Home/ Questions/Q 3937268
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-20T00:02:57+00:00

I am trying to use the DirectorySearcher from .Net to query for disabled users.

  • 0

I am trying to use the DirectorySearcher from .Net to query for disabled users.

I am using a fairly fast list function very similar to the one posted here.
Enumerating Large Groups With Active Directory.

I have tried changing the filter to

(&(objectCategory=person)(userAccountControl:1.2.840.113556.1.4.803:=2))

I get no results. It seems that I cannot use the DirectorySearcher in this manor. Has anyone done anything like this. I just need basic info and would prefer a lightweight/fast query.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Using the System.DirectoryServices.AccountManagement namespace, introduced in .NET 3.5, things like that become a lot easier.

    Read all about it here: Managing Directory Security Principals in the .NET Framework 3.5

    You would first have to establish a context for your operations – AD LDS is explicitly supported:

    // create a context for an AD LDS store pointing to the 
// partition root using the credentials for a user in the AD LDS store 
// and SSL for encryption
PrincipalContext ldsContext = new PrincipalContext(
    ContextType.ApplicationDirectory, "sea-dc-02.fabrikam.com:50001", 
    "ou=ADAM Users,o=microsoft,c=us", 
    ContextOptions.SecureSocketLayer | ContextOptions.SimpleBind, 
    "CN=administrator,OU=ADAM Users,O=Microsoft,C=US ", "pass@1w0rd01");

    and then you’d create a PrincipalSearcher and define in a “query-by-example” style what you’re looking for:

    // create a principal object representation to describe
// what will be searched 
UserPrincipal user = new UserPrincipal(ldsContext);

// define the properties of the search (this can use wildcards)
user.Enabled = false;
user.Name = "user*";

// create a principal searcher for running a search operation
PrincipalSearcher pS = new PrincipalSearcher();

// assign the query filter property for the principal object you created
// you can also pass the user principal in the PrincipalSearcher constructor
pS.QueryFilter = user;

// run the query
PrincipalSearchResult<Principal> results = pS.FindAll();

Console.WriteLine("Disabled accounts starting with a name of 'user':");
foreach (Principal result in results)
{
    Console.WriteLine("name: {0}", result.Name);
}

    Pretty nifty, eh?? If you ever can – use the new S.DS.AM namespace!!

    • 0