Read a single value in Active Directory

Take a look at http://www.computerperformance.co.uk/Logon/DSGet.htm.

You use dsquery to pull in the user object, then pipe it to dsget to retrieve the attributes of the object.  

I am looking to use System.DirectoryServices in VB.net. I have no experience with scripting. My application is being developed for Windows Forms.

Thanks

Hey there,

Are you connecting to the user as a DirectoryEntry? Or have you not got that far?

Chris

There are two ways I am thinking this might be done. That's one area I need help. One way is while I am impersonnating the user, I might get the value then or if it is possible to get the value as a simple read using the existing client logon.

If you're impersonating the user you'll have a WindowsIdentity object available to you, that's a good start. It would have to be Kerberos authentication, which in turn means IE only.

This MSDN article has by far the best set of samples for accessing fields on that:

http://msdn.microsoft.com/en-us/library/system.security.principal.windowsidentity.aspx

If you've got that and you need more from the account you could use that with the DirectorySearcher to retrieve everything else. You'd need that to grab the title.

For instance, you could do something like:


Imports System.DirectoryServices...Dim objDomain As New DirectoryEntry("LDAP://yourdomain.com/DC=yourdomain,DC=com")Dim objSearcher As New DirectorySearcherobjSearcher.SearchRoot = objDomainobjSearcher.Filter = "(&(objectClass=user)(objectCategory=person)(sAMAccountName=" & windowsIdentity.Name & "))"objSearcher.PropertiesToLoad.Add("title")Dim objResult As SearchResultobjResult = objSearcher.FindOne()Response.Write("Title: " & objResult.Properties("title").Value)


Might need a little modification to make it work properly ;)

Chris

Thanks Chris! I think this is what I had in mind.

I've tried to use the System.directoryServices method because I think it would work best for the Application.  Here is the code I am using. I've tried "several" variations of the LDAP string and the filter, but all I get is an error message after the search stating:" The referral was returned from the server ."  Got any ideas what I'm doing wrong?

Dim objDomain As New DirectoryEntry("LDAP://ourservername.us.ourdomain.com/ou=sitelocationname,dc=domain,dc=com")
            Dim ObjSearcher As New DirectorySearcher
            ObjSearcher.SearchRoot = objDomain
            ObjSearcher.Filter = "(&(Objectclass=User)(objectCategory=Person)(sAMAccountName=" & Username & "))" '
            ObjSearcher.PropertiesToLoad.Add("Title")
            Dim ObjResult As SearchResult
            ObjResult = ObjSearcher.FindOne()
                   MsgBox("Title: " & ObjResult.Properties("Title").ToString)

Are you impersonating the user at that point? Either the LDAP path is incorrect, or you're having authentication issues.

Chris

Chris,

I've tried using the current domain logon credentials and while impersonating.  I still get the :" The referral was returned from the server ."  Could there be something on the server end?

It's more likely to be the path.

Can we try it in a little VbScript to see if the path is happy?

Just this:

Set objOU = GetObject("LDAP://ourservername.us.ourdomain.com/ou=sitelocationname,dc=domain,dc=com")

Save as .vbs and double click :)

Chris

I've tried all variations of the path including the IP address instead of the server name. I even made sure the case for the path matched the active directory names. I still get the "Referral..." error.  I even tried running the script on the server. The only thing I see that would be questionable is we have a Pre-windows 2000 Domain name, but I substituted that in the path and got the same.  I'm getting no where fast! :)

This seemed to work fine. It did not give me an error. I'll play areound and start adding things to see where it craps out.