How to get the sAMAccountName of a foreign security principal (C#)

  • Article

Hi all,

The following sample shows a couple of ways to get the sAMAccountName of a foreign security principal in your Active Directory. Needless to say, the recommended approach is the one that uses .NET classes over the one that uses Adssecurity.dll:

 

 

 using System;

using System.DirectoryServices;

using ADSSECURITYLib;

using System.Security.Principal;



namespace MySample

{

    class Program

    {

        static void Main(string[] args)

        {

            string sAMAccountName = "";



            // Get sAMAccountName with Adssecurity.dll. You will have to add to your project a reference to this COM dll

            sAMAccountName = GetSamAccountNameWithADSSECURITYLib("LDAP://CN=S-1-5-21-100066778-12312342-412341235-513,CN=ForeignSecurityPrincipals,DC=domain,DC=com");

            Console.WriteLine(sAMAccountName);



            // Get sAMAccountName with .NET

            sAMAccountName = GetSamAccountNameWithDotNET("LDAP://CN=S-1-5-21-100066778-12312342-412341235-513,CN=ForeignSecurityPrincipals,DC=domain,DC=com");

            Console.WriteLine(sAMAccountName);

        }



        static string GetSamAccountNameWithADSSECURITYLib(string ldapPath)

        {

            const int ADS_SID_RAW = 0;

            const int ADS_SID_SAM = 2;



            string sAMAccountName = "";



            try

            {

                DirectoryEntry user = new DirectoryEntry(ldapPath);



                // Get the SID                      

                object objectSid = user.InvokeGet("objectSid");



                // Resolve the SID into its sAMAcountName.     

                ADsSIDClass sid = new ADsSIDClass();

                sid.SetAs(ADS_SID_RAW, objectSid);

                sAMAccountName = sid.GetAs(ADS_SID_SAM).ToString();                                 

            }

            catch (Exception ex)

            {

                Console.WriteLine(ex.Message);                    

            }



            return sAMAccountName;

        }



        static string GetSamAccountNameWithDotNET(string ldapPath)

        {

            string sAMAccountName = "";



            try

            {

                DirectoryEntry user = new DirectoryEntry(ldapPath);



                // Get the SID                      

                object objectSid = user.InvokeGet("objectSid");



                // Resolve the SID into its sAMAcountName.     

                SecurityIdentifier sid = new SecurityIdentifier((byte[])objectSid, 0);

                NTAccount account = (NTAccount)sid.Translate(typeof(NTAccount));

                sAMAccountName = account.ToString();

            }

            catch (Exception ex)

            {

                Console.WriteLine(ex.Message);

            }



            return sAMAccountName;

        }



    }

}

 

 

 

I hope this helps.

Regards,

 

Alex (Alejandro Campos Magencio)