Last post Jul 14, 2010 01:16 AM by abhitalks
Jul 09, 2010 08:12 AM|abhitalks|LINK
Recently I was in need to search EmailAddress of the Distribution Lists a user belonged to, in Active Directory.
As usual I started with System.DirectoryServices.AccountManagement. Using UserPrincipal and GroupPrincipal with PrincipalContext, I could enumerate the groups this user belonged to, and then filtered out those with IsSecurityGroup set to
'true'. Fine, it gives me the list of DLs, however it won't give me the Email Address of these distribution lists!
Then I resorted to plain old System.DirectoryServices. After finding the group (user belonged to) by using the above mentioned method, I used that name DirectoryEntry (with LDAP connection string) and then specifying that cryptic filter
with DirectorySearcher [adSearch.Filter = "(displayName=" & strGroupName & ")"] followed up with even more cryptic
[adSearch.PropertiesToLoad.Add("mail")] and then [adResult = adSearch.FindOne()] and then eventually [strEmail = adResult.GetDirectoryEntry.Properties.Item("mail").Value.ToString] ,
I was able to retrieve the email address of that DL.
Out of curiosity, I tried to use System.Management as well. (I have been using that to query Exchange mailboxes using WMI). Having specified the WMI connection string (\\<DC Server>\root\directory\LDAP) to the ManagementScope in
order to use with ManagementObjectSearcher, I supplied that friendly "select" query to the ObjectQuery (SELECT DS_mail FROM ads_group WHERE DS_name = ..."). Good enough, with the ManagementObjectSearcher I could get the email address
I was looking for.
However, WMI won't let me connect using the domain (I have to specify a server), which I have a strange feeling about.
Anyway, my question(s) are:
Jul 09, 2010 04:56 PM|Pyrrhonist|LINK
Speaking to you first paragraph only...you need to extend the GroupPrincipal object in order to get mail information out of the group.
public class ADGroup : GroupPrincipal
public ADGroup(PrincipalContext context)
public ADGroupSearchFilter AdvancedSearchFilter
if (searchFilter == null)
searchFilter = new ADGroupSearchFilter(this);
public string MailNickname
if (ExtensionGet("mailNickname").Length != 1)
public string Mail
if (ExtensionGet("mail").Length != 1)
public static new ADGroup FindByIdentity(PrincipalContext context, string identityValue)
return (ADGroup)FindByIdentityWithType(context, typeof(ADGroup), identityValue);
public static new ADGroup FindByIdentity(PrincipalContext context, IdentityType identityType, string identityValue)
return (ADGroup)FindByIdentityWithType(context, typeof(ADGroup), identityType, identityValue);
public class ADGroupSearchFilter : AdvancedFilters
public ADGroupSearchFilter(Principal p)
Then to query with your new group
PrincipalContext ctx = new PrincipalContext(ContextType.Domain, "myDomain");
ADGroup grp = ADGroup.FindByIdentity(ctx, "groupname");
// grp.Mail should now be available and populated.
// Further, you will be able to query by e-mail address of groups
ADGroup grpToLookFor = new ForcesADGroup(ctx);
grpToLookFor.Mail = "email@example.com";
PrincipalSearcher ps = new PrincipalSearcher(grpToLookFor);
ADGroup foundGroup = ps.FindOne() as ADGroup;
I'd be curious to know what performance gain / hit you take using the new library over the old method.
Anyways, hope this helps you some.
Jul 14, 2010 01:16 AM|abhitalks|LINK
Thanks for your time there. That looks like some way indeed.
But that would be an overkill in my scenario where I sporadically need a few out-of-band properties. Am still unable to make a generic high-level library out of it for use in my applications.
What I have resorted to is, having a DTO taking the info in-and-out of my library to the app. Whenever, I need one of those out-of-band attributes I fall back to using WMI with System.Managment or DirectoryServices.
However, am still consufed over whether is it right to mix-and-match, and what are the pros-and-cons of each method.
I have not yet profiled the code, so cannot say exactly how much gain/hit with each method. Prima-facie it seems marginal.