This article will explain how to use VB.NET to perform the most common manipulations on Active Directory (user listing, addition, modification).
I. Introduction
Interaction between VB.NET and Active Directory is becoming more and more common. Many companies and individuals seek
to use them to develop applications of all kinds.
This article will explain the main tasks you can do using VB.NET and Active Directory: list user information,
add user, modify user, etc.
II. Introduction to Active Directory
Before we start talking about coding, let's take a look at Active Directory, in order to understand what it is.
Active Directory is the Microsoft Windows 2000 directory service.
It is used to manage network resources: user data, printers, servers, database, groups, computers
and security policies.
Users do not have to worry about the physical structure of the network to access these resources.
Active Directory simplifies network administration by allowing access to all these resources from a single point
of administration. Other benefits are a flexible hierarchical structure and scalability that allows storage
of millions of resources.
To connect to the Active Directory, you must use the LDAP connection protocol (Lightweight Directory Access Protocol),
which is a network directory management protocol.
III. Active Directory and Visual Studio
Before you can use the objects needed to manipulate Active Directory, you need to add a reference in Visual Studio:
System.DirectoryServices.dll
Next, remember to add the reference in the using clauses, by doing:
Added the System.DirectoryServices namespace
Imports System.DirectoryServices
Once you've done that, you can move on to the actual coding part, and so start by logging into Active Directory.
IV. Connecting to Active Directory
Connecting to an Active Directory is very simple, arguably the easiest part of coding.
To connect to Active Directory, you must use the DirectoryEntry object.
The constructor of this object takes three character strings as parameters:
.the path to the Active Directory (also called AD): this path is of the form: LDAP://your-name-AD;
.the username for the connection (the user must be part of the AD);
.the corresponding password.
So you should have something like this:
Connect to the Active Directory
try
Dim Ldap As DirectoryEntry = new DirectoryEntry("LDAP://your-AD-name", "Login", "Password")
Catch Ex As Exception
MessageBox.Show(Ex.Message)
End try
If no errors are caught by the Catch clause, it means you have successfully connected to Active Directory.
You can therefore move on to the rest of the article, ie the listing of Active Directory users.
V. List of users
To list the users present in Active Directory, the principle is simple: we browse the AD and each time we encounter a user-type object, we display the desired information. That's the theory, now let's get to the practice!
To search AD, you must use the DirectorySearcher object.
Dim Ldap As DirectoryEntry = new DirectoryEntry("LDAP://your-AD-name", "Login", "Password")
Dim searcher As DirectorySearcher = New DirectorySearcher (Ldap)
Next, you need to specify a search filter, using the Filter property. In our case, we only want users, so we write:
Filtering on users
searcher.Filter = "(objectClass=user)"
The DirectorySearcher object has two main methods for searching:
FindOne(), which will return the first object matching the search criteria;
FindAll(), which returns all records matching the search criteria.
We want to list all users, so we will use the FindAll() method:
We loop to retrieve and display the desired information
Dim DirEntry As DirectoryEntry
For Each result As SearchResult In searcher.FindAll
// We retrieve the entry found during the search
DirEntry = result.GetDirectoryEntry
//We can now display the desired information
Console.WriteLine("Login: " + DirEntry.Properties("SAMAccountName").Value)
Console.WriteLine("Name: " + DirEntry.Properties("sn").Value)
Console.WriteLine("First Name: " + DirEntry.Properties("givenName").Value)
Console.WriteLine("Email: " + DirEntry.Properties("mail").Value)
Console.WriteLine("Tel: " + DirEntry.Properties("TelephoneNumber").Value)
Console.WriteLine("Description: " + DirEntry.Properties("description").Value)
Console.WriteLine("-------------------")
Next
This code allows you to access various information about each user contained in Active Directory.
I have only limited the display here to these values, but you can add others, such as the address,
the company, etc.
VI. Editing a user
Editing a user is as easy as viewing users. Indeed, to modify it, you just need to find it in Active Directory (what you saw in the previous chapter).
So you just need to change the value of the search filter, and use the FindOne() method, rather than FindAll(), since it is assumed that you only want to modify the information of one user.
