C# and Active Directory ***geeky programming question warning*** [Archive] - Striper Talk Striped Bass Fishing, Surfcasting, Boating

View Full Version : C# and Active Directory ***geeky programming question warning***

BrianS

10-17-2007, 07:24 PM

I have a problem in that I am looking to pull a list of users from Active Directory into my application.

I actually have it working in that I have pulled ALL "users" in, but its also bringing in users that are Inactive.

How can I designate and only pull in "active" users?

This is my code as it works now.. Any assistance would be GREATLY appreciated.

try
{
string path = "LDAP://bosdc1/CN=Users,DC=firm,DC=gsxxx,DC=com";
DirectoryEntry AD = new DirectoryEntry(path);
AD.Username = "GS\\xxxxx";
AD.Password = "xxxxx";

AD.Username = "GS\\xxxxx";
AD.Password = "xxxxx";
AD.Children.SchemaFilter.Add("user");

foreach (DirectoryEntry obj in AD.Children)
{
string replaced = FixString(obj.Name.ToString(), "CN=", "");
replaced = FixString(replaced, "\\", "");
ADUsersList.Items.Add(replaced);
}
}
catch
{
}

fishsmith

10-19-2007, 01:25 PM

Thread Starter: BJSusol Started: 19 Oct 2007 4:35 PM UTC Replies: 1

This looked interesting and I started looking ..... ain't it funny what google will bring up.

My suggestion for you is a quick and dirty two step process, get the full list then filter out the inactives.

Good luck

The Dad Fisherman

10-19-2007, 02:22 PM

Can you do something like an ifmember statement and then pick certain groups...just a thought

ThrowingTimber

11-18-2007, 07:28 PM

maybe set it to collect logins within the past 90 days.

BrianS

11-20-2007, 01:13 PM

This is what I did

try
{
string path = "LDAP://xxxx/CN=Users,DC=firm,DC=xxxx,DC=com";
string filter = "(&(objectCategory=person)(objectClass=user)(!userAcc ountControl:
1.2.840.113556.1.4.803:=2))";
string[] propertiesToLoad = new string[1] { "name" };

using
(DirectoryEntry root = new DirectoryEntry(path, "xx\\xxxx", "xxxx"))
using (DirectorySearcher searcher =
new DirectorySearcher(root, filter, propertiesToLoad))
using (SearchResultCollection results = searcher.FindAll())
{
foreach
(SearchResult result in results)
{
string name = (string)result.Properties["name"][0];

ADUsersList.Items.Add(name);
}
}
}
catch
{
}

The search filter syntax looks a bit complicated, but basically it filters the search results to only include users - "objectCategory=person" and "objectClass=user" - and excludes disabled user accounts by performing a bitwise AND of the userAccountControl flags and the "account disabled" flag, and negating the results.

JohnR

11-24-2007, 11:34 AM

No scripting but you could put your inactives into a separate OU and then export from adduser.exe (or userad.exe forget which) into a text file -> CSV -> excel