Using Active Directory In ASP.NET - Dump Schema Information

Sample Image - ADSI1.gif

This article is first in the series demonstrating the use of Active Directory in ASP.NET. Of course all the demo code is written in language of choice - C#. This series will not go into discussion of Active Directory or LDAP servers. We are assuming that the readers of these articles have basic understanding of these technologies.

.NET namespace and classes utilized

System.DirectoryServices
System.DirectoryServices.DirectoryEntry
System.DirectoryServices.DirectorySearcher
System.DirectoryServices.SearchResultCollection
System.DirectoryServices.SearchResult
System.DirectoryServices.ResultPropertyCollection
System.DirectoryServices.PropertyValueCollection

What is this article about?

Searching an Active Directory is one of the major tasks in manipulation of various resources. When I started with ADSI programming, I used to look for right kind of filter values to use. Some time I had to go back forth and look at the Active Directory schema to find value I should be using to get the information I was looking for. For example If you want to get the information when the user account was last changed, you need to create a filter looking for whenchanged property in schema. So we decided to write a small dump utility that will display all the properties that are used to describe a user's account in Active Directory.

How To Do It

The first step in using Directory Services interfaces is to make connection with the node that you want to search for. .NET framework provides DirectoryEntry class to specify the search node. For example if you want to search for a resource in whole domain, then you need to connect to the top node of domain in Active Directory. It is very important that you specify the search location as close as possible to the nearest location where the resource could be found. Otherwise the search will take longer time. For example if You want to search for a user information, you need to specify the location as User node and not the whole domain resource tree.

string strLDAP = "LDAP://pardesiservices.com"
m_obDirEntry = new DirectoryEntry(strLDAP);

After initializing the search node, you need to specify the query string in DirectorySearcher class object. You can set various parameter values of this object to fine tune your search and how the results will be returned. For this article we will only mention Filter property. This is the property that you will use to set your query string. The query string shall be specified in LDAP format. For example if you want to search for a user "foo", you can specify the query string as (cn=foo). It is very important that you specify the filter/query in parentheses. For more information on this property, look in the .NET documentation for Filter property of DirectorySearcher class.

DirectorySearcher srch = new DirectorySearcher(m_obDirEntry);
srch.Filter = "(cn=foo)";

The next step is to start the search. You will call FindAll or FindOne method on DirectorySearcher class object. If you are only interested in the first entry of the returned results, then call FindOne. Otherwise if you want to get all the search results, call FindAll method. This method returns the results as SearchResultCollection class subject.

The other property that is worth mentioning is PropertiesToLoad. This property lets you specify the values you want the search to return. If you don't specify any properties, then search returns all the properties by default. Therefore if you are only interested in some of the values, then make sure that you specify those properties in the PropertiesToLoad. This way you can avoid unnecessary loading of all the values in memory.

SearchResultCollection results;
results = srch.FindAll();

After getting all the search results, you can iterate over each SearchResult entry in the SearchResultCollection. The SearchResult class object has Properties property that returns ResultPropertyCollection object. This contains all the properties were found by search you specified.

foreach (SearchResult result in results)
{
   ResultPropertyCollection propColl = result.Properties;
}

ResultPropertyCollection exposes ProperyNames property that returns the collection containing names of all the properties returned by search. You can iterate over this collection to get the names. We used this technique to get the names of all properties exposed by User objects.

foreach (string strKey in propColl.PropertyNames)
{
  foreach (object obProp in propColl[strKey])
  {
    this.AppendPropertyNode(obTopNode, strKey, obProp);
  }
}

And then you can use this property names to extract particular values from ResultPropertyCollection dictionary.

Demo Code

We have included the demo code with this article. All the Active Directory implementation has been encapsulated in ADSIUtil class. We have also created an utility class, ADSIUser. This class parses the search results and saves as a XMLDocument. And it also exposes some properties to get specific information like First Name, Last Name, etc. This class is not complete. But we will expand this as the series progress.

