Solved

c# Search AD for user account only knowing a section of it! Help!

Posted on 2010-08-13
6
413 Views
Last Modified: 2012-05-10
Hey all again. Another Active Directory c# problem. See th pattern? lol.

Ok, now out student accounts contain whats known as a MISID, I need to search the AD looking for any account with reference to this in the CN. for example,

SC10333333

My MISID would be 333333, now i know the user would be SC10333333, but they may also be SC093333, SC083333 etc.. So i just want to search by the MISID.

How can this be done, I have tried the following but it doesn't work:


/// <summary>
        /// Check for the existence of an Object
        /// </summary>
        /// <param name="objectPath"></param>
        /// <returns>True or False</returns>
        public static bool Object_Exists(string CN=*333333,OU=this,OU=that,DC=domain,DC=local)
        {
            bool found = false;
            if (DirectoryEntry.Exists("LDAP://" + objectPath))
            {
                found = true;
            }
            return found;
        }

Open in new window

0
Comment
Question by:KazooSoft
  • 3
  • 3
6 Comments
 
LVL 5

Expert Comment

by:JayFromPep
Comment Utility
It wont work because it is a string, and therefore the '*' is taken literally.

What you can do is create a for loop, creating the CN string in iterations.

IE
public foo(string MISID)
      {
        int i;
        string cn;
        for (i = 0; i <= 10; i++)
        {
            cn = Convert.ToString(i) + MISID;
        }
        return cn;
      }

Use this return value in your logic to do the search.  That way it iterates through until you find one that matches, then jumps on to the next proc.
0
 
LVL 70

Expert Comment

by:Chris Dent
Comment Utility

You wouldn't be better setting up a search? That would allow you to use the wildcard.

Chris
0
 
LVL 5

Expert Comment

by:JayFromPep
Comment Utility
Not sure.  Sounds like a good option.  What would your approach be Chris?
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 
LVL 70

Accepted Solution

by:
Chris Dent earned 500 total points
Comment Utility

I'd want to limit connections to the directory if the number of accounts it has to look at is unknown. I'd probably try something along these lines.

Although it's always possible there's a better way :)

Chris
public static bool Object_Exists(string SearchRoot, string LdapFilter) 
{
  // Test values
  // String LdapFilter = "(name=*333333)";
  // DirectoryEntry SearchRoot = new DirectoryEntry("LDAP://OU=this,OU=that,DC=domain,DC=local");

  DirectoryEntry SearchRoot = new DirectoryEntry("LDAP://" + SearchRoot);
  DirectorySearcher Searcher = new DirectorySearcher(SearchRoot, LdapFilter);
  Searcher.SearchScope = SearchScope.OneLevel

  SearchResultCollection Results = Searcher.FindAll();

  If (Results.Count > 0) {
    return true;
  }
  return false;
}

Open in new window

0
 
LVL 5

Expert Comment

by:JayFromPep
Comment Utility
Chris,

Let me start by saying 'Duh'.....should have thought it through mo' betta.

I like it.  I think at the end to make the results work for the poster, you would have to return something to work with other than a bool.  Probably an array of some sort that has the items in it.
That array could then be itterated through to find the information of interest.

nice job.
0
 
LVL 70

Expert Comment

by:Chris Dent
Comment Utility

Yeah, definitely, I only went for bool in the return to replicate the intention of the original. I'd probably have it return a small number of properties in the SearchResultCollection for use outside the method.

Chris
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

I know all systems administrator at some time or another has had to create a script to copy file from a server share to a desktop. Well now there is an easy way to do this in Group Policy. Using Group policy preferences is not hard. The first thing …
[b]Ok so now I will show you how to add a user name to the description at login. [/b] First connect to your DC (Domain Controller / Active Directory Server) SET PERMISSIONS FOR SCRIPT TO UPDATE COMPUTER DESCRIPTION TO USERNAME 1. Open Active …
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now