Skip to main content
I'm streaming on Twitch right now. You should stop by. Let's go!

Retrieving user properties from LDAP with VB.NET


As discussed in an earlier post, LDAP can be a wonderful tool for centrally storing user information and credentials. I've written about how to authenticate against the LDAP repository… but what if you're just looking for information?

The following code will contact the LDAP server and retrieve all properties for a specific user record, designated by the uid supplied on the command line:

VB.NET 3.5 Code:

Imports System.DirectoryServices

Module ldapTest  
    Sub Main()  
        ' pull uid to search for from command line  
        Dim uidToSearch As String = Command()  
        ' uid with sufficient access to "browse" directory  
        Dim uid As String = "uid=some_admin,ou=ExternalAdmins,dc=example,dc=com"  
        ' password for browser  
        Dim password As String = "AdminPasswordGoesHere"  
        ' build directory entry with browser's credentials  
        Dim root As DirectoryEntry = New DirectoryEntry( _  
            "LDAP://,dc=example,dc=com", uid, _  
            password, AuthenticationTypes.None)  
        ' build directory searcher for root entry  
        Dim searcher As DirectorySearcher = New DirectorySearcher(root)  
        ' filter down to requested uid  
        searcher.Filter = "(uid=" & uidToSearch & ")"

        ' iterate through found record's properties  
        For Each prop As DictionaryEntry In searcher.FindOne().Properties  
            Console.Write(prop.Key.ToString & " = ")

            ' iterate through property's values  
            For Each propVal In prop.Value  
                If TypeOf propVal Is Byte() Then  
                    ' convert byte arrays to strings (password hashes, etc.)  
                End If  
    End Sub  
End Module

With a little bit of work, this could easily be adapted to glean information about other Active Directory objects. The source may also prove useful in conjunction with the login script (linked-to above) for more comprehensive/interactive lookup scripts, etc.