Get Active Directory entry from SID

In order to get the DirectoryEntry we need create an NTAccount object with the domain user account we can get and traslate it to a SecurityIdentifier:

    NTAccount account =

        new NTAccount(@"<Domain Name>\<User Account Name>");

    SecurityIdentifier sid =

        (SecurityIdentifier)account.Translate(

        typeof(SecurityIdentifier));

Once the SecurityIdentifier is get it we can get the DirectoryEntry as follow:

    const string SidSearchFormat = "LDAP://<SID={0}>";

    DirectoryEntry userEntry = new DirectoryEntry(

        string.Format(SidSearchFormat, sid.Value));

That is the better way to get an user account from the Active Directory because the binding to the data does not involve any search. It can be used for any kind of object in your AD.

Published Sunday, November 11, 2007 8:33 PM by marianor
Filed under:

Comments

# re: Get Active Directory entry from SID

Monday, November 12, 2007 8:41 AM by Richard

If you have any Windows 2000 domain controllers in your domain, this code can throw a DirectoryServicesCOMException with the message "There is a naming violation".

Also, the Name and Path properties will not return the correct values. You'll need to use entry.Properties["cn"].Value and entries.Properties["distinguishedName"].Value to get the appropriate values.

# re: Get Active Directory entry from SID

Wednesday, January 09, 2008 9:52 AM by Yasko

Thanks, really helpful.

# re: Get Active Directory entry from SID

Friday, March 21, 2008 10:52 PM by Jayasimha

It was very useful to me.

Thanks a lot

# re: Get Active Directory entry from SID

Thursday, May 07, 2009 7:02 AM by Rahul

Thank you very much  It really helped us a lot.

# re: Get Active Directory entry from SID

Friday, August 21, 2009 12:09 AM by NewToAD

This is very helpful. Thank you

# re: Get Active Directory entry from SID

Tuesday, October 27, 2009 4:17 PM by Ramesh.

A very useful post. Thanks.

Leave a Comment

(required) 
(required) 
(optional)
(required)