Extracting Users from Active directory

Posted on 2010-11-10
Last Modified: 2013-12-24
I need to extract user information from Active Directory...

I am not to familiar with the current Active directory structure.. So I was wondering how can I go about querying the active directory for user info...

I am able to log into the active directory using the DirectoryEntry object in C# and set the search criteria filter to "(&(objectCategory=user)(objectClass=person))" but this does not give me much info...

I have also attached my current code in the code section

Any help in this regard will be highly appreciated..

public DataTable GetData(Entities.Config.EtlConfig config)
            var s = new SqlLoader();
            var dt = s.GetTableSchema(config.SqlTableToLoad);
            string setdate = DateTime.Now.ToString("dd/MM/yyyy hh:mm:ss");
                var de = GetDirectoryEntry();
                var ds = new DirectorySearcher(de) { Filter = "(&(objectCategory=user)(objectClass=person))" };
                var results = ds.FindAll();
                //var results = ds.FindOne();

                    foreach (SearchResult result in results)
                        if (results != null)
                            DataRow dr = dt.NewRow();

                            dr["Employee_Key"] = GetProperty(result, "title") ?? string.Empty;
                            dr["Employee_Name"] = GetProperty(result, "cn") ?? string.Empty;

                            dr["Employee_Full_Name"] = GetProperty(result, "distinguishedName") ?? string.Empty;
                            dr["Employee_Phone_Number"] = GetProperty(result, "telephoneNumber") ?? string.Empty;

                            dr["Email_Address"] = GetProperty(result, "mail") ?? string.Empty;
                            dr["Business_Unit"] = GetProperty(result, "department") ?? string.Empty;

                            dr["Supervisor_Full_Name"] = GetProperty(result, "manager") ?? string.Empty;
                            dr["Row_Update_Date"] = setdate;
                            dr["Source"] = config.Source;


                return dt;

            catch (Exception e)
                throw new CustomException(e, ErrorType.DataImporter, e.Message);
        /// <summary>
        /// Method used to create an entry to the AD.
        /// Replace the path, username, and password.
        /// </summary>
        /// <returns>DirectoryEntry</returns>
        public static DirectoryEntry GetDirectoryEntry()
            var de = new DirectoryEntry
                             //Path = "LDAP://DC=a,DC=b,DC=c,DC=Com",
                             Path = "LDAP://a.b.c.Com",
                             Username = @"a\SomeUser",
                             Password = "SomePwd"
            return de;

        public static string GetProperty(SearchResult searchResult, string propertyName)
            return searchResult.Properties.Contains(propertyName) ? searchResult.Properties[propertyName][0].ToString() : string.Empty;

Open in new window

Question by:2ooth
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 2
LVL 15

Expert Comment

ID: 34101469
So what information is it you are trying to extract?  Is there anything specific?  

Accepted Solution

incerc earned 500 total points
ID: 34101531
Please try :

Filter = "(&(objectCategory=person)(objectClass=user))"

(switch values in your filter)


Expert Comment

ID: 34101566
Webinar: Security & Encryption in the MySQL world

Join Percona’s Solutions Engineer, Dimitri Vanoverbeke as he presents “Security and Encryption in the MySQL world” on Thursday, July 6, 2017 at 7:00 am PDT / 10:00 am EDT (UTC-7).


Expert Comment

ID: 34101593
For a code sample of retrieving all the active directory user’s attributes, configured and not configured, please take a look in here:

There, hope it helps!

Expert Comment

ID: 34101715
Hum, back again .. I just noticed in your code that you close the DirectoryEntry object after the first result is processed :

  foreach (SearchResult result in results)
                        if (results != null) --> typo? (should check result in here)
                        de.Close();  ---> problem! should close after foreach ended

Also,  if (results != null) should be before the foreach method, or it should read like this :
if (result != null)

Author Comment

ID: 34103096

Thank you for all your Comments...

I really really appreciate your help

I basically need to search for all users within Active directory..

I am currently unable to set the filter to extract only users.. even though i have set the filter to (&(objectCategory=person)(objectClass=user))

@incerc - Thanks for pointing out the bug with regards to my code.. however the situation is still hopeless

i did go thought the link about "Searching Active Directory for User Accounts " However it did not provide me with much information as to how this could be achieved.

Please Helpp!!!

Expert Comment

ID: 34103916

What do you obtain using the filter above?

Can you run your code into debug mode and check the values? Or maybe put some debug messages in order to have more info?

Is it an exception thrown?

Author Comment

ID: 34104230
I finaly cracked it.....

Its all working now...

You guys are the best!!!!

Thank you all for your help

Expert Comment

ID: 34110111
Nice to hear that, what was the problem?

I'd suggest that you close then this question, and select an answer that helped you in your debugging. :)

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
Here's a look at newsworthy articles and community happenings during the last month.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question