Search code examples
asp.netactive-directoryldapdirectoryservicesdirectorysearcher

How to find a list of users in a specific department using LDAP

How do I get a list of all the users in a specific department using DirectorySearcher and Filter/PropertiesToLoad?

I know how to filter using a username and get the department name for a user, but I do not know how to specify a department and get a list of staff who are part of the department.

Any assistance appreciated!

e.g.

var search = new DirectorySearcher(new DirectoryEntry("LDAP://DC=au,DC=company,DC=com"));
search.Filter = "(sAMAccountName=" + userID + ")"; // put the identity name here
search.PropertiesToLoad.Add("cn");
search.PropertiesToLoad.Add("department");
var res = search.FindOne();
Solution

  • If you want to use the old-style DirectorySearcher, then the trick is to bind to the OU that you want to list the users for, e.g. your deparment:

    var searchRoot = new DirectoryEntry("LDAP://OU=YourDepartment,DC=au,DC=company,DC=com");
var search = new DirectorySearcher(searchRoot);

    and then do a 

    search.FindAll();

    and iterate over the results.

    The other option would be to use the newer System.DirectoryServices.AccountManagement namespace and use it's strongly-typed, easy-to-use classes such as the PrincipalSearcher and a "query-by-example" principal to do your searching:

    // create your domain context and define a "starting" container where to search in
using (PrincipalContext ctx = new PrincipalContext(ContextType.Domain, "YOURDOMAIN", "OU=YourDepartment,DC=au,DC=company,DC=com"))
{
   // define a "query-by-example" principal - here, we search for a UserPrincipal 
   // and with the first name (GivenName) of "Bruce" and a last name (Surname) of "Miller"
   UserPrincipal qbeUser = new UserPrincipal(ctx);
   qbeUser.GivenName = "Bruce";
   qbeUser.Surname = "Miller";

   // create your principal searcher passing in the QBE principal    
   PrincipalSearcher srch = new PrincipalSearcher(qbeUser);

   // find all matches
   foreach(var found in srch.FindAll())
   {
       // do whatever here - "found" is of type "Principal" - it could be user, group, computer.....          
   }
}

    If you haven't already - absolutely read the MSDN article Managing Directory Security Principals in the .NET Framework 3.5 which shows nicely how to make the best use of the new features in System.DirectoryServices.AccountManagement. Or see the MSDN documentation on the System.DirectoryServices.AccountManagement namespace.

    Of course, depending on your need, you might want to specify other properties on that "query-by-example" user principal you create:

    • DisplayName (typically: first name + space + last name)
    • SAM Account Name - your Windows/AD account name
    • User Principal Name - your "username@yourcompany.com" style name

    You can specify any of the properties on the UserPrincipal and use those as "query-by-example" for your PrincipalSearcher.

    Update: to get the members of a group, use this code:

    // set up domain context
using (PrincipalContext ctx = new PrincipalContext(ContextType.Domain))
{
    // find the group in question
    GroupPrincipal group = GroupPrincipal.FindByIdentity(ctx, "YourGroupNameHere");

    // if found....
    if (group != null)
    {
       // iterate over members
       foreach (Principal p in group.GetMembers())
       {
           Console.WriteLine("{0}: {1}", p.StructuralObjectClass, p.DisplayName);
           // do whatever you need to do to those members
       }
    }
}