none
How to acquire netbios domain name from active directory through code? RRS feed

  • Question

  • Hi there,

    can you suggest me what method can I use to get the netbios domain name from objectSid through code  (C#)? I found the similar rule done through declarative rules on the Portal but I don't know how to translate that.

    Another thing.. can I acquire also the default UPN Suffix of AD from somewhere?

    Thanks in advance.

    Francesca

    Tuesday, July 17, 2012 10:44 PM

Answers

  • Examples for synchronization rules are simply string matching rules which are matching SID of account to some constant and are using IIF to select some constant string value as domain name. 

    If You want to take same approach in Your code extension you just need some configuration for your solution where you will store SID string values and then in Your code You will compare SID of a user to value from configuration to map it to Netbios name (also stored in configuration somewhere). This will mimic in the code same approach as most of synchronization rules examples is taking. 

    If You want to query AD directly from your code to get netbios domain name using SID and UPN you can do this through querying AD from rule extension code, however I would advise against that as:

    • This creates dependency for your code based on external data source (AD, OK - probably it will be available but ... )
    • Actually if it is not a very general solution which You would deliver for deployment on multiple customers approach with some configuration will be good enough from effort \result comparison.
    Wednesday, July 18, 2012 9:17 AM
  • Agreed with Tomasz re. external dependencies, although if you really want to do it in C#, an easy way is:

    var nt = (NTAccount) new SecurityIdentifier("S-1-5-Whatever").Translate(typeof(NTAccount));

    Now nt.Value will contain "NETBIOSNAME\sAMAccountname".  I'd suggest not doing this lookup for each account, but rather stripping off the RID from the SID and caching the domain-part-SID-to-name relationships.

    You can also get it from LDAP, but it is quite a bit more work (it involves several lookups).

    Wednesday, July 18, 2012 2:52 PM

All replies

  • Examples for synchronization rules are simply string matching rules which are matching SID of account to some constant and are using IIF to select some constant string value as domain name. 

    If You want to take same approach in Your code extension you just need some configuration for your solution where you will store SID string values and then in Your code You will compare SID of a user to value from configuration to map it to Netbios name (also stored in configuration somewhere). This will mimic in the code same approach as most of synchronization rules examples is taking. 

    If You want to query AD directly from your code to get netbios domain name using SID and UPN you can do this through querying AD from rule extension code, however I would advise against that as:

    • This creates dependency for your code based on external data source (AD, OK - probably it will be available but ... )
    • Actually if it is not a very general solution which You would deliver for deployment on multiple customers approach with some configuration will be good enough from effort \result comparison.
    Wednesday, July 18, 2012 9:17 AM
  • Agreed with Tomasz re. external dependencies, although if you really want to do it in C#, an easy way is:

    var nt = (NTAccount) new SecurityIdentifier("S-1-5-Whatever").Translate(typeof(NTAccount));

    Now nt.Value will contain "NETBIOSNAME\sAMAccountname".  I'd suggest not doing this lookup for each account, but rather stripping off the RID from the SID and caching the domain-part-SID-to-name relationships.

    You can also get it from LDAP, but it is quite a bit more work (it involves several lookups).

    Wednesday, July 18, 2012 2:52 PM