We help IT Professionals succeed at work.

Read a single value in Active Directory

WesGoad
WesGoad asked
on
389 Views
Last Modified: 2013-12-24
I am trying to find some guidance to read the Title value for a single username in the Active Directory. I have tried everything I could find in the postings, but I cannot get any results. If needed, I could thread the reading of the AD to a dataset and search it as needed. I just can't seem to get the syntax right to read the AD. Can anyone help?

Thanks in advance!
Comment
Watch Question

Take a look at http://www.computerperformance.co.uk/Logon/DSGet.htm.

You use dsquery to pull in the user object, then pipe it to dsget to retrieve the attributes of the object.  

Author

Commented:
I am looking to use System.DirectoryServices in VB.net. I have no experience with scripting. My application is being developed for Windows Forms.

Thanks
Chris DentPowerShell Developer
CERTIFIED EXPERT
Top Expert 2010

Commented:

Hey there,

Are you connecting to the user as a DirectoryEntry? Or have you not got that far?

Chris


Author

Commented:
There are two ways I am thinking this might be done. That's one area I need help. One way is while I am impersonnating the user, I might get the value then or if it is possible to get the value as a simple read using the existing client logon.
Chris DentPowerShell Developer
CERTIFIED EXPERT
Top Expert 2010

Commented:

If you're impersonating the user you'll have a WindowsIdentity object available to you, that's a good start. It would have to be Kerberos authentication, which in turn means IE only.

This MSDN article has by far the best set of samples for accessing fields on that:

http://msdn.microsoft.com/en-us/library/system.security.principal.windowsidentity.aspx

If you've got that and you need more from the account you could use that with the DirectorySearcher to retrieve everything else. You'd need that to grab the title.

For instance, you could do something like:


Imports System.DirectoryServices...Dim objDomain As New DirectoryEntry("LDAP://yourdomain.com/DC=yourdomain,DC=com")Dim objSearcher As New DirectorySearcherobjSearcher.SearchRoot = objDomainobjSearcher.Filter = "(&(objectClass=user)(objectCategory=person)(sAMAccountName=" & windowsIdentity.Name & "))"objSearcher.PropertiesToLoad.Add("title")Dim objResult As SearchResultobjResult = objSearcher.FindOne()Response.Write("Title: " & objResult.Properties("title").Value)


Might need a little modification to make it work properly ;)

Chris

Author

Commented:
Thanks Chris! I think this is what I had in mind.

I've tried to use the System.directoryServices method because I think it would work best for the Application.  Here is the code I am using. I've tried "several" variations of the LDAP string and the filter, but all I get is an error message after the search stating:" The referral was returned from the server ."  Got any ideas what I'm doing wrong?

Dim objDomain As New DirectoryEntry("LDAP://ourservername.us.ourdomain.com/ou=sitelocationname,dc=domain,dc=com")
            Dim ObjSearcher As New DirectorySearcher
            ObjSearcher.SearchRoot = objDomain
            ObjSearcher.Filter = "(&(Objectclass=User)(objectCategory=Person)(sAMAccountName=" & Username & "))" '
            ObjSearcher.PropertiesToLoad.Add("Title")
            Dim ObjResult As SearchResult
            ObjResult = ObjSearcher.FindOne()
                   MsgBox("Title: " & ObjResult.Properties("Title").ToString)
Chris DentPowerShell Developer
CERTIFIED EXPERT
Top Expert 2010

Commented:

Are you impersonating the user at that point? Either the LDAP path is incorrect, or you're having authentication issues.

Chris

Author

Commented:
Chris,

I've tried using the current domain logon credentials and while impersonating.  I still get the :" The referral was returned from the server ."  Could there be something on the server end?

Chris DentPowerShell Developer
CERTIFIED EXPERT
Top Expert 2010

Commented:

It's more likely to be the path.

Can we try it in a little VbScript to see if the path is happy?

Just this:

Set objOU = GetObject("LDAP://ourservername.us.ourdomain.com/ou=sitelocationname,dc=domain,dc=com")

Save as .vbs and double click :)

Chris

Author

Commented:
I've tried all variations of the path including the IP address instead of the server name. I even made sure the case for the path matched the active directory names. I still get the "Referral..." error.  I even tried running the script on the server. The only thing I see that would be questionable is we have a Pre-windows 2000 Domain name, but I substituted that in the path and got the same.  I'm getting no where fast! :)
PowerShell Developer
CERTIFIED EXPERT
Top Expert 2010
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
This seemed to work fine. It did not give me an error. I'll play areound and start adding things to see where it craps out.

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.