Querying user details from Active Directory
During a recent project, we had need for querying and working with Active Directory. Searching on net, gave lots of help, but most were around creating and managing users. Our need was simple - to get some user specific details from AD.
The trickest part of working with AD is the AD structure and what properties have been defined and hence available for querying. Without really knowing this, one can continue to grop in dark for long hours without much success.
Fortunately, there is a very handy free tool from Softerra called LDAPBrowser. Using this tool, you can get very useful insight into the AD structure that you want to work against and try your search queries to find the right syntax.
Once you download the tool, you need to do minimal configuration to work with it. Run the application and select "New Profile" from the File menu. Give a name of your liking for the profile and click Next. The figure below shows the screen where you need to configure the host information. The host name will be the name of your ad like for example test.com as shown in the figure below. If you aren't sure of what Base DN you want to work with, click the "Fetch DNs (only LDAP v.3)" button. As the name indicates this works only if your AD supports LDAP protocol version 3.
This will fetch a list and you can select one from that. Typically you may want to select something that looks like DC=test,DC=com as this the root path and all other objects in the AD will be inside of this. When working with AD, a few abbreviations are used and these are
CN - common name
DN - distinguished name
OU - organizational unit
DC - domain object class
Further to providing the host name and Base DN, you will then need to provide a user id and password using which you will query the AD. This will be a valid domain account. When accessing AD programmatically, you can always use the secure authentication mechanism to query AD without having to provide a user id and password.
With the profile created, you can navigate the AD structure and drill down to individual items. Checking their properties will show the PATH to that object which you can use to fine tune your queries. Usually queries will work with the root path as well, but if you can narrow your search by using a more detailed path, you will save time in obtaining query results. Needless to say that AD querying is highly optimized and in my minimal experimentation, i didn't find much difference between getting results using the root path or a more selective path.
Following code snippet shows how to query for a particular user
Similar code will work for both web or windows application. Once you have access to the User's directory entry, you can query a host of properties using the specific string name key. To find out these keys, the LDAPBrowser will come handy.
Hope this helps. Comments welcome.