I need to get a list of user accounts from Active Directory using C#. This should exclude "Service Accounts". I note from Windows2008R2 + there are now "Managed Service Accounts" which are quasi user accounts masquerading as machines which means they are service level accounts that can be managed at a domain level. Got it? Well I don't want them either. Just flesh and blood users.
So here's me code
I thought I'd cracked it when I found a property called servicePrincipalName - described in the MSDN as
Except that this multivalue propery is emtpy for IUSR and IWAM accounts etc.
Any takers?
I will take a powershell example.
TIA
Humbly
The slightly less awesome
Suity
So here's me code
Code:
using (DirectorySearcher ds = new DirectorySearcher(_directoryEntry, "(&(objectClass=user)(objectCategory=person))")) { try { ds.PageSize = 1000; /*core data*/ ds.PropertiesToLoad.Add("sAMAccountName"); ds.PropertiesToLoad.Add("mail"); ds.PropertiesToLoad.Add("objectSid"); ds.PropertiesToLoad.Add("servicePrincipalName");
Service principal names are associated with the security principal (user or groups) in whose security context the service executes. SPNs are used to support mutual authentication between a client application and a service
Any takers?
I will take a powershell example.
TIA
Humbly
The slightly less awesome
Suity
Comment