LINQ to Active Directory

boricua1213

Sep 24, 2010 at 10:18 PM

The memberof attribute of user schema not working. Using VS2010. Any idea why? Always returns empty array.

The member attribute of group schema works. Weird. Heres my code for the entities:

 [DirectorySchema("user", typeof(IADsUser))]
    public class ADUser : DirectoryEntity
    {
        #region General
        [DirectoryAttribute("cn")]
        public string Name
        {
            get;
            set;
        }
        [DirectoryAttribute("givenName")]
        public string FirstName
        {
            get;
            set;
        }
        [DirectoryAttribute("initials")]
        public string Initials
        {
            get;
            set;
        }
        [DirectoryAttribute("sn")]
        public string LastName
        {
            get;
            set;
        }
        [DirectoryAttribute("displayName")]
        public string DisplayName
        {
            get;
            set;
        }
        [DirectoryAttribute("description")]
        public string Description
        {
            get;
            set;
        }
        [DirectoryAttribute("physicalDeliveryOfficeName")]
        public string Office
        {
            get;
            set;
        }
        [DirectoryAttribute("mail")]
        public string Email
        {
            get;
            set;
        }
        [DirectoryAttribute("wWWHomePage")]
        public string HomePage
        {
            get;
            set;
        }
        #endregion

        #region Address
        [DirectoryAttribute("streetAddress")]
        public string Street
        {
            get;
            set;
        }
        [DirectoryAttribute("postOfficeBox")]
        public string POBox
        {
            get;
            set;
        }
        [DirectoryAttribute("l")]
        public string City
        {
            get;
            set;
        }
        [DirectoryAttribute("st")]
        public string State
        {
            get;
            set;
        }
        [DirectoryAttribute("postalCode")]
        public string Zip
        {
            get;
            set;
        }
        [DirectoryAttribute("c")]
        public string Country
        {
            get;
            set;
        }
        #endregion

        #region Account
        [DirectoryAttribute("userPrincipalName")]
        public string UserLogonName
        {
            get;
            set;
        }
        [DirectoryAttribute("sAMAccountName")]
        public string PreWin2kLogonName
        {
            get;
            set;
        }
        [DirectoryAttribute("userAccountControl")]
        public Int32 AccountDisabled
        {
            get;
            set;
        }
        #endregion

        #region Phone
        [DirectoryAttribute("homePhone")]
        public string HomePhone
        {
            get;
            set;
        }
        [DirectoryAttribute("pager")]
        public string Pager
        {
            get;
            set;
        }
        [DirectoryAttribute("mobile")]
        public string Mobile
        {
            get;
            set;
        }
        [DirectoryAttribute("facsimileTelephoneNumber")]
        public string Fax
        {
            get;
            set;
        }
        [DirectoryAttribute("ipPhone")]
        public string IpPhone
        {
            get;
            set;
        }
        #endregion

        #region Organization
        [DirectoryAttribute("title")]
        public string Title
        {
            get;
            set;
        }
        [DirectoryAttribute("department")]
        public string Department
        {
            get;
            set;
        }
        [DirectoryAttribute("company")]
        public string Company
        {
            get;
            set;
        }
        [DirectoryAttribute("manager")]
        public string ManagerLdap
        {
            get;
            set;
        }
        public string ManagerName
        {
            get
            {
                string o = ManagerLdap;
                if (!string.IsNullOrEmpty(o))
                {
                    string[] arr = o.Split(',');

                    return arr[0].Replace("CN=", string.Empty);
                }

                return null;
            }
            set { }

        }
        #endregion

        [DirectoryAttribute("memberOf")]
        public string[] Groups
        { 
            get;
            set; 
        }
    }

    [DirectorySchema("group")]
    public class ADGroup
    {
        public string Name { get; set; }

        [DirectoryAttribute("member")]
        public string[] Members { get; set; }
    }

boricua1213

Sep 24, 2010 at 11:41 PM

I was pulling my own account which is a member of domain admins only. No groups returned.

I changed to a co worker he is part of 3 groups including Domain Admins, only returns 2 that are not Domain Admins. Why?

In the Group class Members for Domain Admin I do not see my account. Any idea?

I added myself to Domain Users and that is the only group returned.

Any help will be much appreciated.

boricua1213

Sep 27, 2010 at 4:39 PM

Apparently, the Primary Group is not listed in the memberOf attribute list. So I had to use primaryGroupID attribute, and then find the name and add it to the memberOf list. Here is the function to get the name of primary group:

 private string GetPrimaryGroup()
        {
            DirectoryEntry aDomainEntry = System.DirectoryServices.ActiveDirectory.Domain.GetCurrentDomain().GetDirectoryEntry();

            int primaryGroupID = PrimaryGroupID;
            byte[] objectSid = (byte[])ObjectSid;

            StringBuilder escapedGroupSid = new StringBuilder();

            // Copy over everything but the last four bytes(sub-authority)
            // Doing so gives us the RID of the domain
            for (uint i = 0; i < objectSid.Length - 4; i++)
            {
                escapedGroupSid.AppendFormat("\\{0:x2}", objectSid[i]);
            }

            //Add the primaryGroupID to the escape string to build the SID of the primaryGroup
            for (uint i = 0; i < 4; i++)
            {
                escapedGroupSid.AppendFormat("\\{0:x2}", (primaryGroupID & 0xFF));
                primaryGroupID >>= 8;
            }

            //Search the directory for a group with this SID
            DirectorySearcher searcher = new DirectorySearcher();
            if (aDomainEntry != null)
            {
                searcher.SearchRoot = aDomainEntry;
            }

            searcher.Filter = "(&(objectCategory=Group)(objectSID=" + escapedGroupSid.ToString() + "))";
            searcher.PropertiesToLoad.Add("distinguishedName");

            string o = searcher.FindOne().Properties["distinguishedName"][0].ToString();
            if (!string.IsNullOrEmpty(o))
            {
                string[] arr = o.Split(',');

                return arr[0].Replace("CN=", string.Empty);
            }

            return null;
        }

Updating...

