0
votes

My current C program authenticates across multiple active directory domains using sAMAccountName/domain. It uses a config file to map the domain to the correct VIP (Virtual IP) server to bind and query to. I am modifying it to use userPrincipalName, which is an email address. The domain portion of the userPrincipalName is not necessarily the same domain that maps to the VIP servers.

Using my account, I am able to bind to any one of the VIP servers, but since I am not necessarily an Active Directory member on that server, I am unable to query. Right now, I have to iterate through each server until I find the one which I am a member of. This is not my ideal approach.

My question is, is there a way to retrieve what Active Directory domain I am a member of using just the userPrincipalName? I have read that there may be a way to achieve this by accessing the Global Catalog. Is this the correct approach, and if so how is this done using OpenLDAP LDAP api? If this isn't the correct approach, is there a way to query the first VIP server I'm bound to to ask what my Active Directory domain is?

Any help would be appreciated.

1

1 Answers

0
votes

you can use system.secutiry principal and name will be returned in domain\usename format the first bit being domain , you dont need to go to AD

mystring= System.Security.Principal.WindowsIdentity.GetCurrent().Name;