Validate Login against Active Directory

[Wokawidget]

The following function validates a username and password against an active directory.

VB Code:

Private Function ValidateActiveDirectoryLogin(ByVal Domain As String, ByVal Username As String, ByVal Password As String) As Boolean
        Dim Success As Boolean = False
        Dim Entry As New System.DirectoryServices.DirectoryEntry("LDAP://" & Domain, Username, Password)
        Dim Searcher As New System.DirectoryServices.DirectorySearcher(Entry)
        Searcher.SearchScope = DirectoryServices.SearchScope.OneLevel
        Try
            Dim Results As System.DirectoryServices.SearchResult = Searcher.FindOne
            Success = Not (Results Is Nothing)
        Catch
            Success = False
        End Try
        Return Success
    End Function

This would be used like:

VB Code:

If ValidateActiveDirectoryLogin("VBForums", "Woof", "Mouse") Then
   'do something
End If

Woka

[RuaanD]

Hallo,

Is it possible to use this code in the Login Form of vb .net?

Where must I place it?

Also, can it be used in the Custom Login Authentication ASP code that you have written?

Apreciate the help.

Ruaan

[Wokawidget]

Yes to both answers.
Place the code where it can be called. It's just a simple normal bog standard function after all.
Yes it can be directly used with my auth code.

Woka

[RuaanD]

Hi, I'm busy taking a look at the login.aspx code and can you tell me where must I place this code

VB Code:

Private Function ValidateActiveDirectoryLogin(ByVal Domain As String, ByVal Username As String, ByVal Password As String) As Boolean
            Dim Success As Boolean = False
            Dim Entry As New System.DirectoryServices.DirectoryEntry("LDAP://" & Domain, Username, Password)
            Dim Searcher As New System.DirectoryServices.DirectorySearcher(Entry)
            Searcher.SearchScope = DirectoryServices.SearchScope.OneLevel
            Try
                Dim Results As System.DirectoryServices.SearchResult = Searcher.FindOne
                Success = Not (Results Is Nothing)
            Catch
                Success = False
            End Try
            Return Success
        End Function

Thanks,

R

[RuaanD]

Hi, I'm busy taking a look at the login.aspx code and can you tell me where must I place this code

VB Code:

Private Function ValidateActiveDirectoryLogin(ByVal Domain As String, ByVal Username As String, ByVal Password As String) As Boolean
            Dim Success As Boolean = False
            Dim Entry As New System.DirectoryServices.DirectoryEntry("LDAP://" & Domain, Username, Password)
            Dim Searcher As New System.DirectoryServices.DirectorySearcher(Entry)
            Searcher.SearchScope = DirectoryServices.SearchScope.OneLevel
            Try
                Dim Results As System.DirectoryServices.SearchResult = Searcher.FindOne
                Success = Not (Results Is Nothing)
            Catch
                Success = False
            End Try
            Return Success
        End Function

Thanks,

R

Sorry my ASP is very bad

[Wokawidget]

U put that code in the login function ub the auth demo.

Woka

[michaelrawi]

Hi Wokawidget,

Your code doesn't work in my project. It always return false. It generate error (the server is not operational) if I remove try-catch and search it directly with this:

VB Code:

Private Function ValidateActiveDirectoryLogin(ByVal Domain As String, ByVal Username As String, ByVal Password As String) As Boolean
        Dim Success As Boolean = False
        Dim Entry As New System.DirectoryServices.DirectoryEntry("LDAP://" & Domain, Username, Password)
        Dim Searcher As New System.DirectoryServices.DirectorySearcher(Entry)
        Searcher.SearchScope = DirectoryServices.SearchScope.OneLevel
        'Try
        '    Dim Results As System.DirectoryServices.SearchResult = Searcher.FindOne
        '    Success = Not (Results Is Nothing)
        'Catch
        '    Success = False
        'End Try
 
        Dim Results As System.DirectoryServices.SearchResult = Searcher.FindOne
        Success = Not (Results Is Nothing)
        Return Success
    End Function

My domain server still use WinNT4.0, maybe that happened because WinNT4.0 doesn't support it?

