C# - Determine if a user is active in AD

Question

I am trying to create a method in C# to check if the provided user name is enabled or disabled in AD. I want to pass the username and any other information required like auth username and auth password as my own id can not query AD. I searched a lot of examples on the forum but none of them deals with supplying Authentication username and password to be used to query the AD. Can someone help me with same. Your help is hugely appreciated.

Answer 1

If you're on .NET 3.5 and up, you should check out the System.DirectoryServices.AccountManagement (S.DS.AM) namespace. Read all about it here:

• Managing Directory Security Principals in the .NET Framework 3.5
• MSDN docs on System.DirectoryServices.AccountManagement

Basically, you can define a domain context and easily find users and/or groups in AD:

// set up domain context
using (PrincipalContext ctx = new PrincipalContext(ContextType.Domain))
{
    // find a user
    UserPrincipal user = UserPrincipal.FindByIdentity(ctx, "SomeUserName");

    if(user != null)
    {
       bool isActive = user.Enabled;
    }
}

The new S.DS.AM makes it really easy to play around with users and groups in AD!