Sysadmins LV
Vadims Podāns
Vadims Podāns
Microsoft Most Valuable Professional: Windows PowerShell
Protected by Copyscape DMCA Takedown Notice Search Tool

Retired Microsoft Blog disclaimer

This directory is a mirror of retired "Decrypt My World" MSDN blog and is provided as is. All posting authorship and copyrights belong to respective authors.

How to get the sAMAccountName of a foreign security principal (C#)

Original URL: https://blogs.msdn.microsoft.com/alejacma/2011/01/11/how-to-get-the-samaccountname-of-a-foreign-security-principal-c/
Post name: How to get the sAMAccountName of a foreign security principal (C#)
Original author: Alejandro Campos Magencio
Posting date: 2011-01-11T02:33:17+00:00

Hi all,

The following sample shows a couple of ways to get the sAMAccountName of a foreign security principal in your Active Directory. Needless to say, the recommended approach is the one that uses .NET classes over the one that usesAdssecurity.dll:

using System;
using System.DirectoryServices;
using ADSSECURITYLib;
using System.Security.Principal;

namespace MySample
{
    class Program
    {
        static void Main(string[] args)
        {
            string sAMAccountName = "";

            // Get sAMAccountName with Adssecurity.dll. You will have to add to your project a reference to this COM dll
            sAMAccountName = GetSamAccountNameWithADSSECURITYLib("LDAP://CN=S-1-5-21-100066778-12312342-412341235-513,CN=ForeignSecurityPrincipals,DC=domain,DC=com");
            Console.WriteLine(sAMAccountName);

            // Get sAMAccountName with .NET
            sAMAccountName = GetSamAccountNameWithDotNET("LDAP://CN=S-1-5-21-100066778-12312342-412341235-513,CN=ForeignSecurityPrincipals,DC=domain,DC=com");
            Console.WriteLine(sAMAccountName);
        }

        static string GetSamAccountNameWithADSSECURITYLib(string ldapPath)
        {
            const int ADS_SID_RAW = 0;
            const int ADS_SID_SAM = 2;

            string sAMAccountName = "";

            try
            {
                DirectoryEntry user = new DirectoryEntry(ldapPath);

                // Get the SID                      
                object objectSid = user.InvokeGet("objectSid");

                // Resolve the SID into its sAMAcountName.     
                ADsSIDClass sid = new ADsSIDClass();
                sid.SetAs(ADS_SID_RAW, objectSid);
                sAMAccountName = sid.GetAs(ADS_SID_SAM).ToString();                                 
            }
            catch (Exception ex)
            {
                Console.WriteLine(ex.Message);                    
            }

            return sAMAccountName;
        }

        static string GetSamAccountNameWithDotNET(string ldapPath)
        {
            string sAMAccountName = "";

            try
            {
                DirectoryEntry user = new DirectoryEntry(ldapPath);

                // Get the SID                      
                object objectSid = user.InvokeGet("objectSid");

                // Resolve the SID into its sAMAcountName.     
                SecurityIdentifier sid = new SecurityIdentifier((byte[])objectSid, 0);
                NTAccount account = (NTAccount)sid.Translate(typeof(NTAccount));
                sAMAccountName = account.ToString();
            }
            catch (Exception ex)
            {
                Console.WriteLine(ex.Message);
            }

            return sAMAccountName;
        }

    }
}

I hope this helps.

Regards,

Alex (Alejandro Campos Magencio)

Share this article:

Comments:

Comments are closed.