How to retrieve SAMAccountName from Active Directory

c# active-directory directoryservices
31,423

Solution 1

First off: Domain\Administrator is NOT a SAM account name! The SAM account name is a unique (over the whole domain) name of up to 20 characters in length - typically it's your "Windows user name" (e.g. Administrator) - but it does NOT include the domain name. That value made up of domain\username is NOT stored in Active Directory anywhere!

If you're on .NET 3.5 and up, you should check out the System.DirectoryServices.AccountManagement (S.DS.AM) namespace. Read all about it here:

Basically, you can define a domain context and easily find users and/or groups in AD:

// set up domain context
PrincipalContext ctx = new PrincipalContext(ContextType.Domain);

// find a user
UserPrincipal user = UserPrincipal.FindByIdentity(ctx, "SomeUserName");

if(user != null)
{
   // do something here....     
   string samAccountName = user.SamAccountName;
}

The new S.DS.AM makes it really easy to play around with users and groups in AD!

If you want to search for a whole group of users (or groups or computers), you can use a PrincipalSearcher and a "query-by-example" principal to do your searching:

// create your domain context
PrincipalContext ctx = new PrincipalContext(ContextType.Domain);

// define a "query-by-example" principal - here, we search for a UserPrincipal 
// and with the last name (Surname) of "Miller"
UserPrincipal qbeUser = new UserPrincipal(ctx);
qbeUser.Surname = "Miller";

// create your principal searcher passing in the QBE principal    
PrincipalSearcher srch = new PrincipalSearcher(qbeUser);

// find all matches
foreach(var found in srch.FindAll())
{
    // do whatever here - "found" is of type "Principal" - it could be user, group, computer.....          
}

Solution 2

You can translate a user as a Distinguished name to DOMAIN\SAMaccount form using the Object's SID, and the System.Security.Principal.SecurityIdentifier.Translate command.

public Collection<software_user> GetUsersFromAD(String adConnectionString)
    {
            var users = new Collection<software_user>();

            using (var directoryEntry = new DirectoryEntry(adConnectionString))
            {
                    var directorySearcher = new DirectorySearcher(directoryEntry);
                    directorySearcher.Filter = "(&(objectClass=user))";
                    var propertiesToLoad = new[] 
                    { 
                         "SAMAccountName", 
                         "displayName", 
                         "givenName", 
                         "sn", 
                         "mail", 
                         "userAccountControl", 
                         "objectSid" 
                    };
                    directorySearcher.PropertiesToLoad.AddRange(propertiesToLoad);

                    foreach (SearchResult searchEntry in directorySearcher.FindAll())
                    {
                            var userEntry = searchEntry.GetDirectoryEntry();
                            var ldapUser = new software_user();
                            ldapUser.User_name = NullHandler.GetString(userEntry.Properties["displayName"].Value);

                            if (string.IsNullOrEmpty(ldapUser.User_name))
                                 continue;
                            ldapUser.User_name = NullHandler.GetString(userEntry.Properties["SAMAccountName"].Value);
                            ldapUser.email = NullHandler.GetString(userEntry.Properties["mail"].Value);
                            ldapUser.user_shortname = NullHandler.GetString(userEntry.Properties["givenName"].Value);
                            var userAccountControl = (int)userEntry.Properties["userAccountControl"].Value;

                            //ldapUser.IsActive = (userAccountControl & UF_ACCOUNTDISABLE) != UF_ACCOUNTDISABLE;
                            SecurityIdentifier sid = new SecurityIdentifier((byte[])userEntry.Properties["objectSid"][0], 0).Value;
    -->                     NTAccount account = (NTAccount) sid.Translate(typeof(NTAccount));
    -->                     ldapUser.User_name = account.ToString();

                            //ldapUser.SId = sid;
                            users.Add(ldapUser);
                     }
            }
            return users;
    }
Share:
31,423
unknownUser
Author by

unknownUser

Updated on July 09, 2022

Comments

  • unknownUser
    unknownUser almost 2 years

    I implemented a method that returns a list of Active Directory users, I would like to retrieve SAMAccountName like this Domain\Administrator.

    This is the method I use: 

    public Collection<software_user> GetUsersFromAD(String adConnectionString)
{
    var users = new Collection<software_user>();

    using (var directoryEntry = new DirectoryEntry(adConnectionString))
    {
        var directorySearcher = new DirectorySearcher(directoryEntry);
        directorySearcher.Filter = "(&(objectClass=user))";
        var propertiesToLoad = new[] 
        { 
           "SAMAccountName", 
           "displayName", 
           "givenName", 
           "sn", 
           "mail", 
           "userAccountControl", 
           "objectSid" 
        };
        directorySearcher.PropertiesToLoad.AddRange(propertiesToLoad);

        foreach (SearchResult searchEntry in directorySearcher.FindAll())
        {
            var userEntry = searchEntry.GetDirectoryEntry();
            var ldapUser = new software_user();
            ldapUser.User_name = NullHandler.GetString(userEntry.Properties["displayName"].Value);

            if (string.IsNullOrEmpty(ldapUser.User_name))
               continue;
            ldapUser.User_name = NullHandler.GetString(userEntry.Properties["SAMAccountName"].Value);
            ldapUser.email = NullHandler.GetString(userEntry.Properties["mail"].Value);
            ldapUser.user_shortname = NullHandler.GetString(userEntry.Properties["givenName"].Value);
            var userAccountControl = (int)userEntry.Properties["userAccountControl"].Value;
            //ldapUser.IsActive = (userAccountControl & UF_ACCOUNTDISABLE) != UF_ACCOUNTDISABLE;
            var sid = new SecurityIdentifier((byte[])userEntry.Properties["objectSid"][0], 0).Value;
            //ldapUser.SId = sid;
            users.Add(ldapUser);
         }
    }
    return users;
}

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

DirectoryEntry to change password: Different behavior between Vista/Server2008
Find computers in active directory
C# accessing active directory with different user credentials
C# Active Directory PrincipalContext / UserPrincipal.IsMemberOf error
Error with UserPrincipal.GetAuthorizationGroups() method
What are the different properties available in System.DirectoryServices.DirectorySearcher.PropertiesToLoad
How do I validate Active Directory creds over LDAP + SSL?
Active Directory Services: PrincipalContext -- What is the DN of a "container" object?
How to determine all the groups a user belongs to (including nested groups) in ActiveDirectory and .NET 3.5
How to get Active Directory Attributes not represented by the UserPrincipal class