPrincipal qbeUser = new UserPrincipal(ctx);
qbeUser.GivenName = "Bruce";
qbeUser.Surname = "Miller";

// create your principal searcher passing in the QBE principal    
PrincipalSearcher srch = new PrincipalSearcher(qbeUser);

// find all matches
foreach(var found in srch.FindAll())
{
    // do whatever here - "found" is of type "Principal" - it could be user, group, computer.....          
}

If you haven't already - absolutely read the MSDN article Managing Directory Security Principals in the .NET Framework 3.5 which shows nicely how to make the best use of the new features in System.DirectoryServices.AccountManagement. Or see the MSDN documentation on the System.DirectoryServices.AccountManagement namespace.

Of course, depending on your need, you might want to specify other properties on that "query-by-example" user principal you create:

  • DisplayName (typically: first name + space + last name)
  • SAM Account Name - your Windows/AD account name
  • User Principal Name - your "[email protected]" style name

You can specify any of the properties on the UserPrincipal and use those as "query-by-example" for your PrincipalSearcher.

like image 177
marc_s Avatar answered Oct 29 '22 10:10

marc_s


You're missing a closing parentheses in your filter. Try:

searcher1.Filter = string.Format("(&(objectCategory=person)(objectClass=user)(givenname={0})(sn={1}))", aName, aSName);
like image 21
Matt Avatar answered Oct 29 '22 08:10

Matt