Get Active Directory entry from SID

Sunday, November 11, 2007

In order to get the DirectoryEntry we need create an NTAccount object with the domain user account we can get and traslate it to a SecurityIdentifier:

    NTAccount account =
        new NTAccount(@"<Domain Name>\<User Account Name>");
    SecurityIdentifier sid =
        (SecurityIdentifier)account.Translate(
        typeof(SecurityIdentifier));

Once the SecurityIdentifier is get it we can get the DirectoryEntry as follow:

    const string SidSearchFormat = "LDAP://<SID={0}>";
    DirectoryEntry userEntry = new DirectoryEntry(
        string.Format(SidSearchFormat, sid.Value));

That is the better way to get an user account from the Active Directory because the binding to the data does not involve any search. It can be used for any kind of object in your AD.

6 Comments

If you have any Windows 2000 domain controllers in your domain, this code can throw a DirectoryServicesCOMException with the message "There is a naming violation".
Also, the Name and Path properties will not return the correct values. You'll need to use entry.Properties["cn"].Value and entries.Properties["distinguishedName"].Value to get the appropriate values.

Richard - Monday, November 12, 2007 8:41:18 AM

Thanks, really helpful.

Yasko - Wednesday, January 9, 2008 9:52:09 AM

It was very useful to me.
Thanks a lot

Jayasimha - Friday, March 21, 2008 10:52:04 PM

Thank you very much It really helped us a lot.

Rahul - Thursday, May 7, 2009 7:02:51 AM

This is very helpful. Thank you

NewToAD - Friday, August 21, 2009 12:09:01 AM

A very useful post. Thanks.

Ramesh. - Tuesday, October 27, 2009 4:17:02 PM

Comments have been disabled for this content.