All geek questions in one place

UserPrincipal GetUnderlyingObject: No Properties

I am trying to load the physicalDeliveryOfficeName attribute from the DirectoryEntry returned by the GetUnderlyingObject method as a UserPrincipal for example:

 DirectoryEntry directoryEntry = principal.GetUnderlyingObject() as DirectoryEntry;

This means that the following statement returns false:

 directoryEntry.Properties.Contains("physicalDeliveryOfficeName");

I know that this property can be loaded by adding a name to StringCollection DirectorySearcher.PropertiesToLoad when using the specified DirectorySearcher .

My questions are: why does the DirectoryEntry returned by the GetUnderlyingObject method contain all the properties? And how can I load this property without using DirectorySearcher ?

+4
source share
2 answers

Accessing all fields for DirectoryEntry is a potentially slow and heavy operation. Some fields cannot be replicated for all domain controllers; therefore, access to the remote and slow access to the global catalog server (GC) may be required to obtain values.

Once you have a DirectoryEntry in hand and you want to get a specific value, you can call the RefreshCache method, passing it the names of the properties you need.

+6
source

Using RefreshCache :

  UserPrincipal up = ... using (DirectoryEntry de = up.GetUnderlyingObject() as DirectoryEntry) { foreach (var name in de.Properties.PropertyNames) { Console.WriteLine(name); } Console.WriteLine(); // The canonicalName attribute is operational (also called constructed). // Active Directory does not actually save the value, but calculates it on demand. This is probably the issue. In ADSI we use the GetInfoEx de.RefreshCache(new string[] { "canonicalName" }); var canonicalName = de.Properties["canonicalName"].Value as string; }

PropertyNames :

 objectClass cn sn givenName distinguishedName instanceType whenCreated whenChanged displayName uSNCreated memberOf uSNChanged nTSecurityDescriptor name objectGUID userAccountControl badPwdCount codePage countryCode badPasswordTime lastLogoff lastLogon pwdLastSet primaryGroupID objectSid accountExpires logonCount sAMAccountName sAMAccountType userPrincipalName objectCategory dSCorePropagationData lastLogonTimestamp

the canonicalName property is missing.

0
source

Source: https://habr.com/ru/post/1397891/

More articles:


All Articles