User(s) info from Active Directory

Question

I am using user's ID (user name) to get his/her info from AD. I was wondering if it is possible to user other criteria, such as last name, email address, etc. to do the same.

This is what I user to filter out user right now:

        string adPath = ConfigurationManager.AppSettings["ADPath"].ToString();
        DirectoryEntry de = new DirectoryEntry(adPath);
        DirectorySearcher deSearch = new DirectorySearcher();
        deSearch.SearchRoot = de;
        string sFilter = String.Format("(&(objectClass=user)(SAMAccountName={0}))", UserID);
        deSearch.Filter = sFilter;
        deSearch.SearchScope = SearchScope.Subtree;
        SearchResult results = deSearch.FindOne();

Thanks.

Edited (using Mrc_S's suggestion):

using (adPrincipalContext)
{
    UserPrincipal qbeUser = new UserPrincipal(adPrincipalContext);
    qbeUser.GivenName = "Bruce";
    qbeUser.Surname = "Miller";

    PrincipalSearcher srch = new PrincipalSearcher(qbeUser);

    foreach (var found in srch.FindAll())
    {
        UserPrincipal up = (UserPrincipal)found;
        PrincipalSearchResult<Principal> psr = up.GetGroups();                    
        List<Principal> insListPrincipal = new List<Principal>();

        foreach (Principal p in psr)
        {
            insListPrincipal.Add(p);
        } 

        foreach (Principal gp in psr)
        {
            string s1 = gp.Name;
            string s2 = gp.Description;
        }

When I try to find the groups a user belongs to, in both (inner) foreach loops, after one iteration I get errors. The list ("indListPrincipal") will contain 18 entries, first one is "Domain Users", rest are errors for each property of pricnipal context. second foreach just dies after first iteration. The only one I get is "Domain Users" group. It seems the entire search results gets disposed after one iteration. Wha am I doing wrong?

Answer 1

Since you're on .NET 3.5 and up, you should check out the System.DirectoryServices.AccountManagement (S.DS.AM) namespace. Read all about it here:

• Managing Directory Security Principals in the .NET Framework 3.5
• MSDN docs on System.DirectoryServices.AccountManagement

Basically, you can define a domain context and easily find users and/or groups in AD:

// set up domain context
using (PrincipalContext ctx = new PrincipalContext(ContextType.Domain))
{
    // find a user
    UserPrincipal user = UserPrincipal.FindByIdentity(ctx, "SomeUserName");

    if(user != null)
    {
       // do something here....     
    }
}

The new S.DS.AM makes it really easy to play around with users and groups in AD!

The UserPrincipal object has quite a selection of properties you can access directly - if you need others, you can even extend your UserPrincipal as needed!

Update: if the various properties that FindByIdentity searches by aren't enough for you, use a PrincipalSearcher with a "query-by-example" principal to do your searching:

// create your domain context
using (PrincipalContext ctx = new PrincipalContext(ContextType.Domain))
{
   // define a "query-by-example" principal - here, we search for a UserPrincipal 
   // and with the first name (GivenName) of "Bruce" and a last name (Surname) of "Miller"
   UserPrincipal qbeUser = new UserPrincipal(ctx);
   qbeUser.GivenName = "Bruce";
   qbeUser.Surname = "Miller";
   // of course, you can set **ANY** of the UserPrincipal properties here

   // create your principal searcher passing in the QBE principal    
   PrincipalSearcher srch = new PrincipalSearcher(qbeUser);

   // find all matches
   foreach(var found in srch.FindAll())
   {
       // do whatever here - "found" is of type "Principal" - it could be user, group, computer.....          
   }
}