SharePoint - Query Active Directory through Custom Application Page
This post describes how the Active Directory (AD) and SharePoint integration can be leveraged to retrieve AD data and use in a SharePoint site. There are many classes written for accessing AD data, but this article demonstrates how to bring those data in a SharePoint site.
It is a common business requirement where a SharePoint server administrator needs to check whether a site user exists in the AD. The main reason being, what I have seen, when our client had an audit process for their SharePoint sites. In some cases the user, who is a site owner, has either left the organization or due to some other reason, does not exist in the AD, but still is the owner of the site.
So we can remotely access the server and search the AD. Otherwise, we can create a SharePoint application page that, with proper rights of course, can access the server AD and query it for a particular user. The page will also show the details of the searched user.
In a nutshell, we will create a custom application page, where we can look up for a user in an AD group, and if he/she exists we can get information about the user (like email, whether the account is active or not etc.). Then we will open the page in a SharePoint site and do some query.
Once our created application page along with the proper assembly is deployed to the server, we can access the page through the link SPsiteURL
N.B. – This page is only accessible by site administrator. You have to access the site using administrator rights.
The page will look like this.
1. The drop down list will be populated with all the groups available in AD. It will show the distinguished name (LDAP property distinguishedName) of the group. The distinguished name consists of the common name (LDAP property CN) followed by parent group name, organizational unit name and domain name.
2. Provide the username / userID to search here.
3. User accessing the page should have admin rights.
4. After we start searching, first the user is searched, if he/she exists or not.
5. If the user exists, other details are displayed below.
a. Email comes with mailto link.
b. Account status is displayed either enabled / disabled.
We can search for user without even knowing correct name of the user, means we can perform partial search.
And here is screenshot for searching user with user logon / user ID