So let's go back to our code:
Modify a user
// Connect to the directory
Dim Ldap As DirectoryEntry = new DirectoryEntry("LDAP://your-AD-name", "Login", "Password")
// New object to instantiate the search
Dim searcher As DirectorySearcher = New DirectorySearcher (Ldap))
// We modify the filter to only search for the user whose login name is TEST
searcher.Filter = "(SAMAccountName=TEST)"
// No foreach loop because we are only looking for a user
Dim result As SearchResult = searcher.FindOne()
// We retrieve the object found during the search
Dim DirEntry As DirectoryEntry = result.GetDirectoryEntry()
// We modify the description property of the user TEST
DirEntry.Properties("description").Value = "New description for TEST"
// And his phone number
DirEntry.Properties("TelephoneNumber").Value = "0123456789"
// Send changes to Active Directory
DirEntry.CommitChanges()
Code explanations:
We start by connecting to the LDAP directory. Then, we use a DirectorySearcher object on which we apply
the appropriate filter: we only want the user whose login is TEST, therefore whose SAMAccountName=TEST.
Then start the search.
Once you have found the first matching object, you retrieve it, then you can modify its attribute(s).
Finally, the call to CommitChanges() sends the changes to the Active Directory server.
VII. Adding a user
To add a user, it's a bit the same principle:
.connection to Active Directory;
.creation of a new object;
.set object properties;
.sending changes to the server.
So let's see what this looks like in terms of code:
Add user
// Connect to the directory
Dim Ldap As DirectoryEntry = new DirectoryEntry("LDAP://your-AD-name", "Login", "Password")
// Create the user Test User and initialize its properties
Dim user As DirectoryEntry = Ldap.Children.Add("cn=Test User", "user")
user.Properties("SAMAccountName").Add("testuser")
user.Properties("sn").Add("User")
user.Properties("givenName").Add("Test")
user.Properties("description").Add("Test account created by code")
// We send the modifications to the server
user.CommitChanges()
// We are now going to define his password. The user must have been created
// and saved before you can do this step
user. Invoke("SetPassword", new object () {"password"})
// We will now activate the account: ADS_UF_NORMAL_ACCOUNT
user.Properties["userAccountControl"].Value = 0x0200
// We send the modifications to the server
user.CommitChanges()
Code explanations:
Here we connect to the Active Directory, then we indicate that we are going to add a child node by means of Children.Add, which takes as a parameter:
.the name of the new entry;
.the schema (type) of the new entry. In our case, it is a user, so user in English.
Then, we define the properties of the user, using the Add method: his login name (SAMAccountName), his name, his first name and his description.
Once done, we call CommitChanges(), in order to send the changes (in our case, an addition) back to the server.
Then, we use the Invoke method, to set the user's password. Before we can use this method, we need to make sure the user exists in AD, hence the previous call to CommitChanges().
Finally, we define the type of account we want, using the userAccountControl property: we want a simple account, so we must use the appropriate constant.
Here is the list of constants:
Value Effect
const long ADS_UF_SCRIPT = 0x0001; The startup script will be executed
const long ADS_UF_ACCOUNTDISABLE = 0x0002; Disable Account
const long ADS_UF_HOMEDIR_REQUIRED = 0x0008; Requires root directory
const long ADS_UF_LOCKOUT = 0x0010; Account is locked
const long ADS_UF_PASSWD_NOTREQD = 0x0020; No password needed
const long ADS_UF_PASSWD_CANT_CHANGE = 0x0040; User cannot change password
const long ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED = 0x0080; PDM encryption allowed
const long ADS_UF_TEMP_DUPLICATE_ACCOUNT = 0x0100; Local user account
const long ADS_UF_NORMAL_ACCOUNT = 0x0200; Classic account
You can find this list (along with examples) here:
Finally, a last call to CommitChanges() sends the latest changes/additions made to the user to the server.
That's it, you have successfully created the user Test User whose login name is testuser and whose
properties are those you defined above.
VIII. Conclusion
Here, we have seen, throughout this article, the main operations that you may need to perform if you use
Active Directory in conjunction with VB.NET.
Of course, this article is not exhaustive: other operations can be carried out, both on groups and on users,
but I have contented myself with going to the essentials and to what could concern the greatest number
of developers: why not a sequel in a future article…
In the meantime, I hope you enjoyed reading this one and I say to you:
EN 
Español - ES 
Français - FR 
