Link to home
Create AccountLog in
Avatar of WesGoad
WesGoad

asked on

Read a single value in Active Directory

I am trying to find some guidance to read the Title value for a single username in the Active Directory. I have tried everything I could find in the postings, but I cannot get any results. If needed, I could thread the reading of the AD to a dataset and search it as needed. I just can't seem to get the syntax right to read the AD. Can anyone help?

Thanks in advance!
Avatar of ocon827679
ocon827679
Flag of United States of America image

Take a look at http://www.computerperformance.co.uk/Logon/DSGet.htm.

You use dsquery to pull in the user object, then pipe it to dsget to retrieve the attributes of the object.  
Avatar of WesGoad
WesGoad

ASKER

I am looking to use System.DirectoryServices in VB.net. I have no experience with scripting. My application is being developed for Windows Forms.

Thanks
Avatar of Chris Dent

Hey there,

Are you connecting to the user as a DirectoryEntry? Or have you not got that far?

Chris


Avatar of WesGoad

ASKER

There are two ways I am thinking this might be done. That's one area I need help. One way is while I am impersonnating the user, I might get the value then or if it is possible to get the value as a simple read using the existing client logon.

If you're impersonating the user you'll have a WindowsIdentity object available to you, that's a good start. It would have to be Kerberos authentication, which in turn means IE only.

This MSDN article has by far the best set of samples for accessing fields on that:

http://msdn.microsoft.com/en-us/library/system.security.principal.windowsidentity.aspx

If you've got that and you need more from the account you could use that with the DirectorySearcher to retrieve everything else. You'd need that to grab the title.

For instance, you could do something like:


Imports System.DirectoryServices...Dim objDomain As New DirectoryEntry("LDAP://yourdomain.com/DC=yourdomain,DC=com")Dim objSearcher As New DirectorySearcherobjSearcher.SearchRoot = objDomainobjSearcher.Filter = "(&(objectClass=user)(objectCategory=person)(sAMAccountName=" & windowsIdentity.Name & "))"objSearcher.PropertiesToLoad.Add("title")Dim objResult As SearchResultobjResult = objSearcher.FindOne()Response.Write("Title: " & objResult.Properties("title").Value)


Might need a little modification to make it work properly ;)

Chris
Avatar of WesGoad

ASKER

Thanks Chris! I think this is what I had in mind.

I've tried to use the System.directoryServices method because I think it would work best for the Application.  Here is the code I am using. I've tried "several" variations of the LDAP string and the filter, but all I get is an error message after the search stating:" The referral was returned from the server ."  Got any ideas what I'm doing wrong?

Dim objDomain As New DirectoryEntry("LDAP://ourservername.us.ourdomain.com/ou=sitelocationname,dc=domain,dc=com")
            Dim ObjSearcher As New DirectorySearcher
            ObjSearcher.SearchRoot = objDomain
            ObjSearcher.Filter = "(&(Objectclass=User)(objectCategory=Person)(sAMAccountName=" & Username & "))" '
            ObjSearcher.PropertiesToLoad.Add("Title")
            Dim ObjResult As SearchResult
            ObjResult = ObjSearcher.FindOne()
                   MsgBox("Title: " & ObjResult.Properties("Title").ToString)

Are you impersonating the user at that point? Either the LDAP path is incorrect, or you're having authentication issues.

Chris
Avatar of WesGoad

ASKER

Chris,

I've tried using the current domain logon credentials and while impersonating.  I still get the :" The referral was returned from the server ."  Could there be something on the server end?


It's more likely to be the path.

Can we try it in a little VbScript to see if the path is happy?

Just this:

Set objOU = GetObject("LDAP://ourservername.us.ourdomain.com/ou=sitelocationname,dc=domain,dc=com")

Save as .vbs and double click :)

Chris
Avatar of WesGoad

ASKER

I've tried all variations of the path including the IP address instead of the server name. I even made sure the case for the path matched the active directory names. I still get the "Referral..." error.  I even tried running the script on the server. The only thing I see that would be questionable is we have a Pre-windows 2000 Domain name, but I substituted that in the path and got the same.  I'm getting no where fast! :)
ASKER CERTIFIED SOLUTION
Avatar of Chris Dent
Chris Dent
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
Avatar of WesGoad

ASKER

This seemed to work fine. It did not give me an error. I'll play areound and start adding things to see where it craps out.