Thanks

Michael

[Wokawidget]

What is the value of "LDAP://" & Domain???

Woka

[michaelrawi]

"LDAP://skb_ii"

skb_ii is the name of my domain.

[Wokawidget]

Hmmmm try modifying the code so the domain passed to the DirectoryEntry object is like:

LDAP://skb_ii.com/DC=skb_ii,DC=com

What happens now?

Woka

[michaelrawi]

Hmmmm try modifying the code so the domain passed to the DirectoryEntry object is like:

LDAP://skb_ii.com/DC=skb_ii,DC=com

What happens now?

Woka

It still not work. Weren't it supposed to be LDAP://skb_ii.com/DN=skb_ii,DC=com ? I've tried this either, but still no luck. It gives the same error mistake:

The server is not operational

at this line :

VB Code:

Dim Results As System.DirectoryServices.SearchResult = Searcher.FindOne

And for .com, maybe NT4 didn't support DNS ? (don't have experience in legacy system )

There's a win2000 server in my company. Maybe I should try join it to test my code.

[wrecklesswun]

If this is an NT4 domain, this may not work. NT4 does not understand this provider

[Wokawidget]

Hmmmm...are ppl still running NT4

Woof

[cjwallace]

Hi guys.

Does anyone have any ideas or can help me. I have a windows application that i would like to have a login to. I would like the login to check if you are a member of a certain group and then authenticate you to Active Directory by supplying a valid user name and password.

Maybe i am reading this post wrong but it looks like you are hard coding the user name and password into the code???

What if my password changes or i want to give more than one person access to use my application?

Thanks to anyone who can help me

Cheers

[Wokawidget]

lol. No, nothing is hard coded.
The function validates a username and password for a domain, and you can pass in all 3 params.
I added a demo call, which does have the params "hard coded", but you would just take these values from a UI input...which is simple to do.

Once you have the user in the search results, you can then browse through it's children and check for the group you want.

Woka

[cjwallace]

Hi mate and thanks for the reply.

Ok i am new to vb.net biiiiiiiiiiiiiig time, got kind of comfy with vbscript but realise how lazy a coder it makes you.

Anyway i am using vb.net 2005 and i have used the built in login form that i would like to use. The code for the form is below, Can you help me blend your code into the code below and to check for AD membership. What i would like to achive is if User Craig Wallace is not a member of say AD Security Group called User Creation then dont let him in, if he is and he supplies the correct login and password then let him in

Thanks for your help so far.

Public Class LoginForm

' TODO: Insert code to perform custom authentication using the provided username and password
' (See http://go.microsoft.com/fwlink/?LinkId=35339).
' The custom principal can then be attached to the current thread's principal as follows:
' My.User.CurrentPrincipal = CustomPrincipal
' where CustomPrincipal is the IPrincipal implementation used to perform authentication.
' Subsequently, My.User will return identity information encapsulated in the CustomPrincipal object
' such as the username, display name, etc.

Private Sub OK_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles OK.Click
Me.Close()
End Sub

Private Sub Cancel_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Cancel.Click
Me.Close()
End Sub

End Class

[Wokawidget]

Well in the OK_Click event you need to call my function with the username and password, and pass in the domain info.
But before you do that you much loop through the search results...the user object can be found in the results object.
Once you have this then you need to loop through it's children and find the group.
Sorry, I don't have time to write it for you as I am pushed with deadlines

See what you can find on VBF or google regarding AD search results.

Woka

[cjwallace]

Hi mate. Thanks very much for the reply. I am soooooooooooooooooo new to vb.net , whats the best way of calling your function. there is no big rush to reply as i know your busy, just when you have a minute

I am going to do this bit by bit.

