Query Active directory using C#

Requirement definition

There was a requirement where we are dealing with a web based application and have to authenticate our logged in user against the LAN ID. The LAN ID information is maintained by Microsoft Active Directory.Active Directory is a technology by Microsoft that provides a variety of services. So here the issue is how we are going to communicate with ADI and get the information’s using our application.

Solution

This article describes how to use .NET framework to manage resources under Windows Active Directory Services. Microsoft provides ADSI (Active Directory Services Interface) which can interact with many providers including IIS (Internet Information Services), LDAP (Lightweight Directory Access Protocol), WinNT and NDS (Novell Netware Directory Service). Using the classes provided under .NET System.DirectoryServices namespace. To access these classes add System.DirectoryServices.dll to the references. The System.DirectoryServices namespaces provides two important classes DirectoryEntry and DirectorySearcher to work with the Active Directory. The DirectoryEntry class represents a resource in the Active Directory and the DirectorySearcher class is used to query the Active Directory. The DirectorySearcher class uses a search root which is a server where the search begins and a LDAP filter string (which is analogous to where clause in SQL) to query the Active Directory resources. A condition is enclosed by parenthesis and an operator precedes 2 conditions. Eg. (& (Condition1)(Condition2)) The statement is equivalent to saying A and B. Remember the parenthesis. Another example ((& (Condition1)(Condition2) ) (Condition3) ) should be interpreted as (Condition1 and Condition2) or (Condition3).

After a couple of days of Research I have successfully accomplished the tasks of querying for and updating users. I will share some basic functionality for those of you that are interested. It might be useful to read up on LDAP to get a good understanding of what it is and how it works with Active Directory.

public static DirectoryEntry GetDirectoryService()

{

      de.Path = ldap://OU=Domain,DC=YourDomain,DC=com/;
      de.AuthenticationType = AuthenticationTypes.Secure;     
      DirectoryEntry de = new DirectoryEntry();
      return de;
}

 public bool UserExists(string username)

{
     DirectoryEntry dr = GetDirectoryService();
    DirectorySearcher drSearch = new DirectorySearcher();"(&(objectClass=user) (cn=" + username + "))";
    SearchResultCollection results = drSearch.FindAll();
    return results;
}
Read the result :
foreach (SearchResult result in results)
{
    string userNmae = result.Properties["samaccountname"][0];
}
Now if needed we can add more filter conditions here based on your requirement. Here by some examples are given.

adSearch.PropertiesToLoad.Add("cn");
adSearch.PropertiesToLoad.Add("givenname");
adSearch.PropertiesToLoad.Add("displayname");
adSearch.PropertiesToLoad.Add("employeenumber");
adSearch.PropertiesToLoad.Add("samaccountname");
adSearch.PropertiesToLoad.Add("countrycode");
adSearch.PropertiesToLoad.Add("memberof");

If you want to serch based on Group then :

adSearch.Filter ="(&(objectCategory=user)(|(memberOf="+Constants.GROUP_GUEST+")(memberOf="+ Constants.GROUP_TL + ")))";

This is going to be a very small part of ADI access through C#.Basically I just want to explain how we addressed our requirment of pulling ADI data from C# to meet our authentication requirments.