Don’t worry, it’s easier than you think.
If you haven’t seen what Active Directory (AD) looks like, you can use a free AD viewer application, like the AD Explorer. I would recommend downloading it because it’s a useful tool in navigating the tree structure of an AD and viewing the object properties or attributes that you want to use in your .NET program.
Logging In To AD
When using an AD viewer application, you will need to login to the AD and provide your Windows user login and password. Usually the AD would be the domain name your computer is logged into.
Two ways to determine the domain your computer is logged into. One is from Control Panel –> System and there will be a Domain: entry if you are logged into one. Another way is looking at the environment variable USERDOMAIN. From the command prompt, type set user and press ENTER. Look at the USERDOMAIN= entry. If it does not contain your computer name, then it should be the AD name. For a more detailed instruction, click here.
Once you get into the AD, you will see the AD tree structure and each item in the tree structure is an object. Each object can be uniquely identified by it’s distinguished name (DN) or path and contains a sequence of RDNs connected by commas. RDNs are relative distinguished names and they are basically attributes with associated values. You can find a list of typical RDNs here with some examples of distinguished names and a table listing the reserved characters that need to be escaped when used in attribute values.
AD Objects in .NET
To get starting coding AD in .NET, you will need to reference System.DirectoryServices in your program and add the following statement:
And the two objects that you need to use are: DirectoryEntry and DirectorySearcher.
You use DirectoryEntry in which to bind the object in the AD tree to. You need to supply the provider (usually it’s LDAP:// ) and the path which can include the AD name. The example below is querying an AD user.
For a list of all attributes defined by AD, click here. The list there does not show the attribute names to use in the Properties collection of the DirectoryEntry object. When you click an attribute in the list, it will show the detailed information about the attribute. The attribute name to use should be under the Ldap-Display-Name.
You use DirectorySearcher when you want to search AD, say for example users with Smith as their last names.
For more details on the search filter syntax, click here.