Search ActiveDirectory using full name in C#?

Question

UserPrincipal's FindByIdentity method allows me to search ActiveDirectory using username. However, I also want to be able to search using user's real name (e.g. Wayne, Bruce)

How can I do this?

Answer 1

You can use a PrincipalSearcher and a "query-by-example" principal to do your searching:

// create your domain context
PrincipalContext ctx = new PrincipalContext(ContextType.Domain);

// define a "query-by-example" principal - here, we search for a UserPrincipal 
// and with the first name (GivenName) of "Bruce"
UserPrincipal qbeUser = new UserPrincipal(ctx);
qbeUser.GivenName = "Bruce";

// create your principal searcher passing in the QBE principal    
PrincipalSearcher srch = new PrincipalSearcher(qbeUser);

// find all matches
foreach(var found in srch.FindAll())
{
    // do whatever here - "found" is of type "Principal" - it could be user, group, computer.....          
}

If you haven't already - absolutely read the MSDN article Managing Directory Security Principals in the .NET Framework 3.5 which shows nicely how to make the best use of the new features in System.DirectoryServices.AccountManagement

Update:

Of course, depending on your need, you might want to specify other properties on that "query-by-example" user principal you create:

• Surname (or last name)
• DisplayName (typically: first name + space + last name)
• SAM Account Name - your Windows/AD account name
• User Principal Name - your "[email protected]" style name

You can specify any of the properties on the UserPrincipal and use those as "query-by-example" for your PrincipalSearcher.