Active Directory Search Module
|I worked on Active Directory in my some recent assignments and requirements were something like:
- Identify current user.
- Get current user’s groups.
- Get all users of a group.
- Search and filter users and groups on various parameters. etc…..
So I decided to sum up my limited knowledge into very small but useful library. You can find it at:
Nuget Packages at : Packages Link
Source Code at : CodeNode Repository
Previously we had to write manual LDAP queries and a lot of code to interact with AD but .NET3.5 onwards we can use PrincipalContext class, which offer very easy access for all base functionality although It internally use LDAP queries itself.
Library has mainly three classes
- UserSearchCriteria
- SearchOn
- ActiveDirectoryManager
1) UserSearchCriteria:
public class UserSearchCriteria { public string SearchValue { get; set; } public string GroupName { get; set; } public SearchOn Parameter { get; set; } public bool ExactMatch { get; set; } }
It contains four properties:
SearchValue : it is the string value by which you want to search.
GroupName : If you want to search on a particular Active Directory Group.
Parameter : It is SearchOn Enum, it defines on which AD property you want to search.
ExactMatch : It defines should match be exact or partial.
2. SearchOn :
This enum has supported properties of library by which we can do search.
public enum SearchOn { Description = 1, Guid = 2, Name = 3, SamAccountName = 4, //Sid should be System.Security.IdentityReference Sid = 5, UserPricipalName = 6, Email = 7, Firstname = 8, MiddleName = 9, SurName = 10 }
3.ActiveDirectoryManager :
This is the main component of library and has all logic for performing any search. It basically uses PrincipalContext class of the .NET framework. I would divide this class in four sections :
a) Constructor:
- ActiveDirectoryManager() : It will create PrincipalContext with current window user information.
- ActiveDirectoryManager(string domain, string userName, string password) : You can provide domain, username and password if you want to create PrincipalContext of particular user to perform search.
- ActiveDirectoryManager(PrincipalContext context) : If still we believe that our PrincipalContext should have configured with some additional properties , you can create and pass its reference.
b) User Validation Methods :
- bool IsUserValid(string userName, string password) : it will confirm particular user by provided username and password.
- bool IsUserExpired(string userName) : it will check that user’s account with provided username is expired or not.
- bool IsUserExist(string userName) : Check if user exist or not.
- bool IsAccountLocked(string userName) : Check if account is locked or not.
c) Search Methods :
- UserPrincipal GetCurrentUser() : It will provide UserPrincipal of current logged in user if window authentication has enabled on IIS.
- UserPrincipal GetUser(IdentityType identityType, string searchValue) : IdentityType is system provided options for supported identity, which can be used to identify a single user. So we can provide type and value to get user.
E.g.
<pre>return GetUser(IdentityType.SamAccountName, "David");
- IEnumerable GetGroupUsers(string groupName, bool recursiveSearch = false) : It will provide all users of a AD group.”recursiveSearch” would be true if we want to search in group’s children groups also.
- IEnumerable GetGroupUsers(UserSearchCriteria search, bool recursiveSearch = false) : This function uses UserSearchCriteria for extended search on a particular AD group and will throw NullReferense exception if group name not provided.
Now if I want to find all users from Group “AppTeam” whose EmailId starts with “Rahul”, my UserSearchCriteria would be:
var manager = new ActiveDirectoryManager(); var searchCriteria = new UserSearchCriteria(){SearchValue = "Rahul",GroupName = "AppTeam",Parameter = SearchOn.Email,ExactMatch = false} var users = manager.GetGroupUsers(searchCriteria);
- IEnumerable GetUsers(UserSearchCriteria criteria) : It will find users irrespective of their group based on search criteria . Even if you will provide group name it will not be entertained.
To get all users with exact last name = “Garg” from whole accessed AD, UserSearchCriteria would be:
var manager = new ActiveDirectoryManager(); var searchCriteria = new UserSearchCriteria(){SearchValue = "garg",Parameter = SearchOn.SurName,ExactMatch = true} var users =manager.GetUsers(searchCriteria);
d) Group Methods:
- bool IsUserGroupMember(string userName, string groupName) : It identifies that user belong to AD group or not.
- IEnumerable GetUserGroupNames(string userName) :IEnumerable GetUserGroups(string userName) : It will return all groups name or groups principal belongs to user.
- IEnumerable GetUserAuthorizationGroupNames(string userName):IEnumerable GetUserAuthorizationGroups(string userName) : It provide all security group to which user is a member.
Do share the wisdom and motivate us to keep writing such online tutorials for free and do comment if anything is missing or wrong or you need any kind of help.