How to handle Active Directory in C#
.Net Framework provides namespaces named System.DirectoryServices and System.DirectoryServices.ActiveDirectory to handle all the interaction with AD,"Sounds exciting right!".This two namespces contains rich collection of classes , which provides n number of functionality to manage active directory.
Which classes allow us to perform basic functionality?
DirectoryEntry : Represcent a node in Active Directory Domain Service Hierarchy.There is four overloads available for creating DirectoryEntry class's instance.
2. DirectoryEntry(string path) - Here parameter path means The path at which to
bind the System.DirectoryServices.DirectoryEntry. ex:- new DirectoryEntry
3. DirectoryEntry(string path, string username, string password) - here user
should be a AD user. Ex: new DirectoryEntry
4. DirectoryEntry(string path, string username, string password,
System.DirectoryServices.AuthenticationTypes authenticationType) - Here we have
to mention the authentication type .This overload is usefull when we are using
currently logged in /applcation identity as AD authentication user.
DirectorySearcher : This class is used to perform queries against Active Directory.This has 8 overloads for creating object here i am specifying only two.
1. DirectorySearcher() - simple creating instance.
(System.DirectoryServices.DirectoryEntry) - Passing Directory entry object, so
that will be the search root node for directory seracher.
SearchResult : Represcent a node in the active directory.This can be treated as directory entry object.
How to Build LDAP Path ?
I saw many people are blindely get a copy from google and pasting it in their code without knowing about it.Have a look at the sample LDAP path
LDAP: provider (case sensitive)
ou - Organizational Unit
dc - Domain Component
cn - Common Name
Directory Service Providers
Windows NT version 5.0, Windows 2000, or Windows XP - WinNT://path
Lightweight Directory Access Protocol (LDAP - LDAP://path
Novell NetWare Directory Service - NDS://path
Novell Netware 3.x - NWCOMPAT://path
Internet Information Services (IIS) - IIS://
So in a LDAP path you have to specify the Directory service provider,Specify the domain component and the organizational unit which you are looking for.Try to be more specific if you are not looking for all users in LDAP.
Following sample code reads all the user from Active Directory
Add System.DirectoryServices reference
public void GetUsersList()
DirectoryEntry dntry = null;
DirectorySearcher dschr = null;
//Creating Directory entry object with current application context user
dntry = new DirectoryEntry("Ldap path", null, null, AuthenticationTypes.Secure);
// In the above line we are pasing user name and pasword as null so it will take
//current user credentials
//Create a searcher for this directory entry.
dschr = new DirectorySearcher(dntry);
// Next i am going to specify the filter
dschr.Filter = "(&(objectCategory=person)(objectClass=user))";
//Now i am going to specify which are the properties need to be loaded
//By specifying property we dont need to load unnecessary properties in AD.
//Loading result into search result collection
SearchResultCollection sResult = dschr.FindAll();
//Loop through the collection
foreach (SearchResult sRlt in sResult)
//Get the property value
string sMailAddr = sRlt.Properties["mail"].ToString();