Don’t worry, it’s easier than you think. 

AD Explorer

If you haven’t seen what Active Directory (AD) looks like, you can use a free AD viewer application, like the AD Explorer.  I would recommend downloading it because it’s a useful tool in navigating the tree structure of an AD and viewing the object properties or attributes that you want to use in your .NET program.

Logging In To AD

When using an AD viewer application, you will need to login to the AD and provide your Windows user login and password.  Usually the AD would be the domain name your computer is logged into.

Two ways to determine the domain your computer is logged into.  One is from Control Panel –> System and there will be a Domain: entry if you are logged into one.  Another way is looking at the environment variable USERDOMAIN.  From the command prompt, type set user and press ENTER.  Look at the USERDOMAIN= entry.  If it does not contain your computer name, then it should be the AD name.  For a more detailed instruction, click here.

Distinguished Names

Once you get into the AD, you will see the AD tree structure and each item in the tree structure is an object.  Each object can be uniquely identified by it’s distinguished name (DN) or path and contains a sequence of RDN_s connected by commas.  _RDN_s are _relative distinguished names and they are basically attributes with associated values.  You can find a list of typical RDNs here with some examples of distinguished names and a table listing the reserved characters that need to be escaped when used in attribute values.

AD Objects in .NET

To get starting coding AD in .NET, you will need to reference System.DirectoryServices in your program and add the following statement:

using System.DirectoryServices;

And the two objects that you need to use are: DirectoryEntry and DirectorySearcher.

You use DirectoryEntry in which to bind the object in the AD tree to.  You  need to supply the provider (usually it’s LDAP:// ) and the path which can include the AD name.  The example below is querying an AD user.

// sADName would be the AD you want to log into
string sADName = “addomain.com”;

// sDN would be the distinguished name or path of an object in the AD tree
string sDN = “CN=Users,DC=addomain,DC=com”;

// create an instance of DirectoryEntry supplying in the provider and path
// in example below, provider is LDAP:// and path is the combination of
// AD name and distinguished name
DirectoryEntry adEntry =
new DirectoryEntry(@”LDAP://” + sADName + “/” + sDN);

// read the property or attribute of an AD object,
// such as the user’s display name
MessageBox.Show(adEntry.Properties[“displayName”].Value.ToString();

For a list of all attributes defined by AD, click here.  The list there does not show the attribute names to use in the Properties collection of the DirectoryEntry object.  When you click an attribute in the list, it will show the detailed information about the attribute.  The attribute name to use should be under the Ldap-Display-Name.

You use DirectorySearcher when you want to search AD, say for example users with Smith as their last names.

// you pass in an instance of the DirectoryEntry object containing the root
// or path in AD as a starting point to search from, to DirectorySearcher
DirectoryEntry adEntry =
new DirectoryEntry(@”LDAP://addomain.com/DC=addomain,DC=com”);
DirectorySearcher adSearch = new DirectorySearcher(adEntry);

// set the filter
adSearch.Filter = “(&(objectCLass=user)(sn=Smith))”;

// then search
SearchResultCollection adResultCol = adSearch.FindAll();
listBoxResults.DataSource =
(from SearchResult r in adResultCol
select new
{
Value = r.GetDirectoryEntry().Properties[“distinguishedName”]
.Value.ToString(),
Text = r.GetDirectoryEntry().Properties[“displayName”]
.Value.ToString()
}
).ToList();

For more details on the search filter syntax, click here.

Other Resources