First get it working with just a user name and password then move on to more advanced stuff like AD group

Thanks again

[Wokawidget]

Ok. np
Lets do this in stages.
So to use the code as it stands now, just validating the user (no group code yet), we would use something like:

Code:

Private Sub OK_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles OK.Click
   Dim authenticated As Boolean = AuthenticateUser()
   If isAuthenticated Then
      'some code here to open app
      Me.Close()
   Else
      'code here to display incorrect login details
   End If
End Sub

Private Function AuthenticateUser() As Boolean
   Dim username As String = txtUsername.Text
   Dim password As String = txtPassword.Text
   Dim domain As String = 'this can be in a config file, hard coded (I wouldnt do that), or inputed from the UI

   Dim isAuthenticated As Boolean = ValidateActiveDirectoryLogin(username, password, domain)

   Return isAuthenticated
End Function

Hope this helps.

Woka

[cjwallace]

Hi mate. Thanks for your time tonight.

Ok so i have copied your code into the form.

It may just be a typo but is Dim authenticated not supposed to be Dim isauthenticated

Code:

Dim authenticated As Boolean = AuthenticateUser()
   If isAuthenticated Then

Other small issues that vb.net is throwing up are

txtUserNames is not declared
txtPasswords is not declared

on line

Dim domain As String = 'this can be in a config file, hard coded (I wouldnt do that), or inputed from the UI

it is moaning about the = saying expression expected.

Also it is moaning about Name 'ValidateActiveDirectoryLogin' is not declared.

Code:

Private Sub OK_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles OK.Click
   Dim authenticated As Boolean = AuthenticateUser()
   If isAuthenticated Then
      'some code here to open app
      Me.Close()
   Else
      'code here to display incorrect login details
   End If
End Sub

Private Function AuthenticateUser() As Boolean
   Dim username As String = txtUsername.Text
   Dim password As String = txtPassword.Text
   Dim domain As String = 'this can be in a config file, hard coded (I wouldnt do that), or inputed from the UI

   Dim isAuthenticated As Boolean = ValidateActiveDirectoryLogin(username, password, domain)

   Return isAuthenticated
End Function

[Wokawidget]

txtUsername is the name of the text box on screen, as is txtPassword. In your app I don't know what they are called. Replace txtUsername and txtPassword with the name of the controls on your form.

ValidateActiveDirectoryLogin is the function originally posted in this thread....did you not copy that also?

The comain name is giving that error because ' means a remark, ie you must replace this bit of code with something.
Use something like:

Dim domain As String = "MyDomain.com"

Bearing in mind your domain is NOT MyDomain.com...it's soemthing else, so replace that with your domain.

Yea, sorry about typos' Am tired and typed straight into VBF and not a VB.NET editor.

I may suggest you get a Learn VB.NET in 21 days kind of book...this will seriously benefit you, and you'll be up and running in no tiem at all.

WOka

[cjwallace]

Thanks for the reply. i am also very tired and going to bed now. i will pick this up tomorrow. thanks for the pointers i will put them right tomorrow.

Thanks again for your help, it really is helping me learn big time.

Cheers

[cjwallace]

Hi mate.

Ok picking this back up tonight. I have copied your code as per your posts and have put it into my login form. I am hard coding the domain for the time being. Now when the form loads i am putting the correct login details as thats what i used to login to my laptop but the code always returns in correct login details. I have put a couple of msgbox's in as you will see.

Any ideas as to why it does not think i am using the right details?

Thanks for your help.

Code:

Public Class AuthenticateWithAD

    Private Sub OK_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles OK.Click
        Dim isauthenticated As Boolean = AuthenticateUser()
        If isauthenticated Then
            MsgBox("YOU HAVE BEEN AUTHENTICATED")
            Me.Close()
        Else
            MsgBox("YOU HAVE NOT BEEN AUTHENTICATED")
        End If
    End Sub

    Private Function ValidateActiveDirectoryLogin(ByVal Domain As String, ByVal Username As String, ByVal Password As String) As Boolean
        Dim Success As Boolean = False
        Dim Entry As New System.DirectoryServices.DirectoryEntry("LDAP://" & Domain, Username, Password)
        Dim Searcher As New System.DirectoryServices.DirectorySearcher(Entry)
        Searcher.SearchScope = DirectoryServices.SearchScope.OneLevel
        Try
            Dim Results As System.DirectoryServices.SearchResult = Searcher.FindOne
            Success = Not (Results Is Nothing)
        Catch
            Success = False
        End Try
        Return Success
    End Function

