How do I get samaccount name from directreports

Kurt Jensen 21 Reputation points
2022-10-05T06:06:25.943+00:00

I am able to get all the directreports from a user, but I am getting their full names (displayname).
I need their samaccount names - how can I get that.

Any help is appreciated.

I am using VB.net so it would be nice if code samples is in VB :-)

I have a routine that get the names a users directreports and puts them into a drop down list along with some cost information (which is irrelevant here).

Private Sub GetEmployees()  
        Dim srch As New DirectorySearcher(New DirectoryEntry())  
        Dim TmpStr As String = ""  
        'srch.Filter = "(displayname=" + Name + ")"  
        DdEmpl.Items.Clear()  
        DdEmpl.Items.Add(New ListItem("All", 0))  
        srch.Filter = "(samaccountname=" + Session("Bruger") + ")"  
        For Each result As SearchResult In srch.FindAll()  
            For Each key As DictionaryEntry In result.Properties  
                For Each keyVal In result.Properties(key.Key)  
                    Try  
                        'TmpStr = TmpStr & (key.Key + ": " + keyVal) & "<br>"  
                        Select Case key.Key  
                            Case "directreports"  
                                TmpStr = Replace(Strings.Left(keyVal, InStr(keyVal, ",") - 1), "CN=", "")  
                                'DdEmpl.Items.Add(Replace(Strings.Left(keyVal, InStr(keyVal, ",") - 1), "CN=", "")  
                                DdEmpl.Items.Add(New ListItem(TmpStr, CostInfo(UserName(TmpStr), False)))  
                                'DdEmpl.Items.Add(keyVal)  
                        End Select  
                    Catch ex As Exception  
                        'value of keyVal could not convert to string (probably byte array)  
                    End Try  
                Next  
            Next  
        Next  
    End Sub  

I also have a function that actually finds the samaccountname from the users fullname, but what if there are more than one user with the same name?

Private Function UserName(FullName As String) As String  
        Dim srch As New DirectorySearcher(New DirectoryEntry())  
        Dim TmpStr As String = "", RetVal As String = ""  
        'srch.Filter = "(displayname=" + Name + ")"  
        'DdEmpl.Items.Clear()  
        srch.Filter = "(cn=" + FullName + ")"  
        'For Each result As SearchResult In srch.FindOne()  
        Dim result As SearchResult = srch.FindOne()  
        For Each key As DictionaryEntry In result.Properties  
            For Each keyVal In result.Properties(key.Key)  
                Try  
                    TmpStr = TmpStr & (key.Key + ": " + keyVal) & "<br>"  
                    Select Case key.Key  
                        Case "samaccountname"  
                            RetVal = keyVal  
                            'DdEmpl.Items.Add(Replace(Strings.Left(keyVal, InStr(keyVal, ",") - 1), "CN=", ""))  
                            'DdEmpl.Items.Add(keyVal)  
                    End Select  
                Catch ex As Exception  
                    'value of keyVal could not convert to string (probably byte array)  
                End Try  
            Next  
        Next  
        'Next  
        'Response.Write(TmpStr)  
        Return RetVal  
    End Function  

That is why I would like to get the samaccountname along with (or instead of) their fullname

Thanks!

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,011 questions
{count} votes

Accepted answer
  1. Gary Reynolds 9,396 Reputation points
    2022-10-06T21:46:34.687+00:00

    Hi Kurt,

    The DirectReports attribute contains the distinguishedName (DN) of the direct reports. With your code is splitting the DN to get the Name or cn component of the DN. The cn can be the same as the user's displayname but not always but the cn will be unique in an OU but not necessarily unique in the domain, however the DN will always be unique.

    With the current query you are just returning the value of the directreports attribute, if you use a ASQ based query it can return the attributes of the DN entries, and can include the samaccountname or any other attribute from the single query.

    To explain, with your current query you are doing this:

    Search (cn=<fullname>) asking for directreports which returned the values in the attribute   
     CN=John Doe1,OU=Denmark,OU=Accounts,DC=MyDomain,DC=net  
     CN=John Doe2,OU=Denmark,OU=Accounts,DC=MyDomain,DC=net     
     CN=John Doe3,OU=Denmark,OU=Accounts,DC=MyDomain,DC=net  
     CN=John Doe4,OU=Denmark,OU=Accounts,DC=MyDomain,DC=net  
    

    With the ASQ query:
    Search (DN of user) ASQ based on directreport asked for samaccountname and displayname which will return

    CN=John Doe1,OU=Denmark,OU=Accounts,DC=MyDomain,DC=net; jdoe1; John Doe1  
    CN=John Doe2,OU=Denmark,OU=Accounts,DC=MyDomain,DC=net; jdoe2; John Doe2      
    CN=John Doe3,OU=Denmark,OU=Accounts,DC=MyDomain,DC=net, jdoe3; John Doe3  
    CN=John Doe4,OU=Denmark,OU=Accounts,DC=MyDomain,DC=net; jdoe4; John Doe4  
    

    The ASQ query is the most efficient method to return the attributes of user objects in the directreport attribute. So if you change your code to do something like this:

    Search (cn=<fullname>) attribute return distinguishedName
    Search (distinguishedName) ASQ Based on directreport, return samaccountname

    As example here are the output of each, returning the values in the directreports

    248270-image.png

    and with ASQ query based on the directreports attribute, asking for the samaccountname and displayname attributes.

    248239-image.png

    Gary.


3 additional answers

Sort by: Most helpful
  1. Gary Reynolds 9,396 Reputation points
    2022-10-06T10:29:08.233+00:00

    Hi,

    I'm not near my machine at the moment but have a look at AttributeScopeQuery property of the directorysearcher object, if you set the attribute to directreport it will return the attribute set without the need to perform a second query on the directreport members.

    https://learn.microsoft.com/en-us/dotnet/api/system.directoryservices.directorysearcher.attributescopequery?view=dotnet-plat-ext-6.0#system-directoryservices-directorysearcher-attributescopequery

    Also have a look at these posts which provides a bit more information on ASQ based queries

    https://nettools.net/asq/

    https://learn.microsoft.com/en-us/windows/win32/adsi/performing-an-attribute-scoped-query

    Gary.


  2. Kurt Jensen 21 Reputation points
    2022-10-06T11:45:40.13+00:00

    I have been doing a lot of searching and reading and as I can understand you cannot have the same CN repeated in the same OU so I might have a unique name after all.

    Is it correct that this is unique: "CN=John Doe,OU=Denmark,OU=Accounts,DC=MyDomain,DC=net"?

    B.r.
    Kurt

    0 comments No comments

  3. Limitless Technology 39,436 Reputation points
    2022-10-06T14:51:21.173+00:00

    Hi. Thank you for your question and reaching out.

    You can try to do the following to get the samaccount names:

    $Disabled = Get-ADUser -Filter * -Properties samaccountname,directreports,enabled | where {$.directreports -notlike $null -and $.enabled -eq $False} |select userprincipalname,samaccountname,enabled,directreports,distinguishedname

    You can also check https://techcommunity.microsoft.com/t5/windows-powershell/directreports/m-p/3032733

    ---------------------------------------------------------------------------------------------------------------------------------------------

    If the reply was helpful, please don’t forget to upvote or accept as answer, thank you.

    0 comments No comments