Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > Access level needed to look up username

Reply
Thread Tools

Access level needed to look up username

 
 
sqlboy2000
Guest
Posts: n/a
 
      09-15-2005
Hi all,
I'm currently using the following call to look up a user's windows Full Name
from the domain controller:

Dim strFilter = "(&(sAMAccountname=" & strUser &
")(objectClass=user))"
Dim objEntry As New DirectoryEntry("LDAP://myDC", "user", "password")
Dim search As New DirectorySearcher(objEntry)
search.Filter = strFilter
Dim result As DirectoryEntry = search.FindOne.GetDirectoryEntry
Label1.Text = result.Properties("displayName").Value

This works fine, but my question is what are the minimum rights the user
account would need to look this value up? Do you need to be a domain admin to
access the user object and look up the Full Name?

I'm trying to set up an account with the least rights possible to lookup a
Full Name.

Thanks.
 
Reply With Quote
 
 
 
 
Joe Kaplan \(MVP - ADSI\)
Guest
Posts: n/a
 
      09-16-2005
This depends on the security settings on your AD, but in general a normal
domain user will be able to read displayName on most users.

I'd also recommend specifying AuthenticationTypes.Secure on your DE
constructor and suggest reading the displayName the SearchResult directly
rather than getting the DE via GetDirectoryEntry. It will be faster (fewer
round trips). You need to add "displayName" to PropertiesToLoad to have it
be in the SearchResult.

HTH,

Joe K.

"sqlboy2000" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hi all,
> I'm currently using the following call to look up a user's windows Full
> Name
> from the domain controller:
>
> Dim strFilter = "(&(sAMAccountname=" & strUser &
> ")(objectClass=user))"
> Dim objEntry As New DirectoryEntry("LDAP://myDC", "user",
> "password")
> Dim search As New DirectorySearcher(objEntry)
> search.Filter = strFilter
> Dim result As DirectoryEntry = search.FindOne.GetDirectoryEntry
> Label1.Text = result.Properties("displayName").Value
>
> This works fine, but my question is what are the minimum rights the user
> account would need to look this value up? Do you need to be a domain admin
> to
> access the user object and look up the Full Name?
>
> I'm trying to set up an account with the least rights possible to lookup a
> Full Name.
>
> Thanks.



 
Reply With Quote
 
 
 
 
sqlboy2000
Guest
Posts: n/a
 
      09-21-2005
Thanks for the info.

"Joe Kaplan (MVP - ADSI)" wrote:

> This depends on the security settings on your AD, but in general a normal
> domain user will be able to read displayName on most users.
>
> I'd also recommend specifying AuthenticationTypes.Secure on your DE
> constructor and suggest reading the displayName the SearchResult directly
> rather than getting the DE via GetDirectoryEntry. It will be faster (fewer
> round trips). You need to add "displayName" to PropertiesToLoad to have it
> be in the SearchResult.
>
> HTH,
>
> Joe K.
>
> "sqlboy2000" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> > Hi all,
> > I'm currently using the following call to look up a user's windows Full
> > Name
> > from the domain controller:
> >
> > Dim strFilter = "(&(sAMAccountname=" & strUser &
> > ")(objectClass=user))"
> > Dim objEntry As New DirectoryEntry("LDAP://myDC", "user",
> > "password")
> > Dim search As New DirectorySearcher(objEntry)
> > search.Filter = strFilter
> > Dim result As DirectoryEntry = search.FindOne.GetDirectoryEntry
> > Label1.Text = result.Properties("displayName").Value
> >
> > This works fine, but my question is what are the minimum rights the user
> > account would need to look this value up? Do you need to be a domain admin
> > to
> > access the user object and look up the Full Name?
> >
> > I'm trying to set up an account with the least rights possible to lookup a
> > Full Name.
> >
> > Thanks.

>
>
>

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
loginview control displays network username instead of (web) username Shailesh Patel ASP .Net Web Controls 0 11-08-2006 08:19 PM
c is a low-level language or neither low level nor high level language pabbu C Programming 8 11-07-2005 03:05 PM
Why do look-ahead and look-behind have to be fixed-width patterns? inhahe Python 3 01-28-2005 12:50 PM
Change the username found in "C:\Documents and Settings\Username" The Reluctant Robot Named Jude Computer Support 1 05-05-2004 07:11 AM
<tr> with a 1x1 image as a filler on a table with padding of 2 look thicker in netscape but they look ok in IE. Serial # 19781010 HTML 1 08-10-2003 09:05 PM



Advertisments