Re: How to get domain\username (NT account) from a DirectoryEntry object of user?
From: Joe Kaplan (ilearnedthisthehardway@noway.com)
Date: 02/14/03
- Next message: Alek Davis: "Re: Database Security - Where to store?"
- Previous message: RP: "x509 cert not being submitted"
- In reply to: Shan McArthur: "How to get domain\username (NT account) from a DirectoryEntry object of user?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Joe Kaplan" <ilearnedthisthehardway@noway.com> Date: Fri, 14 Feb 2003 10:54:48 -0600
There are two ways you could do this:
Call LogonUser with the the userPrincipalName of the user (easily available
from the DirectoryEntry object) and no domain; or
You can find the NETBIOS domain name of the domain the user is in by
searching the configuration container (which you can get from rootDSE) and
finding the crossref object:
Base: cn=partitions,cn=configuration,dc=domain....
Search Filter: (&(objectcategory=crossref)(nCname=dc=domain....))
Return the following attribute: nETBIOSName
That is the non-hardcoded way to do that. You could improve performance by
caching this value for a given domain so you wouldn't need to repeat the
search multiple times.
Good luck. microsoft.public.adsi.general is a good place for questions on
System.DirectoryServices stuff as well as ADSI.
Cheers,
Joe K.
"Shan McArthur" <shan_mcarthur@spamcop.net> wrote in message
news:e7Nzsf80CHA.2648@TK2MSFTNGP11...
> Hello,
>
> I have DirectoryEntry object for a user (using the LDAP provider and
> distinguished name) and I need to get the NT username for this user in a
> reliable way. For example, I need to resolve the DOMAIN\USERNAME string
for
> this user account. I can retrieve the username by reading the
> sAMAccountName attribute, but this does not include the domain name. My
> concern is that if my code is running on a member server, using just the
> username with LogonUser() will result in failed authentication attempts
> against the local security database. I know it will work if I add the
> domain, but I do not know how to detect the domain based on the
> DirectoryEntry handle on the user. I need this code to work in multiple
> domains so I do not want to hard code a domain name. The code should work
> in Mixed or Native active directory mode. It should also work if the
active
> directory DC container is named different than the NT domain name.
Finally,
> it needs to work on a member server as well as a domain controller.
>
> I would prefer a native .NET way to do this. The only approach I know of
is
> to export a wrapper on top of activeds.dll and use the name translate COM
> object. I want to avoid having to distribute a custom wrapper DLL with my
> executable, as who-knows, microsoft may change the underlying activeds.dll
> in a manner that will break the wrapper.
>
> Any other ideas for how to reliably get the domain name out of active
> directory?
>
> Thanks,
> Shan McArthur
>
>
- Next message: Alek Davis: "Re: Database Security - Where to store?"
- Previous message: RP: "x509 cert not being submitted"
- In reply to: Shan McArthur: "How to get domain\username (NT account) from a DirectoryEntry object of user?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
