Thursday, July 9, 2009

Active Directory in .NET: Recursively find all groups for a user

I had to write a function which returns all the groups (even if they are nested) for a user.
A good thing I discovered the System.DirectoryServices.AccountManagement namespace.

Take a look at the code snippet. I think it's pretty readable.. What do you think?

The GetListOfGroupsRecursively() function tries to find a Principal object by the Username of the ADUser parameter. If the Principal object is found, we call the GetGroups() function and store it's return value in a PrincipalSearchResult. If there are searchresults, we try to get the members for each group by calling the GetMembersForGroup() method. This method recursively searches through all the members of the group looking for Principal objects where the StructuralObjectClass equals "group".

Tuesday, July 7, 2009

Active Directory in .NET: Getting started (A better version - Using the AccountManagement namespace)

A few days ago I blogged on Active Directory in .NET: Getting Started.

In that post I stated that everything you need to query the Active Directory in .NET lives in the System.DirectoryServices, well that was a lie. .NET Framework 3.5 introduced the System.DirectoryServices.AccountManagement namespace.

I learned about this namespace today, and wow, it really is much better. I have rewritten our own Active Directory wrapper in less then a few hours.

All you need to know in general is that everything you do using the AccountManagement namespace needs to run under a PrincipalContext.

Let me show you two basic methods..

I commented out the original method which uses the DirectoryServices namespace. Can you see the difference?

Authenticate a user

Get the DisplayName of a user

The code hardly needs any explanation. Hope it helps!

Sunday, July 5, 2009

Active Directory in .NET: Getting started

Note: If you are using .NET Framework 3.5 or better, check out this post for querying the Active Directory!

Working with the Active Directory is one of the things that every .NET or ASP.NET will face in his career. Most of the time you need information from the Active Directory. Editing, inserting or removing objects from a .NET (web)application is very rare, mostly because a System Administrator is managing the Active Directory.

Let me show you how to get started on getting information out of the Active Directory.

The basics

Everything you need to work with the Active Directory lives in the System.DirectoryServices namespace.

The most important classes you will need are:
Directory Searcher
Directory Entry
Search Result

So I advice you reading through the documentation of these classes.

Getting familiar with LDAP queries

I strongly advice you to try LDP.EXE

Ldp.exe is a Windows 2000 Support Tools utility you can use to perform Lightweight Directory Access Protocol (LDAP) searches against the Active Directory for specific information given search criteria. This also allows administrators to query data that would otherwise not be visible through the Administrative tools included in the product. All data that is returned in LDP queries, however, is subject to security permissions.

This tool will help you understand LDAP queries. Go through this article in the Microsoft Knowledge Base to get started.