Infosys Microsoft Alliance and Solutions blog

« BizTalk Server and WCF Integration | Main | ASP.NET Unit Testing issue on IIS with VS 2008 »

Querying user details from Active Directory

During a recent project, we had need for querying and working with Active Directory. Searching on net, gave lots of help, but most were around creating and managing users. Our need was simple - to get some user specific details from AD.

The trickest part of working with AD is the AD structure and what properties have been defined and hence available for querying. Without really knowing this, one can continue to grop in dark for long hours without much success.

Fortunately, there is a very handy free tool from Softerra called LDAPBrowser. Using this tool, you can get very useful insight into the AD structure that you want to work against and try your search queries to find the right syntax.

Once you download the tool, you need to do minimal configuration to work with it. Run the application and select "New Profile" from the File menu. Give a name of your liking for the profile and click Next. The figure below shows the screen where you need to configure the host information. The host name will be the name of your ad like for example as shown in the figure below. If you aren't sure of what Base DN you want to work with, click the "Fetch DNs (only LDAP v.3)" button. As the name indicates this works only if your AD supports LDAP protocol version 3.


This will fetch a list and you can select one from that. Typically you may want to select something that looks like DC=test,DC=com as this the root path and all other objects in the AD will be inside of this. When working with AD, a few abbreviations are used and these are

CN - common name
DN - distinguished name
OU - organizational unit
DC - domain object class

Further to providing the host name and Base DN, you will then need to provide a user id and password using which you will query the AD. This will be a valid domain account. When accessing AD programmatically, you can always use the secure authentication mechanism to query AD without having to provide a user id and password.

With the profile created, you can navigate the AD structure and drill down to individual items. Checking their properties will show the PATH to that object which you can use to fine tune your queries. Usually queries will work with the root path as well, but if you can narrow your search by using a more detailed path, you will save time in obtaining query results. Needless to say that AD querying is highly optimized and in my minimal experimentation, i didn't find much difference between getting results using the root path or a more selective path.

Following code snippet shows how to query for a particular user


Similar code will work for both web or windows application. Once you have access to the User's directory entry, you can query a host of properties using the specific string name key. To find out these keys, the LDAPBrowser will come handy.

Hope this helps. Comments welcome. 


Good article. I have also queried AD some time before using the code you have posted here.


I am using .Net3.5 and Asp.Net2008. I have created a web application and added a folder "App_Code" and a class file in "App_Code" folder. But I am not able to get the reference/intellisence for the class in any WebForm.aspx.cs file. Can anyone help?

Gyan, it should work. However note that

1. You may have to build your application once
2. The class in the App_Code folder is typically added inside of a namespace that matches your application name. So you will need to either add a using statement at the top or qualify your class name with the namespace name.

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

Please key in the two words you see in the box to validate your identity as an authentic user and reduce spam.

Subscribe to this blog's feed

Follow us on

Blogger Profiles

Infosys on Twitter