Solved

c# Search AD for user account only knowing a section of it! Help!

Posted on 2010-08-13
6
418 Views
Last Modified: 2012-05-10
Hey all again. Another Active Directory c# problem. See th pattern? lol.

Ok, now out student accounts contain whats known as a MISID, I need to search the AD looking for any account with reference to this in the CN. for example,

SC10333333

My MISID would be 333333, now i know the user would be SC10333333, but they may also be SC093333, SC083333 etc.. So i just want to search by the MISID.

How can this be done, I have tried the following but it doesn't work:


/// <summary>
        /// Check for the existence of an Object
        /// </summary>
        /// <param name="objectPath"></param>
        /// <returns>True or False</returns>
        public static bool Object_Exists(string CN=*333333,OU=this,OU=that,DC=domain,DC=local)
        {
            bool found = false;
            if (DirectoryEntry.Exists("LDAP://" + objectPath))
            {
                found = true;
            }
            return found;
        }

Open in new window

0
Comment
Question by:KazooSoft
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 5

Expert Comment

by:JayFromPep
ID: 33429941
It wont work because it is a string, and therefore the '*' is taken literally.

What you can do is create a for loop, creating the CN string in iterations.

IE
public foo(string MISID)
      {
        int i;
        string cn;
        for (i = 0; i <= 10; i++)
        {
            cn = Convert.ToString(i) + MISID;
        }
        return cn;
      }

Use this return value in your logic to do the search.  That way it iterates through until you find one that matches, then jumps on to the next proc.
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 33430483

You wouldn't be better setting up a search? That would allow you to use the wildcard.

Chris
0
 
LVL 5

Expert Comment

by:JayFromPep
ID: 33430677
Not sure.  Sounds like a good option.  What would your approach be Chris?
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 
LVL 71

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 33430764

I'd want to limit connections to the directory if the number of accounts it has to look at is unknown. I'd probably try something along these lines.

Although it's always possible there's a better way :)

Chris
public static bool Object_Exists(string SearchRoot, string LdapFilter) 
{
  // Test values
  // String LdapFilter = "(name=*333333)";
  // DirectoryEntry SearchRoot = new DirectoryEntry("LDAP://OU=this,OU=that,DC=domain,DC=local");

  DirectoryEntry SearchRoot = new DirectoryEntry("LDAP://" + SearchRoot);
  DirectorySearcher Searcher = new DirectorySearcher(SearchRoot, LdapFilter);
  Searcher.SearchScope = SearchScope.OneLevel

  SearchResultCollection Results = Searcher.FindAll();

  If (Results.Count > 0) {
    return true;
  }
  return false;
}

Open in new window

0
 
LVL 5

Expert Comment

by:JayFromPep
ID: 33430866
Chris,

Let me start by saying 'Duh'.....should have thought it through mo' betta.

I like it.  I think at the end to make the results work for the poster, you would have to return something to work with other than a bool.  Probably an array of some sort that has the items in it.
That array could then be itterated through to find the information of interest.

nice job.
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 33430901

Yeah, definitely, I only went for bool in the return to replicate the intention of the original. I'd probably have it return a small number of properties in the SearchResultCollection for use outside the method.

Chris
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question