Condividi tramite

How to get the sAMAccountName of a foreign security principal (C#)

Hi all,

The following sample shows a couple of ways to get the sAMAccountName of a foreign security principal in your Active Directory. Needless to say, the recommended approach is the one that uses .NET classes over the one that uses Adssecurity.dll:



 using System;

using System.DirectoryServices;


using System.Security.Principal;

namespace MySample


    class Program


        static void Main(string[] args)


            string sAMAccountName = "";

            // Get sAMAccountName with Adssecurity.dll. You will have to add to your project a reference to this COM dll

            sAMAccountName = GetSamAccountNameWithADSSECURITYLib("LDAP://CN=S-1-5-21-100066778-12312342-412341235-513,CN=ForeignSecurityPrincipals,DC=domain,DC=com");


            // Get sAMAccountName with .NET

            sAMAccountName = GetSamAccountNameWithDotNET("LDAP://CN=S-1-5-21-100066778-12312342-412341235-513,CN=ForeignSecurityPrincipals,DC=domain,DC=com");



        static string GetSamAccountNameWithADSSECURITYLib(string ldapPath)


            const int ADS_SID_RAW = 0;

            const int ADS_SID_SAM = 2;

            string sAMAccountName = "";



                DirectoryEntry user = new DirectoryEntry(ldapPath);

                // Get the SID                      

                object objectSid = user.InvokeGet("objectSid");

                // Resolve the SID into its sAMAcountName.     

                ADsSIDClass sid = new ADsSIDClass();

                sid.SetAs(ADS_SID_RAW, objectSid);

                sAMAccountName = sid.GetAs(ADS_SID_SAM).ToString();                                 


            catch (Exception ex)




            return sAMAccountName;


        static string GetSamAccountNameWithDotNET(string ldapPath)


            string sAMAccountName = "";



                DirectoryEntry user = new DirectoryEntry(ldapPath);

                // Get the SID                      

                object objectSid = user.InvokeGet("objectSid");

                // Resolve the SID into its sAMAcountName.     

                SecurityIdentifier sid = new SecurityIdentifier((byte[])objectSid, 0);

                NTAccount account = (NTAccount)sid.Translate(typeof(NTAccount));

                sAMAccountName = account.ToString();


            catch (Exception ex)




            return sAMAccountName;







I hope this helps.



Alex (Alejandro Campos Magencio)