How to get all users Active Directory Schema properties

I encountered a problem where I wanted to retrieve all the active directory user’s attributes, configured and not configured, in a Hashtable and a flag whether the attribute is multivalue or not. I tried first

DirectoryEntry _entry = new DirectoryEntry(path);
return _entry.Properties;

The problem with that is that it returns only the configured attributes. After searching for a while I reached that solution which returns all the attributes for an active directory entry, configured and not configured.

public static Hashtable GetADSchemaProperties()
   //connect to AD and get the current schema.
   ActiveDirectorySchema schema = ActiveDirectorySchema.GetCurrentSchema();
   DirectoryEntry user = null;
     //get the current username
     WindowsIdentity currentIdentity = WindowsIdentity.GetCurrent();
     WindowsPrincipal currentPrincipal = new WindowsPrincipal(currentIdentity);
     string userName = currentPrincipal.Identity.Name;
     userName = userName.Split(new char[] { '\\' })[1];

        //get the current user
        DirectoryEntry user = GetADEntryUser(userName);

        ArrayList properties = FindUserProperties(user);
        if (properties == null || properties.Count == 0)
            return null;

       //Add values to Hashtable.
       Hashtable propertiesList = new Hashtable();
       foreach (string propertyName in properties)
               propertiesList.Add(propertyName, !schema.FindPropert(propertyName).IsSingleValued);
       return propertiesList;
catch (Exception ex)
    return null;
    //Dispose all objects
    if(user != null)
    if(schema != null)

private static ArrayList FindUserProperties(DirectoryEntry user)
   string ldapPath = user.LDAPPath.ToString();
   DirectoryEntry directoryEntry = new DirectoryEntry(ldapPath);
   directoryEntry.AuthenticationType = 
   AuthenticationTypes.Secure|AuthenticationTypes.ServerBind | AuthenticationTypes.Sealing;
   object o = directoryEntry.NativeObject;

   DirectorySearcher mySearcher = new DirectorySearcher(directoryEntry);
   mySearcher.Filter = (“(objectClass=user)”);
   mySearcher.PropertyNamesOnly = true;

   SearchResult searchRes = mySearcher.FindOne();
   if (searchRes == null)
      return new ArrayList();

   DirectoryEntry schemaEntry = new DirectoryEntry((searchRes.GetDirectoryEntry().SchemaEntry.Path));

   //NOTE: One place where managed ADSI (System.DirectoryServices) falls short is finding schema
   //information from LDAP/AD objects. Finding information like mandatory and optional
   //properties simply cannot be done with any managed classes

   IADsClass iadsClass = (IADsClass)schemaEntry.NativeObject;
   if (iadsClass == null)
   return new ArrayList();

   ArrayList list = new ArrayList();
   foreach (string s in (Array)iadsClass.OptionalProperties)
   foreach (string s in (Array)iadsClass.MandatoryProperties)
   return list;


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: