WesGoad
asked on
Read a single value in Active Directory
I am trying to find some guidance to read the Title value for a single username in the Active Directory. I have tried everything I could find in the postings, but I cannot get any results. If needed, I could thread the reading of the AD to a dataset and search it as needed. I just can't seem to get the syntax right to read the AD. Can anyone help?
Thanks in advance!
Thanks in advance!
ASKER
I am looking to use System.DirectoryServices in VB.net. I have no experience with scripting. My application is being developed for Windows Forms.
Thanks
Thanks
Hey there,
Are you connecting to the user as a DirectoryEntry? Or have you not got that far?
Chris
ASKER
There are two ways I am thinking this might be done. That's one area I need help. One way is while I am impersonnating the user, I might get the value then or if it is possible to get the value as a simple read using the existing client logon.
If you're impersonating the user you'll have a WindowsIdentity object available to you, that's a good start. It would have to be Kerberos authentication, which in turn means IE only.
This MSDN article has by far the best set of samples for accessing fields on that:
http://msdn.microsoft.com/en-us/library/system.security.principal.windowsidentity.aspx
If you've got that and you need more from the account you could use that with the DirectorySearcher to retrieve everything else. You'd need that to grab the title.
For instance, you could do something like:
Imports System.DirectoryServices...Dim objDomain As New DirectoryEntry("LDAP://you
Might need a little modification to make it work properly ;)
Chris
ASKER
Thanks Chris! I think this is what I had in mind.
I've tried to use the System.directoryServices method because I think it would work best for the Application. Here is the code I am using. I've tried "several" variations of the LDAP string and the filter, but all I get is an error message after the search stating:" The referral was returned from the server ." Got any ideas what I'm doing wrong?
Dim objDomain As New DirectoryEntry("LDAP://our servername .us.ourdom ain.com/ou =sitelocat ionname,dc =domain,dc =com")
Dim ObjSearcher As New DirectorySearcher
ObjSearcher.SearchRoot = objDomain
ObjSearcher.Filter = "(&(Objectclass=User)(obje ctCategory =Person)(s AMAccountN ame=" & Username & "))" '
ObjSearcher.PropertiesToLo ad.Add("Ti tle")
Dim ObjResult As SearchResult
ObjResult = ObjSearcher.FindOne()
MsgBox("Title: " & ObjResult.Properties("Titl e").ToStri ng)
I've tried to use the System.directoryServices method because I think it would work best for the Application. Here is the code I am using. I've tried "several" variations of the LDAP string and the filter, but all I get is an error message after the search stating:" The referral was returned from the server ." Got any ideas what I'm doing wrong?
Dim objDomain As New DirectoryEntry("LDAP://our
Dim ObjSearcher As New DirectorySearcher
ObjSearcher.SearchRoot = objDomain
ObjSearcher.Filter = "(&(Objectclass=User)(obje
ObjSearcher.PropertiesToLo
Dim ObjResult As SearchResult
ObjResult = ObjSearcher.FindOne()
MsgBox("Title: " & ObjResult.Properties("Titl
Are you impersonating the user at that point? Either the LDAP path is incorrect, or you're having authentication issues.
Chris
ASKER
Chris,
I've tried using the current domain logon credentials and while impersonating. I still get the :" The referral was returned from the server ." Could there be something on the server end?
I've tried using the current domain logon credentials and while impersonating. I still get the :" The referral was returned from the server ." Could there be something on the server end?
It's more likely to be the path.
Can we try it in a little VbScript to see if the path is happy?
Just this:
Set objOU = GetObject("LDAP://ourserve
Save as .vbs and double click :)
Chris
ASKER
I've tried all variations of the path including the IP address instead of the server name. I even made sure the case for the path matched the active directory names. I still get the "Referral..." error. I even tried running the script on the server. The only thing I see that would be questionable is we have a Pre-windows 2000 Domain name, but I substituted that in the path and got the same. I'm getting no where fast! :)
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
This seemed to work fine. It did not give me an error. I'll play areound and start adding things to see where it craps out.
You use dsquery to pull in the user object, then pipe it to dsget to retrieve the attributes of the object.