The “pre Windows 2000” name i.e. DOMAIN\SomeBody, the Somebody portion is known as sAMAccountName. So try: using(DirectoryEntry de = new DirectoryEntry(“LDAP://MyDomainController”)) { using(DirectorySearcher adSearch = new DirectorySearcher(de)) { adSearch.Filter = “(sAMAccountName=someuser)”; SearchResult adSearchResult = adSearch.FindOne(); } } [email protected] is the UserPrincipalName, but it isn’t a required field.
With 3.5 and System.DirectoryServices.AccountManagement this is a bit cleaner: public List<string> GetGroupNames(string userName) { var pc = new PrincipalContext(ContextType.Domain); var src = UserPrincipal.FindByIdentity(pc, userName).GetGroups(pc); var result = new List<string>(); src.ToList().ForEach(sr => result.Add(sr.SamAccountName)); return result; }
Note about Azure AD cmdlets This answer is crafted around the Active Directory cmdlets installed and available from Remote Server Administration Tools (RSAT). However, the Azure AD cmdlets make use of Microsoft Graph (OData v4.0 specification) to run queries against Azure AD while the RSAT cmdlets[1] rely on an implementation of the PowerShell Expression Engine … Read more
Pretty general question but here are some pointers. You need a linked server creating on the SQL Server that points to ADSI (Active Directory Service Interface) something like this will do it. EXEC sp_addlinkedserver ‘ADSI’, ‘Active Directory Services 2.5’, ‘ADSDSOObject’, ‘adsdatasource’ Then you can use the following sort of query. SELECT * FROM OPENQUERY(ADSI, ‘SELECT … Read more
According to this you should be able to get one with the InitializeSecurityContext windows API call.
You do an NTLM/Kerberos/Negotiate SSPI exchange loop. There is a a full sample on MSDN for both the client and the server. To be clear: you do not use any sort of LDAP access explictily. Is the LSA (Local Security Authority) that talks with LDAP and establishes the identity of the client. If you are … Read more
I was able to validate credentials using the System.DirectoryServices.Protocols namespace, thanks to a co-worker. Here’s the code: // See http://support.microsoft.com/kb/218185 for full list of LDAP error codes const int ldapErrorInvalidCredentials = 0x31; const string server = “sd.example.com:636”; const string domain = “sd.example.com”; try { using (var ldapConnection = new LdapConnection(server)) { var networkCredential = new … Read more
According to Technet: How Active Directory Searches Work, the maximum LDAP request size that the server attempts to process defaults to 10,485,760 bytes. If the server receives a request that is larger than this value, it closes the connection. Hope that helps.
A little late but I’ll throw this out there. If you want to REALLY be able to determine the specific reason that an account is failing authentication (there are many more reasons other than wrong password, expired, lockout, etc.), you can use the windows API LogonUser. Don’t be intimidated by it – it is easier … Read more
This article helped me much to understand how to work with the Active Directory. Howto: (Almost) Everything In Active Directory via C# From this point forward, if you require further assitance, please let me know with proper questions in comment, and I shall answer them for you to the best of my knowledge. EDIT #1 … Read more