I know that I can get the fully qualified domain name by using the windows NT network domain. I'd like to do the reverse: Ex: User.Identity.Name = "slaterock\fflintstone"; Active Directory returns fully qualified domain name of slaterock.bedrock.us.com. I would like to be able to get the domain portion of User.Identity.Name by querying Active Directory (LDAP) by that user. I would be using the user's email address: (&(objectClass=user)(objectCategory=Person)([email protected]))
I have no trouble returning the AD attributes, but I cannot figure out an absolute link between the attributes I have and the domain name returned in User.Identity.Name. I see parts of it in the domain components (DC=slaterock,DC=bedrock,DC=US,DC=blah,blah) but I need the direct link.
First, a bit of terminology to be clear (and to help any searches you do):
- the 'slaterock' in 'slaterock\fflintstone' is the NetBIOS Domain Name for the domain.
- 'DC=slaterock,DC=bedrock,DC=US,DC=blah,blah' is the defaultNamingContext for the domain.
- CN=fred flinstone,OU=Quarry1,DC=slaterock,DC=bedrock,... is the user account's distinguishedName.
To translate from the user's distinguishedName to the NetBIOS Domain Name of their domain:
- get the user account's distinguishedName and chop it up to get the defaultNamingContext.
- Then do a search against the container: "CN=Partitions,CN=Configuration,DC=JohnLewis,DC=co,DC=uk" for an object with an nCName value that matches the defaultNamingContext from above.
- Get the nETBIOSName attribute of that object and you've got what you're after.