Click here to Skip to main content
Click here to Skip to main content

Get List of Active Directory Users in C#

, 30 May 2013 CPOL
Rate this:
Please Sign up or sign in to vote.
List AD users using DirectoryServices (System.DirectoryServices)


This tip describes how to list Active Directory users.

Using the Code

The below code demonstrates how can we fetch Active Directory (AD) using Directory Service. For this, I'm using object array (Users) and here is the structure:

public class Users
    public string Email { get; set; }
    public string UserName { get; set; }
    public string DisplayName { get; set; }
    public bool isMapped { get; set; }

The code below shows how to fetch user information from Active Directory.

public List<Users> GetADUsers()
        List<Users> lstADUsers = new List<Users>();
        string DomainPath = "LDAP://DC=xxxx,DC=com"
        DirectoryEntry searchRoot = new DirectoryEntry(DomainPath); 
        DirectorySearcher search = new DirectorySearcher(searchRoot);
        search.Filter = "(&(objectClass=user)(objectCategory=person))";
        search.PropertiesToLoad.Add("displayname");//first name
        SearchResult result;
        SearchResultCollection resultCol = search.FindAll();
        if (resultCol != null)
            for (int counter = 0; counter < resultCol.Count; counter++)
                string UserNameEmailString = string.Empty;
                result = resultCol[counter];
                if (result.Properties.Contains("samaccountname") && 
                         result.Properties.Contains("mail") && 
                    Users objSurveyUsers = new Users();
                    objSurveyUsers.Email = (String)result.Properties["mail"][0] + 
                      "^" + (String)result.Properties["displayname"][0];
                    objSurveyUsers.UserName = (String)result.Properties["samaccountname"][0];
                    objSurveyUsers.DisplayName = (String)result.Properties["displayname"][0];
        return lstADUsers;
    catch (Exception ex)


Let's see what is happening here...

The DirectoryEntry class encapsulates an object in Active Directory Domain Services, DirectoryEntry(DomainPath) initializes a new instance of the class that binds this instance to the node in Active Directory Domain Services located at the specified path, i.e., DomainPath.

In DirectorySearcher, create a DirectorySearcher object which searches for all users in a domain. search.Filter = "(&(objectClass=user)(objectCategory=person))" filters the search.

The search filter syntax looks a bit complicated, but basically it filters the search results to only include users - "objectCategory=person" and "objectClass=user" - and excludes disabled user accounts by performing a bitwise AND of the userAccountControl flags and the "account disabled" flag.

Note: SAMAccountName is unique and also indexed. sAMAccountName must be unique among all security principal objects within the domain.

search.FindAll(); retrieves all the elements that match the conditions defined.

Let's see how we get the current login user.

public string GetCurrentUser()
        string userName = HttpContext.Current.User.Identity.Name.Split('\\')[1].ToString();
        string displayName = GetAllADUsers().Where(x => 
          x.UserName == userName).Select(x => x.DisplayName).First();
        return displayName;
    catch (Exception ex)
    { //Exception logic here 

Let's see what this code snippet does:

  • HttpContext.Current.User.Identity returns the Windows identity object including AuthenticationType ("ntml", "kerberos" etc..), IsAuthenticated, Name ("Domain/username").
  • HttpContext.Current.User.Identity.Name returns "Domain\\username" .

Hope this helps you understand how directory service works with AD.


This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)


About the Author

Naufel Basheer
Technical Lead
India India
No Biography provided

Comments and Discussions

Questionineffecient to use (&(objectClass=user)(objectCategory=person)) as filter Pinmemberalekcarlsen23-Mar-15 23:00 
QuestionSome issues in the code PinmemberMember 113800762-Feb-15 9:33 
GeneralMy vote of 5 Pinmemberz_smahi9-Dec-14 22:27 
GeneralMy vote of 5 PinprofessionalAnurag Gandhi7-Dec-14 3:26 
SuggestionWorks great PinmemberDenver802115-Nov-14 8:02 
QuestionNice Article Thanks PinmemberPiyushMCA8-Oct-14 3:05 
AnswerRe: Nice Article Thanks PinmemberNaufel Basheer8-Oct-14 22:01 
QuestionThis code works fine on my local not on web server. PinmemberMember 253705116-May-14 10:13 
AnswerRe: This code works fine on my local not on web server. PinmemberNaufel Basheer27-Jun-14 0:33 
SuggestionWhy Do It Like This? [modified] Pinmemberthree_sixteen31-Jul-13 8:47 
It appears that the context of your code is to get the active directory user of a person requesting a page using WCF or ASP.NET.
There's no need to pull every single user out of Active Directory and then use a lambda expression as a filter.
You can just use ServiceSecurityContext.Current.WindowsIdentity if your site or application has Windows authentication enabled in IIS.[^]
public List<string> getActiveDirectoryGroups()
    List<string> groups = new List<string>();
    WindowsIdentity identity = ServiceSecurityContext.Current.WindowsIdentity;
    foreach (IdentityReference group in identity.Groups)
        string account = new System.Security.Principal.SecurityIdentifier(group.Value).Translate(typeof(System.Security.Principal.NTAccount)).ToString();
        string[] accountsplit = account.Split('\\');
        if (accountsplit.Length >= 2)
    return groups;

modified 31-Jul-13 13:54pm.

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

| Advertise | Privacy | Terms of Use | Mobile
Web01 | 2.8.150327.1 | Last Updated 30 May 2013
Article Copyright 2013 by Naufel Basheer
Everything else Copyright © CodeProject, 1999-2015
Layout: fixed | fluid