LINQ to Active Directory

MemberOf Attribute not working

Text Formatting

Lists

Quotes

Code

References

boricua1213 Sep 24, 2010 at 10:18 PM	The memberof attribute of user schema not working. Using VS2010. Any idea why? Always returns empty array. The member attribute of group schema works. Weird. Heres my code for the entities: [DirectorySchema("user", typeof(IADsUser))] public class ADUser : DirectoryEntity { #region General [DirectoryAttribute("cn")] public string Name { get; set; } [DirectoryAttribute("givenName")] public string FirstName { get; set; } [DirectoryAttribute("initials")] public string Initials { get; set; } [DirectoryAttribute("sn")] public string LastName { get; set; } [DirectoryAttribute("displayName")] public string DisplayName { get; set; } [DirectoryAttribute("description")] public string Description { get; set; } [DirectoryAttribute("physicalDeliveryOfficeName")] public string Office { get; set; } [DirectoryAttribute("mail")] public string Email { get; set; } [DirectoryAttribute("wWWHomePage")] public string HomePage { get; set; } #endregion #region Address [DirectoryAttribute("streetAddress")] public string Street { get; set; } [DirectoryAttribute("postOfficeBox")] public string POBox { get; set; } [DirectoryAttribute("l")] public string City { get; set; } [DirectoryAttribute("st")] public string State { get; set; } [DirectoryAttribute("postalCode")] public string Zip { get; set; } [DirectoryAttribute("c")] public string Country { get; set; } #endregion #region Account [DirectoryAttribute("userPrincipalName")] public string UserLogonName { get; set; } [DirectoryAttribute("sAMAccountName")] public string PreWin2kLogonName { get; set; } [DirectoryAttribute("userAccountControl")] public Int32 AccountDisabled { get; set; } #endregion #region Phone [DirectoryAttribute("homePhone")] public string HomePhone { get; set; } [DirectoryAttribute("pager")] public string Pager { get; set; } [DirectoryAttribute("mobile")] public string Mobile { get; set; } [DirectoryAttribute("facsimileTelephoneNumber")] public string Fax { get; set; } [DirectoryAttribute("ipPhone")] public string IpPhone { get; set; } #endregion #region Organization [DirectoryAttribute("title")] public string Title { get; set; } [DirectoryAttribute("department")] public string Department { get; set; } [DirectoryAttribute("company")] public string Company { get; set; } [DirectoryAttribute("manager")] public string ManagerLdap { get; set; } public string ManagerName { get { string o = ManagerLdap; if (!string.IsNullOrEmpty(o)) { string[] arr = o.Split(','); return arr[0].Replace("CN=", string.Empty); } return null; } set { } } #endregion [DirectoryAttribute("memberOf")] public string[] Groups { get; set; } } [DirectorySchema("group")] public class ADGroup { public string Name { get; set; } [DirectoryAttribute("member")] public string[] Members { get; set; } }

boricua1213 Sep 24, 2010 at 11:41 PM	I was pulling my own account which is a member of domain admins only. No groups returned. I changed to a co worker he is part of 3 groups including Domain Admins, only returns 2 that are not Domain Admins. Why? In the Group class Members for Domain Admin I do not see my account. Any idea? I added myself to Domain Users and that is the only group returned. Any help will be much appreciated.

boricua1213 Sep 27, 2010 at 4:39 PM	Apparently, the Primary Group is not listed in the memberOf attribute list. So I had to use primaryGroupID attribute, and then find the name and add it to the memberOf list. Here is the function to get the name of primary group: private string GetPrimaryGroup() { DirectoryEntry aDomainEntry = System.DirectoryServices.ActiveDirectory.Domain.GetCurrentDomain().GetDirectoryEntry(); int primaryGroupID = PrimaryGroupID; byte[] objectSid = (byte[])ObjectSid; StringBuilder escapedGroupSid = new StringBuilder(); // Copy over everything but the last four bytes(sub-authority) // Doing so gives us the RID of the domain for (uint i = 0; i < objectSid.Length - 4; i++) { escapedGroupSid.AppendFormat("\\{0:x2}", objectSid[i]); } //Add the primaryGroupID to the escape string to build the SID of the primaryGroup for (uint i = 0; i < 4; i++) { escapedGroupSid.AppendFormat("\\{0:x2}", (primaryGroupID & 0xFF)); primaryGroupID >>= 8; } //Search the directory for a group with this SID DirectorySearcher searcher = new DirectorySearcher(); if (aDomainEntry != null) { searcher.SearchRoot = aDomainEntry; } searcher.Filter = "(&(objectCategory=Group)(objectSID=" + escapedGroupSid.ToString() + "))"; searcher.PropertiesToLoad.Add("distinguishedName"); string o = searcher.FindOne().Properties["distinguishedName"][0].ToString(); if (!string.IsNullOrEmpty(o)) { string[] arr = o.Split(','); return arr[0].Replace("CN=", string.Empty); } return null; }

Updating...

LINQ to Active Directory

MemberOf Attribute not working

Text Formatting

Lists

Quotes

Code

References

Delete Post X

Delete Thread X