November Happy Hour will be moved to Thursday December 5th.

Active Directory properties

Vote:
 

I'm having some trouble accessing properties stored in AD. I'm able to both authenticate users, but not to retreive extra information such as company, firstname, lastname etc..

 Any idea on how to access the rest of the information stored in AD? 

 

-Espen

#25549
Oct 29, 2008 15:47
Vote:
 
Nevermind, I solved it:)
#25550
Oct 29, 2008 15:50
Vote:
 

To solve the issue i had to do the following:

 First: Get the DirectoryData object for the given user:

I found this code in another forum and modifiedit slightly.

string s = "sAMAccountName";
string filter = System.String.Format("(&({0}={1})(objectClass=user))", s, NormalizeUserName(userName));
return Factory.FindOne(filter, SearchScope.Subtree);

the string "sAMAccountName" has to be the same as provided in web.config ad-configuration under the attributeMapUsername element.

 The factory class can be retreived like this

ActiveDirectoryRoleProvider acrProvider = (ActiveDirectoryRoleProvider)Roles.Provider;
DirectoryDataFactory newfactory = acrProvider.DirectoryDataFactory;

Now we have the basics for fetching user-metadata from a given user.

When using this we also have to spesifiy to the DirectoryDataFactory what properties to load from ad.  This is done like this: Factory.AddPropertyToLoad(key); 

The key can be anything stored in AD (hopefully, I havent done extensive testing on this yet). By the way, be sure to spesify the properties to load before you get the DirectoryData object for the user. 

Now we're ready to get the value of the AD-property, like so:
string PropertyValue = data.GetFirstPropertyValue(key);

I used this to create a scheduled task that synchronizes the AD-userdata with the EPiServer profile data. Since I'm not sure what AD properties our customer wants to fetch, and what their ID's are I added some configuration parameters to Web.Config to read AD<->EPiServer mappings whenever the task is run. 

 Hope this helps for whoever struggles with ADSmile

-Espen

#25568
Oct 30, 2008 9:52
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.