Home/ Questions/Q 6684983
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-26T05:00:15+00:00

I’m trying to run an LDAP query which will return all users which belong

  • 0

I’m trying to run an LDAP query which will return all users which belong to the organisational units OU=Employees and OU=FormerEmployees and I am not getting anywhere.

I tried searching using the distinguishedName but that doesn’t appear to support wildcards. I know there has to be an easier way but my searching effort hasn’t yielded any results

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    If you’re on .NET 3.5 and newer, you can use a PrincipalSearcher and a “query-by-example” principal to do your searching:

    // create your domain context and define what container to search in - here OU=Employees
PrincipalContext ctx = new PrincipalContext(ContextType.Domain, "YOURDOMAIN", "OU=Employees,DC=YourCompany,DC=com");

// define a "query-by-example" principal - here, we search for a UserPrincipal 
// that is still active
UserPrincipal qbeUser = new UserPrincipal(ctx);
qbeUser.Enabled = true;

// create your principal searcher passing in the QBE principal    
PrincipalSearcher srch = new PrincipalSearcher(qbeUser);

// find all matches
foreach(var found in srch.FindAll())
{
    // do whatever here - "found" is of type "Principal" - it could be user, group, computer.....          
}

    If you haven’t already – absolutely read the MSDN article Managing Directory Security Principals in the .NET Framework 3.5 which shows nicely how to make the best use of the new features in System.DirectoryServices.AccountManagement

    If you prefer the “old” .NET 2.0 style, you would need to create a base DirectoryEntry that corresponds to your OU you want to enumerate objects in, and then you need to create a DirectorySearcher that searches for objects – something like this:

    // create your "base" - the OU "FormerEmployees"
DirectoryEntry formerEmployeeOU = new DirectoryEntry("LDAP://OU=FormerEmployees,DC=YourCompany,DC=com");

// create a searcher to find objects inside this container
DirectorySearcher feSearcher = new DirectorySearcher(formerEmployeeOU);

// define a standard LDAP filter for what you search for - here "users"    
feSearcher.Filter = "(objectCategory=user)";

// define the properties you want to have returned by the searcher
feSearcher.PropertiesToLoad.Add("distinguishedName");
feSearcher.PropertiesToLoad.Add("sn");
feSearcher.PropertiesToLoad.Add("givenName");
feSearcher.PropertiesToLoad.Add("mail");

// search and iterate over results
foreach (SearchResult sr in feSearcher.FindAll())
{
    // for each property, you need to check where it's present in sr.Properties
    if (sr.Properties["description"] != null && sr.Properties["description"].Count > 0)
    {
       string description = sr.Properties["description"][0].ToString();
    }
}
    • 0