Back to Insights

Active Directory account management — made easy

Several years back I was creating a fairly large system and during a meeting (only hours before the first demo) a change request came down from upper management which required me to pull some info on specific users from Active Directory.  "Could this be done for the demo at lunch?" they asked, "Sure!" I said, wanting to impress the client and my new employer...

Now, I hadn't done any Active Directory development before, but  I was confident that there must be some kind of System.ActiveDirectory.ConvenientAPI which would allow me to write something like the following:

User user = ActiveDirectoryManager.GetUser("mschweitzer"); LabelEmail.Text - user.Email;

As it turns out, it wasn't quite that simple. For my specific problem space I ended up needing to learn a little bit of LDAP to query Active Directory using the DirectoryEntry and DirectorySearcher classes. All in all it was a bit of a pain and it took me three hours to get everything up and running — luckily just in time for the demo :) .

Ok, so looking back maybe it's not all that complicated and I shouldn't really be complaining. After all, the System.DirectoryServices namespace is certainly a powerful API, but when it comes to basic user management in Active Directory it seemed to be more complicated than it needed to be — you would think a higher level of abstraction could be provided for us lazy developers...

Well, as it turns out, someone at Microsoft agreed! On a recent project here at Habanero I had to add some user management for Active Directory and came across the System.DirectoryServices.AccountManagement namespace that came out with .NET 3.5. As you'll see below this API is certainly much easier to use! The following example pulls user objects out of Active Directory and writes their email to the console:

List users = null;

//The context (server or domain) in which to search for objects
PrincipalContext principalContext = new PrincipalContext(ContextType.Domain);

//Create an example user principal object to use as an example for the query
UserPrincipal userQuery = new UserPrincipal(principalContext);

// Set the properties that we are looking to match in AD, in this case we are looking for all
// enabled users.
userQuery.Enabled = true;

//Create a principal search using the filter
using (PrincipalSearcher searcher = new PrincipalSearcher())
    //set the query filter
    searcher.QueryFilter = userQuery;

    //get all of the users
    users = (from principal in searcher.FindAll()
    select principal as UserPrincipal).ToList();

    foreach (UserPrincipal user in users)

And it gets even easier! Once we have the UserPrincipal object we can manipulate it and save the changes to Active Directory with very little code. Updating some user properties:

userPrincipal.GivenName = "FirstName";
userPrincipal.Surname = "LastName";
userPrincipal.EmailAddress = "";

//Save Changes to AD

Deleting a user from Active Directory:


As you can see the API is fairly straightforward and makes account management in Active Directory a breeze!