Using Active Directory In ASP.Net - Dump Schema Information
This article is first in the series demonstrating the use of Active Directory
in ASP.Net. Of course all the demo code is written in language of choice - C#.
This series will not go into discussion of Active Directory or LDAP servers. We
are assuming that the readers of these articles have basic understanding of
This article demonstrates the use of following namespaces and classes.
What is this article about?
Searching an Active Directory is one of the major tasks in manipulation of
various resources. When I started with ADSI programming, I used to look for
right kind of filter values to use. Some time I had to go back forth and look
at the Active Directory schema to find value I should be using to get the
information I was looking for. For example If you want to get the information
when the user account was last changed, you need to create a filter looking for "whenchanged"
property in schema. So we decided to write a small dump utility that will
display all the properties that are used to describe a user's account in Active
How To Do It
The first step in using Directory Services interfaces is to make
connection with the node that you want to search for. .NET framework provides
DirectoryEntry class to specify the search node. For example if you
want to search for a resource in whole domain, then you need to connect to the
top node of domain in Active Directory. It is very important that you specify
the search location as close as possible to the nearest location where the
resource could be found. Otherwise the search will take longer time. For
example if You want to search for a user information, you need to specify the
location as User node and not the whole domain resource tree.
string strLDAP = "LDAP://pardesiservices.com"
m_obDirEntry = new DirectoryEntry(strLDAP);
After initializing the search node, you need to specify the
query string in
DirectorySearcher class object. You can set
various parameter values of this object to fine tune your search and how the
results will be returned. For this article we will only mention
property. This is the property that you will use to set your query string. The
query string shall be specified in LDAP format. For example if you want
to search for a user "foo", you can specify the query string as (cn=foo).
It is very important that you specify the filter/query in parentheses. For more
information on this property, look in the .NET documentation for
DirectorySearcher srch = new DirectorySearcher(m_obDirEntry);
srch.Filter = "(cn=foo)";
The next step is to start the search. You will call
FindOne method on
DirectorySearcher class object.
If you are only interested in the first entry of the returned results, then
FindOne. Otherwise if you want to get all the search results,
FindAll method. This method returns the results as
The other property that is worth mentioning is
This property lets you specify the values you want the search to return. If you
don't specify any properties, then search returns all the properties by default.
Therefore if you are only interested in some of the values, then make sure that
you specify those properties in the
PropertiesToLoad. This way you
can avoid unnecessary loading of all the values in memory.
results = srch.FindAll();
After getting all the search results, you can iterate over each
SearchResult entry in the
SearchResult class object has
Properties property that
ResultPropertyCollection object. This contains all the
properties were found by search you specified.
foreach (SearchResult result in results)
ResultPropertyCollection propColl = result.Properties;
that returns the collection containing names of all the properties returned by
search. You can iterate over this collection to get the names. We used this
technique to get the names of all properties exposed by User objects.
foreach (string strKey in propColl.PropertyNames)
foreach (object obProp in propColl[strKey])
this.AppendPropertyNode(obTopNode, strKey, obProp);
And then you can use this property names to extract particular
We have included the demo code with this article. All
the Active Directory implementation has been encapsulated in
class. We have also created an utility class,
ADSIUser. This class
parses the search results and saves as a
XmlDocument. And it also
exposes some properties to get specific information like First Name, Last Name,
etc. This class is not complete. But we will expand this as the series
We have tested the included project on following platforms
Windows 2000 Adv. Server
Windows 2003 Enterprise Server
For any comments or suggestions, feel free to contact us at