I have the following code inside my asp.net mvc web aaplication , to show all thr AD users:-
public List<DomainContext> GetADUsers(string term=null)
{
string[] types = new string[] { "BranchA", "BranchB" };
List<DomainContext> results = new List<DomainContext>();
string ADServerName = System.Web.Configuration.WebConfigurationManager.AppSettings["ADServerName"];
using (var context = new PrincipalContext(ContextType.Domain, ADServerName, "username", "password"))
using (var searcher = new PrincipalSearcher(new UserPrincipal(context)))
{
var searchResults = searcher.FindAll();
foreach (Principal p in searchResults)
{
if ((term == null || p.SamAccountName.ToString().ToUpper().StartsWith(term.ToUpper())) && (types.Contains(p.DistinguishedName)))
but the above have returned all service accounts , such as sharepoint_searchserver . so i want to filter out the users to retrieve only the actual users. i try to filter by having users which contain our branches in their DistinguishedName , but this will
return empty user list. so my question is how i can filter the AD to retrieve only actual users?
You can try to get accounts, e.g. only where email address is set
but i can not gurantee that service accounts do not have emails. why could not i search the distinguised names, as i am doing in my code
types.Contains(p.DistinguishedName)
This is because Types.Contains check if the p.DistinguishedName is either BranchA or BranchB which never happens (seems a confusion between String.Contains and Array.Contains while you want to see for each string in your array if the p.distinguishedName
contains this string).
but i can not gurantee that service accounts do not have emails. why could not i search the distinguised names, as i am doing in my code
In your code you receive all accounts and then trying to filter them out. If you know that SamAccountName should have some key, then it is better to setup QueryFilter and return only required accounts.
UserPrincipal up = new UserPrincipal(context);
up.EmailAddress = "*";
up.SamAccountName = term + "*";
PrincipalSearcher searcher = new PrincipalSearcher();
searcher.QueryFilter = up;
var results = searcher.FindAll();
Also, if you need to search within specific OU or DC, you can specify it e.g. as
thanks for the reply, but how i can mentione to include OU=BranchA OR OU=BranchB , in the
PrincipalContext(ContextType.Domain,ADServerName,"OU=BranchA,DC=domain,DC=com","username","password"); ?
If BranchA is parent for BranchB then you can call "OU=BranchA,OU=BranchB,DC=domain,DC=com". If it is not the case, then you cannot combine them in the connection string, and need to call separately
Member
488 Points
2550 Posts
Filtering AD users based on disting
Jan 08, 2014 11:52 AM|johnjohn123123|LINK
I have the following code inside my asp.net mvc web aaplication , to show all thr AD users:-
public List<DomainContext> GetADUsers(string term=null) { string[] types = new string[] { "BranchA", "BranchB" }; List<DomainContext> results = new List<DomainContext>(); string ADServerName = System.Web.Configuration.WebConfigurationManager.AppSettings["ADServerName"]; using (var context = new PrincipalContext(ContextType.Domain, ADServerName, "username", "password")) using (var searcher = new PrincipalSearcher(new UserPrincipal(context))) { var searchResults = searcher.FindAll(); foreach (Principal p in searchResults) { if ((term == null || p.SamAccountName.ToString().ToUpper().StartsWith(term.ToUpper())) && (types.Contains(p.DistinguishedName)))but the above have returned all service accounts , such as sharepoint_searchserver . so i want to filter out the users to retrieve only the actual users. i try to filter by having users which contain our branches in their DistinguishedName , but this will return empty user list. so my question is how i can filter the AD to retrieve only actual users?
All-Star
35159 Points
9075 Posts
Re: Filtering AD users based on disting
Jan 08, 2014 12:07 PM|smirnov|LINK
You can try to get accounts, e.g. only where email address is set
//using (var searcher = new PrincipalSearcher(new UserPrincipal(context))) //{ UserPrincipal up = new UserPrincipal(context); up.EmailAddress = "*"; searcher.QueryFilter = up; PrincipalSearcher searcher = new PrincipalSearcher(); searcher.QueryFilter = up; var results = searcher.FindAll();Member
488 Points
2550 Posts
Re: Filtering AD users based on disting
Jan 08, 2014 12:17 PM|johnjohn123123|LINK
but i can not gurantee that service accounts do not have emails. why could not i search the distinguised names, as i am doing in my code types.Contains(p.DistinguishedName)
All-Star
47910 Points
17759 Posts
Re: Filtering AD users based on disting
Jan 08, 2014 12:27 PM|PatriceSc|LINK
Hi,
This is because Types.Contains check if the p.DistinguishedName is either BranchA or BranchB which never happens (seems a confusion between String.Contains and Array.Contains while you want to see for each string in your array if the p.distinguishedName contains this string).
Else you should be able able to directly searching those branches (rather than getting all users and excluding some of them). See http://stackoverflow.com/questions/14205737/unable-to-find-user-after-specifying-a-container-for-principalcontext
All-Star
35159 Points
9075 Posts
Re: Filtering AD users based on disting
Jan 08, 2014 02:09 PM|smirnov|LINK
In your code you receive all accounts and then trying to filter them out. If you know that SamAccountName should have some key, then it is better to setup QueryFilter and return only required accounts.
http://msdn.microsoft.com/en-us/library/bb384378(v=vs.90).aspx
Also, if you need to search within specific OU or DC, you can specify it e.g. as
Member
488 Points
2550 Posts
Re: Filtering AD users based on disting
Jan 08, 2014 03:42 PM|johnjohn123123|LINK
thanks for the reply, but how i can mentione to include OU=BranchA OR OU=BranchB , in the PrincipalContext(ContextType.Domain, ADServerName, "OU=BranchA,DC=domain,DC=com", "username", "password"); ?
Thanks
All-Star
35159 Points
9075 Posts
Re: Filtering AD users based on disting
Jan 09, 2014 04:07 AM|smirnov|LINK
If BranchA is parent for BranchB then you can call "OU=BranchA,OU=BranchB,DC=domain,DC=com". If it is not the case, then you cannot combine them in the connection string, and need to call separately
"OU=BranchA,OU=BranchB,DC=domain,DC=com"
"OU=BranchB,OU=BranchB,DC=domain,DC=com"
This still might be faster instead of calling all users and then checking their OU as per your original code.
If you don't like it, just use my last example and check OU, but instead of
do
because DistinguishedName is usually a string like
CN=jeff,OU=BranchA,DC=domain,DC=com
and types.Contains("CN=jeff,OU=BranchA,DC=domain,DC=com") will always return nothing.