Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

UserPrincipal GetUnderlyingObject: properties missing

I'm trying to load the attribute physicalDeliveryOfficeName from a DirectoryEntry which is returned by the GetUnderlyingObject method of a UserPrincipal instance:

DirectoryEntry directoryEntry = principal.GetUnderlyingObject() as DirectoryEntry;

which means that the following statement returns false:

directoryEntry.Properties.Contains("physicalDeliveryOfficeName");

I know that this property can be loaded by adding the name to the StringCollection DirectorySearcher.PropertiesToLoad when using said DirectorySearcher.

My questions are, why doesn't the DirectoryEntry returned by the method GetUnderlyingObject contain all properties? And how can I load this property without using a DirectorySearcher?

like image 992
Dänu Avatar asked Feb 22 '12 20:02

Dänu


2 Answers

Accessing all fields for a DirectoryEntry is a potentially slow and heavy operation. Some fields might not be replicated to all domain controllers, and so bringing the values might require accessing a remote and slow-to-access Global Catalog (GC) server.

Once you have a DirectoryEntry in hand and you want to pull a specific value, you can call the RefreshCache method, passing it the names of the properties you need.

like image 135
Avner Shahar-Kashtan Avatar answered Oct 15 '22 09:10

Avner Shahar-Kashtan


Using RefreshCache:

        UserPrincipal up = ...
        using (DirectoryEntry de = up.GetUnderlyingObject() as DirectoryEntry)
        {
            foreach (var name in de.Properties.PropertyNames)
            {
                Console.WriteLine(name);
            }
            Console.WriteLine();

            // The canonicalName attribute is operational (also called constructed). 
            // Active Directory does not actually save the value, but calculates it on demand. This is probably the issue. In ADSI we use the GetInfoEx

            de.RefreshCache(new string[] { "canonicalName" });
            var canonicalName = de.Properties["canonicalName"].Value as string;
        }

PropertyNames:

objectClass
cn
sn
givenName
distinguishedName
instanceType
whenCreated
whenChanged
displayName
uSNCreated
memberOf
uSNChanged
nTSecurityDescriptor
name
objectGUID
userAccountControl
badPwdCount
codePage
countryCode
badPasswordTime
lastLogoff
lastLogon
pwdLastSet
primaryGroupID
objectSid
accountExpires
logonCount
sAMAccountName
sAMAccountType
userPrincipalName
objectCategory
dSCorePropagationData
lastLogonTimestamp

canonicalName property is missing.

like image 1
Kiquenet Avatar answered Oct 15 '22 11:10

Kiquenet