Platforms Tested

We have tested the included project on following platforms

Windows 2000 Adv. Server
Windows .NET Enterprise Server (Beta 3)

Contact Us

For any suggections ot comment you can visit us as at Softomatix or write to us, softomatix@pardesiservices.com

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here

About the Author

Softomatix

Web Developer

United States

Member

To learn more about us, Please visit us at http://www.netomatix.com

Article Top

Poor

Excellent

Add a reason or comment to your vote: x
Votes of 3 or less require a comment

Comments and Discussions

You must Sign In to use this message board. (secure sign-in)

Search this forum
	Profile popups Noise Layout Per page

My vote of 5

Mingtzer

7:05 29 Mar '11

A simple, concise example to demonstrate basic but very important and useful feature in MS AD offerings.
Sign In·View Thread·Permalink

A referral was returned from the server

zeana

21:45 4 Mar '08

Hello please can any one help me

i wrote this code in vb to get all user in active directory

dsearch = New DirectorySearcher(objADObject)
Dim n, mn, ds(5), kj As String
n = My.User.Name
ds = n.Split("\")
n = ds(1).Replace("'", "")

dsearch.Filter = "(&(objectClass=user)(sAMAccountName=" + n + "))"
Dim srs As SearchResult
For Each srs In dsearch.FindAll()
emp_name = fun.ActiveDicect_details(srs, "name")
Next srs

but when run it give me this error (( A referral was returned from the server ))

zeana Smile | :)

AD QUERYING USING LDAP NOT WORKING FROM REMOTE MACHINE

Prajin

18:35 20 Jun '07

DirectoryEntry searchRoot = new DirectoryEntry
DirectorySearcher search = new DirectorySearcher();
ArrayList allUsers = new ArrayList();
DirectorySearcher search = new DirectorySearcher(searchRoot);
search.CacheResults = true;
search.Filter = "(&(objectClass=user)(objectClass=person))";
search.PropertiesToLoad.Add("samaccountname");
search.PropertiesToLoad.Add("displayname");
SearchResult result;
SearchResultCollection resultCol = search.FindAll();

I used the above code to retrive active directory usernames and loginIds .Its working fine from local machine but not working from remote machine.
It is giving the erroe"An operations error occurred "
If any one has a solution for this please help me

Prajin

Hi guys...Connection error help with Active Directory

PhoenixzeroX

9:07 23 Aug '06

First of all i want to say hi, this is my first post in codeproject. I donwloaded the Active Directory Example and i make the changes to run this app but when i try to run the server raises a message saying "The specified domain either does not exist or could not be contacted". I have about 1 week trying to figure out why is doing that. I tried to make an example code in a windows application form but it's working fine. But when i tried to write an ASP.NET error i receive the connection error" (i guess is maybe the protocol LDAP that get's the error but i don't know why). can somebody please help me??. I write an Visual Basic NET Active directory example to check this error. In Windows Forms Works fine. In ASP.NET doesn't

Imports System.DirectoryServices
Dim a As New DirectoryEntry("LDAP://CN=Testfolder,OU=Users,OU=General,DC=my,DC=domain,DC=com")

Dim b As New DirectoryEntry("LDAP://CN=Phoenixzero,OU=Administrators,OU=Users,OU=Sys,OU=Sys,DC=my,DC=domain,DC=com")
Dim isMember As Boolean = Convert.ToBoolean(a.Invoke("IsMember", New Object() {b.Path}))

If isMember Then
MsgBox("User " & b.Properties("cn").Value & " is already a member of the group")
'
' Remove the user from the group by invoking the remove method
'
a.Invoke("Remove", New Object() {b.Path})

Else
'
' Add the user to the group by invoking the Add method
'
a.Invoke("Add", New Object() {b.Path})
MsgBox("User added")
End If
'
' Cleanup our allocated objects
'
If Not IsNothing(b) Then
b.Dispose()
End If

If Not IsNothing(a) Then
a.Dispose()
End If

Like i say, this code works in visual Basic .NET Windows Forms and VBScript, but doesn't work in ASP.NET webpages. I need it in webpage because is an extended option for a webpage that i will use in a webpage

Thanks for everything and hope you can help me

PhoenixzeroX

:confused

Worthless

UnderWing

5:17 23 May '06

ADSIObject.cs and ADSIUser.cs have no meaningful comments at all. All you get is stuff like this:

// Append the value type attribute to element.
elem.Attributes.Append(attrib);

Gee! No, really, I would've never guessed you were APPENDING something to the ATTRIBUTES of an ELEMENT! Yeah, that totally helped!

