How to get domain\username (NT account) from a DirectoryEntry object of user?

From: Shan McArthur (shan_mcarthur@spamcop.net)
Date: 02/14/03 

From: "Shan McArthur" <shan_mcarthur@spamcop.net>
Date: Thu, 13 Feb 2003 19:25:37 -0600

Hello,

I have DirectoryEntry object for a user (using the LDAP provider and
distinguished name) and I need to get the NT username for this user in a
reliable way. For example, I need to resolve the DOMAIN\USERNAME string for
this user account. I can retrieve the username by reading the
sAMAccountName attribute, but this does not include the domain name. My
concern is that if my code is running on a member server, using just the
username with LogonUser() will result in failed authentication attempts
against the local security database. I know it will work if I add the
domain, but I do not know how to detect the domain based on the
DirectoryEntry handle on the user. I need this code to work in multiple
domains so I do not want to hard code a domain name. The code should work
in Mixed or Native active directory mode. It should also work if the active
directory DC container is named different than the NT domain name. Finally,
it needs to work on a member server as well as a domain controller.

I would prefer a native .NET way to do this. The only approach I know of is
to export a wrapper on top of activeds.dll and use the name translate COM
object. I want to avoid having to distribute a custom wrapper DLL with my
executable, as who-knows, microsoft may change the underlying activeds.dll
in a manner that will break the wrapper.

Any other ideas for how to reliably get the domain name out of active
directory?

Thanks,
Shan McArthur

Relevant Pages

  • Re: How to pass login credencials to DirectoryEntry object
    ... I am working with Active Directory using DirectoryServices libraries. ... When i create DirectoryEntry object, i pass username and password as ... If you don't specify credentials, then, the current user token will be used to access the directory. ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: How to fetch attributes of LDAP entry?
    ... > When you create the DirectoryEntry object you do so with a username ... This call doesn't attach to the AD with a bad username ... public bool IsAuthenticated(String domain, String username, String pwd) ... object but then it seems that he doesn't search for any authentication, ...
    (microsoft.public.dotnet.framework.aspnet)
  • How to pass login credencials to DirectoryEntry object
    ... I am working with Active Directory using DirectoryServices libraries. ... When i create DirectoryEntry object, i pass username and password as ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: How to add user to linux using php
    ... allow sudo for that wrapper by the web server user only. ... you could create a wrapper that only allows one ... alphanumeric argument for the username, ... Debian GNU/Linux Consultant ...
    (php.general)
  • Re: [PHP] Re: How to add user to linux using php
    ... For example, you could create a wrapper that only allows one alphanumeric argument for the username, and another for the password. ... POSIX merely defines what compliant operating systems must support. ... They can also be easily checked from your wrapper with sed, wc, grep, etc. - if your web server is compromised, you don't want to allow the person to execute a script that doesn't properly check it's input parameters. ...
    (php.general)