I want to search for users in an Active Directory environment with GC://DC=xxx,DC=yyy,DC=zzz format. But how can I programmatically find the global catalogs in an arbitary Active Directory environment? Does each domain name correspond to a global catalog always? Any alternative means I can try?
Note: The Forest.FindAllGlobalCatalogs() returns a list of server names but I'm actually not able to search using them.
Edit1: Here's what I want to do : Suppose my activedirectory has a domain called domain1.root.com, then I will use GC://DC=domain1,DC=root,DC=com to search for a user. But is this always a Global catalog? Must every domain have a global catalog?
Edit2: I am now able to search for users using the following code:
var currentForest = Forest.GetCurrentForest();
var globalCatalog = currentForest.FindGlobalCatalog();
Console.WriteLine(globalCatalog.Name);
//DirectorySearcher searcher = new DirectorySearcher("GC://"+y.Name);
DirectorySearcher searcher = globalCatalog.GetDirectorySearcher();
searcher.Filter = @"samaccountname=skaranth";
Console.WriteLine(searcher.SearchRoot.Path);
var result = searcher.FindOne();
if(result!=null)
Console.WriteLine(result.Properties["distinguishedname"][0]);
searcher.Dispose();
globalCatalog.Dispose();
currentForest.Dispose();
What exactly do you want to achieve with this??
The Global Catalog is a special subset of attributes that are stored on certain domain controllers. While each domain controller has a full set of attributes and object for that one domain, the Global Catalog contains data from all of the domains in the AD forest.
So the GC really only comes into play when you need to find things across multiple domains. If you have just a single domain, the GC won't really help you at all.
Forest.FindAllGlobalCatalogs() will indeed give you the list of all domain controller servers that contain a global catalog data set. So why can't you use those to search?? Can you show us what you've tried so far??
The Global Catalog is just that - global - e.g. you shouldn't have any reason at all to want to specify a specific server..... the servers should all have the same set of data anyway.
So again: why do you feel the need to find a server with a global catalog, and what do you want to do with that information once you have it? Why do you feel the need to specify a server when doing a global catalog search??
Usingng that search string format Active Directory will handle finding a GC server for you when you submit your query. It'll do lookups based on that AD site structure, find the closest GC server and use that server to query against.
Edit:
In answer to your edit, using the GC:// prefix indicates that you are interested in doing a Global Catalog search so it will always use a global catalog server, so yes to your question about it always being a Global Catalog. It's when you prefix your search string with LDAP:// that you'll hit a domain controller and will have to deal with non-global attributes. No need to figure out a specific server, AD will do that for you.
Here's a search string that will get you a user by their user principal name, return the userPrincipalName, cn, and distinguisedName attribute values (if any), and do a subtree search starting at the root of the domain:
GC://domain1.root.com;(&(objectClass=user)(objectCategory=Person)(userPrincipalName=myuser));userPrincipalName,cn,distinguishedName;subtree
Keep in mind that you'll then have to do an LDAP:// search to get the attributes that are not stored in the Global Catalog, binding to the path value of the distinguishedName returned by the GC search.
