Get all roles from AD LDS Programmatically

Question

I am looking for some guidance on how I can connect to AD LDS programmatically. I am trying to retrieve all AD LDS roles using a C# program.

Any pointers on where to get started will be much appreciated.

Answer 1

According to this, AD LDS roles are AD groups that reside in the CN=Roles container of your LDS instance - right?

With the classes in the System.DirectoryServices.AccountManagement (S.DS.AM) namespace, you can get those groups pretty easily:

// set up the "ApplicationDirectory" context and use the "CN=Roles" container
PrincipalContext ctx = new PrincipalContext(ContextType.ApplicationDirectory, "ldsserver:389", "CN=Roles,DC=YourCompany,DC=com");

// set up a "QBE" group principal
GroupPrincipal qbeGroup = new GroupPrincipal(ctx);

// create your principal searcher passing in the QBE principal    
PrincipalSearcher srch = new PrincipalSearcher(qbeGroup);

// find all matches
foreach(var found in srch.FindAll())
{
    // do whatever here - "found" should be "GroupPrincipal" types only
}

Read all about the System.DirectoryServices.AccountManagement (S.DS.AM) namespace here:

• Managing Directory Security Principals in the .NET Framework 3.5
• MSDN docs on System.DirectoryServices.AccountManagement

The new S.DS.AM makes it really easy to play around with users and groups in AD (and AD LDS)!