Question : Verify user exists in AD using LDAP

Hi,

Is there a way to verify that an user exists in the AD?

The scenario is that, I have to add a network/domain user to my application and provide application level rights. For this I am storing the network ID of the user and their corresponding functions available in my application.

While I am able to authorize the user for logging in into my application with user id and password, I am not able to verify if the user being added to the application is an authentic network/domain user. The issue is when the admin is trying to add the user to the application and configure their functions.

All search ends with providing user id and password. This is not a solution for me since the admin user will not be knowing the password of the user while adding to the application.

Answer : Verify user exists in AD using LDAP

Huh.... finally i made it work after a long battle....

Thanks for everyone for sparing some time and effort into my question.

The following is the steps to make LDAP working... (a disclaimer here is that I am not sure if there are any other AD implementations where this solution might not work)

1) Prepare/build your LDAP statement to be like below.
LDAP://<domainname>/DC=<partoneofdomainname>,DC=<parttwoofdomainname>

Note: What is this partXofdomainname? Well, each domain name is made of multiple parts (exact technical term is not known to me). Each part is seperated by a period (.), and you would have to provide all the parts seperated by commas and assigned to "DC".

2) Create a DirectoryEntry object with the built path.

3) Create a DirectorySearcher object and then assign the SearchRoot of the object to the DirectoryEntry object.
Note: for some reason if i pass the DirectoryEntry object as a parameter to the constructor of the DirectorySearcher it does not work.

4) Add a filter to the DirectorySearcher object for the string "(&(objectClass=user) (cn=" + UserName + "))" ... and the UserName is the id of the user you need to validate at the end of the string.

5) Add another filter to the DirectorySearcher object for the sAMAccountName as "(sAMAccountName=" + UserName + ")".

6) Then create a SearchResultCollection object and assign the result of the FindAll or FindOne method result of the DirectorySearcher object.
Ex:
DirectoryEntry DE = new DirectoryEntry();
DirectorySearcher DS = new DirectorySearcher();
DS.SearchRoot = DE;
DS.Filter = "(&(objectClass=user) (cn=" + UserName + "))";
DS.Filter = "(sAMAccountName=" + UserName + ")";

SearchCollection searchResult = DE.FindOne(); //Can also use DE.FindAll();

7) If you just need to ensure the user exists, then check the count of searchResult.

8) Else you would have to add additional statements to handle the PropertiesToLoad method of the DirectorySearcher object.

Thats all... you are done....... :)

Random Solutions

Not able to connect SMB to Tiger Server

C# asp.net - Set object visibility based on browser type

How to configure VRRP

Sharepoint Webpart page load event issue

isa 2004 and iis7

Integrating MAC OS server and Windows Active Directory

code for an application which can read a portion of the screen and writes it on another portion of the screen.

cisco 2650 memory expansion options

ORA-06502 error when calling stored procedure from Visual Basic 6

Need help with 'System.Web.UI.ScriptManager is not defined error