WHAT are you appending? Why?

What does the element represent?

What does the "value type attribute" represent?

In a nutshell, what does any of it actually mean?

Here's an even better one:

// Check if the input collection object is null or not.
if (null == propColl) { /* ... */ }

And who could forget this classic?

// Iterate over each key in the collection.
foreach (string strKey in propColl.PropertyNames) { /* ... */ }

Y'know, it's penetrating insights like that that make Code Project microscopically more informative than heading down to skid row and listening to the winos fart.

This isn't example code. It's a library, or something. 95% of the "AD" code is "noise" about XML and so on, all of which is perfectly irrelevant to AD. That's fine, in its place; lots of people want that. I just wish I hadn't wasted ten minutes on it.

FIRE BAD! ME NO LIKE!

UnderWing

5:29 23 May '06

Hey, I just noticed this one: "Root Node not initializes"; What are you trying to SAY? That you live in a cave? That you wear bearskins and hunt mammoths with a club?
Sign In·View Thread·Permalink	1.00/5 (6 votes)

accessing the schema itself

Giles Bradshaw

6:59 1 Sep '03

What this code does is enumerate the properties of an active directory object. This isn't quite the same as dumping the schem as optional properties will not appear unless filled in. Ie some users will have more properties than others. To get the schema object for an object you can use the SchemaEntry property. You should then be able to get all the possible properties - ie access the whole schema. I've tried this (in VB but that's just c# without the squiggles). However I havn't been able to access any of the properties of the schemaentry. I get a system.notsupportedexception. I'd be really interested if any one has suceeded in doing this and how. MSDN suggests that

You can use this entry to find out what properties and methods are available on the associated object.

However they don't give an example

If anyone's managed to do this in c# c++ VB or any other language I'd be really interested.

actuially I've answered my own question - you have to use interop and use the adsi com classes that directoryServices are meant to wrap. However I couldn't get the last bit to work when accessing the actual schema objects themselves rather than the abstract schema any ideas any one?

Oh and it's in VB - C# guys add your own squiggles:

Console.WriteLine("example 1 getting a schema object from the abstract schema")
Dim iclass As ActiveDs.IADsClass = GetObject("LDAP://schema/user")
Console.WriteLine(String.Format("{0} optional properties the first is {1}", iclass.OptionalProperties.length, iclass.OptionalProperties(0)))
Console.WriteLine(String.Format("{0} mandatory properties the first is {1}", iclass.MandatoryProperties.length, iclass.MandatoryProperties(0)))
Console.WriteLine(String.Format("naming property is {0}", iclass.NamingProperties))
Console.WriteLine(String.Format("OID is {0}", iclass.OID))
Console.WriteLine(String.Format("{0} possible superiors the first is {1}", iclass.PossibleSuperiors.length, iclass.PossibleSuperiors(0)))

Console.WriteLine
Console.WriteLine
Console.WriteLine("example 2 - the schema objects themselves")

Dim de As New DirectoryEntry("LDAP://rootDSE")
Console.WriteLine(String.Format("schema naming context:" & de.Properties("schemaNamingContext")(0)))

Dim ids1 As ActiveDs.IADs

ids1 = GetObject("LDAP://cn=user," & de.Properties("schemaNamingContext")(0))
ids1.GetInfo()
Dim s As String
Dim x As Integer
Dim resp As Object = ids1.Get("objectClass")
For x = 0 To resp.Length - 1
s &= ":" & resp(x)
Next

Console.WriteLine(ids1.Class & " object classes :" & s)

Console.WriteLine("subClass of " & ids1.Get("subClassOf"))

