How to Get Users From Active Directory Services

Using DirectoryServices, PrincipalContext, PrincipalSearcher, and DirectoryEntry

Before we start writing any code, open up Visual Studio Express. Any version 2012+ will work. Start a new console project and name it ‘ReadingFromAD’.

Start a new project in Visual Studio

Let’s get started

In order to read from Microsoft’s Active Directory we need to reference two DLLs: DirectoryServices and DirectoryServices.AccountManagement;

using System.DirectoryServices;
using System.DirectoryServices.AccountManagement;

This managed code provides us a set of Interfaces for access of the Active Directory Services. You can find the full reference here.

Let’s make use of the Directory Services Interface within our main method. For this example, to see what is being read, attach a debug break point at the end of the foreach loop and you can view what has been populated. It is important to note that your active directory may have more or less data entered than my example. Our PrincipalContext requires a domain, once we provide that, it is able to interface with our Active Directory services. Using the PrincipalSearcher Interface, we then pass the context of our domain in and can begin iterating over our Active Directory User accounts.

When we iterate over our Active Directory User account we have the ability to filter and narrow our results, but for the purposes of this discussion that has been left out. Understanding how to query Active Directory is a lesson in itself. For now we just need a foreach to iterate through the PrincipalSearcher instances results, we will then fill our ADUser class with the results on each pass.

public class Program
    public static void Main(string[] args)
        using (var context = new PrincipalContext(ContextType.Domain, "[YOUR-DOMAIN]"))
            using (var searcher = new PrincipalSearcher(new UserPrincipal(context)))
                foreach (var result in searcher.FindAll())
                    DirectoryEntry de = result.GetUnderlyingObject() as DirectoryEntry;
                    ADUser user = new ADUser();
                    user.firstName = de.Properties["givenName"].Value.ToString();
                    user.lastName = de.Properties["sn"].Value.ToString();
           = de.Properties["userPrincipalName"].Value.ToString();
                    user.status = int.Parse(de.Properties["userAccountControl"].Value.ToString());
                    user.title = de.Properties["title"].Value.ToString();
                    user.department = de.Properties["department"].Value.ToString();

I have found the amount of data within Active Directory to be highly dependent on the thoroughness of your System Administrator(s). This example is only utilizing 6 of the more common fields found in Active Directory. You can view the full Active Directory attributes list here.

For my ADUser class, I created a very simple class with some string and an int, nothing fancy here.

public class ADUser
    public string firstName { get; set; }
    public string lastName { get; set; }
    public string email { get; set; }
    public int status { get; set; }
    public string title { get; set; }
    public string department { get; set; }

That’s it for the code!

A Web Developer by trade, find me on Github
A motorcycle enthusiast at heart.
Most days I’d rather be in the woods anywhere.