'I couldn't get this to work
'resp = ids1.GetEx("mayContain")

Giles Bradshaw

Re: accessing the schema itself

BFJoe

7:23 15 May '06

Hi! You can access the schema information this way: http://irougen.go-mobile.at/2006/05/15/how-to-pick-the-schema-information-from-active-directory-using-c Regards, Lothar
Sign In·View Thread·Permalink	2.00/5 (1 vote)

The C# version

LDawggie

9:17 20 Nov '09

Hi,

First, you must reference the ActiveDs namespace. This namespace is included into the project by referencing to Active DS Type Library COM object in your project. If you use Visual Studio .NET IDE, then you can right click on the project and choose Add Reference menu option to add the required COM object refrence. If you are using command line compiler then use tlbimp utility to import activeds.tlb.

using ActiveDs;



       public void ShowUserProperties()

        {

            DirectoryEntry entry = new DirectoryEntry("LDAP://cn=user");

            DirectoryEntry sch = entry.SchemaEntry;

 

            ActiveDs.IADsClass iclass = sch.NativeObject as ActiveDs.IADsClass;

            object[] manProps = (iclass.MandatoryProperties) as object[];

            object[] optionalProps = (iclass.OptionalProperties) as object[];

 

            foreach (object mp in manProps)

                Console.WriteLine(mp.ToString() + "*");

 

            foreach (object op in optionalProps)

                Console.WriteLine(op.ToString());

 

              //You should also be able to loop through Superiors the same way!

         }

That should do it!
You can also access all the properties of the IADsClass from there in .NET.

When you deploy, just make sure to include the Interop.ActiveDs.dll file from the bin folder.

Here are some useful pages:
http://msdn.microsoft.com/en-us/library/aa705973(VS.85).aspx[^]

http://www.dotnet247.com/247reference/msgs/1/7126.aspx[^]

http://www.webtropy.com/articles/art14-2.asp?Interop=ActiveDs[^]

Good Luck!

VB Code

jayommer

3:34 25 Mar '03

C# isn't my language of choice... Can anyone provide me with sample code to write this in VB.NET? Thanks...
Sign In·View Thread·Permalink	1.50/5 (5 votes)

Re: VB Code

Slogmeister

10:20 5 Mar '04

Please note, that I'm still working on this, so it DOESN'T WORK.   However, here's what I've got so far in ASP.NET:

<%@ import Namespace="System.DirectoryServices" %>
'Make sure that System.DirectoryServices.dll is in the bin
'directory of your application.

dim strLDAP as string
dim m_obDirEntry as DirectoryEntry
dim srch as DirectorySearcher
dim results as SearchResultcollection
dim thingy as SearchResult
dim propColl as ResultPropertyCollection
dim strkey as string
dim obProp as object

strLDAP = "LDAP://yourcompany.yourdomain.com"
m_obDirEntry = new DirectoryEntry(strLDAP)

srch = new DirectorySearcher(m_obDirEntry)
srch.Filter = "(cn=yourusername)"

results=srch.FindAll()

for each thingy in results
   propColl=thingy.Properties
next

for each strKey in propColl.PropertyNames
   for each obProp in propcoll(strkey)
      ' this.appendPropertyNode(boTopNode, strkey, obProp)
   next
next

- Slogmeister

Great stuff and thanks!

Paul Watson

22:21 10 Feb '02

Thank you for the article. It was quite a coincidence as just yesterday I was battling away at getting our stupid AD server to give me a user list etc. You article cleared some things up. thanks! regards, Paul Watson Bluegrass Cape Town, South Africa "The greatest thing you will ever learn is to love, and be loved in return" - Moulin Rouge Sonork ID: 100.9903 Stormfront
Sign In·View Thread·Permalink

Re: Great stuff and thanks!

Anonymous

1:48 12 Feb '04

Thank You Thank You Thank You.... I have searched for weeks to find descent concise information about how to access the active schema. Even MSDN examples are buggy. Thanks you very much.
Sign In·View Thread·Permalink	2.00/5 (1 vote)