    Private Function AuthenticateUser() As Boolean
        Dim username As String = UsernameTextBox.Text
        Dim password As String = PasswordTextBox.Text
        'Dim domain As String = 'this can be in a config file, hard coded (I wouldnt do that), or inputed from the UI
        Dim domain As String = "WALLACE-UK.COM"

        Dim isAuthenticated As Boolean = ValidateActiveDirectoryLogin(username, password, domain)

        Return isAuthenticated
    End Function

    Private Sub Cancel_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Cancel.Click
        Me.Close()
    End Sub

End Class

[Wokawidget]

ValidateActiveDirectoryLogin(username, password, domain)

should be

ValidateActiveDirectoryLogin(domain, username, password)

[cjwallace]

Hi mate. Thanks very much for the update. i have changed my code as per your last post. YAY all is working i can now see it is checking with AD for my login which is cool, so thanks very much.

Ok so on to Part 2. What i now need to work out is that ok so you have the right user name and password but if you are not a member of a Active Directory user group the dont allow login , but if you are and you supply the right user name and password then login.

Any ideas?

Thanks in advance

[cjwallace]

Hi guys. Ok thought i would share back this code with others. Ok the code is the original code in that it will authenticate a user againt Active Directory.

The will now also check to see if the user is a member of a certain Active Directory Group. So you now have Group Check and User Name and Password Check.

Also and it may no use to others but i hve put a bit in here to check if the screen res is 1024 x 768 or above. also it has a progress bar.

Afew people on here have helped me along the way so cant take full credit for it.

Anyway here is the code. I hope someone finds it usefull

Code:

Imports System.DirectoryServices
Imports System.Net.Mail

Public Class Authenticate_With_Active_Directory

    Private Sub OK_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles OK.Click
        Dim isauthenticated As Boolean = AuthenticateUser()

        If isauthenticated Then

            ProgressBar1.Value = 1

            Timer1.Enabled = True



            'MsgBox("YOU HAVE BEEN AUTHENTICATED")

            Dim frm As New Main_Menu
            frm.Show()

            Me.Close()

        Else

            ProgressBar1.Value = 1

            Timer1.Enabled = True

            MessageBox.Show("YOU HAVE NOT BEEN AUTHENTICATED" & _
                Environment.NewLine & Environment.NewLine & "PLEASE CONTACT THE LONDON SYSTEMS TEAM. THIS LOGON ATTEMPT HAS BEEN RECORDED", "Alert - PLEASE READ , PLEASE READ", MessageBoxButtons.OK, MessageBoxIcon.Information)

        End If


    End Sub

    Private Sub Timer1_Tick(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Timer1.Tick

        ProgressBar1.Value = ProgressBar1.Value + 1
        If ProgressBar1.Value = 50 Then
            Timer1.Enabled = False
            'MsgBox(" progressbar at the end")
        End If
    End Sub


    Private Function ValidateActiveDirectoryLogin(ByVal Domain As String, ByVal Username As String, ByVal Password As String) As Boolean
        Dim Success As Boolean = False
        Dim Entry As New System.DirectoryServices.DirectoryEntry("LDAP://" & Domain, Username, Password)
        Dim Searcher As New System.DirectoryServices.DirectorySearcher(Entry)
        Searcher.SearchScope = DirectoryServices.SearchScope.OneLevel
        Try
            Dim Results As System.DirectoryServices.SearchResult = Searcher.FindOne
            Success = Not (Results Is Nothing)
        Catch
            Success = False
        End Try
        Return Success
    End Function

    Private Function AuthenticateUser() As Boolean
        Dim username As String = UsernameTextBox.Text
        Dim password As String = PasswordTextBox.Text
        'Dim domain As String = 'this can be in a config file, hard coded (I wouldnt do that), or inputed from the UI
        Dim domain As String = "WITHERS.NET"

        Dim isAuthenticated As Boolean = ValidateActiveDirectoryLogin(domain, username, password)

        Return isAuthenticated
    End Function

    Private Sub Cancel_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Cancel.Click
        Me.Close()
    End Sub

    Private Sub AuthenticateWithAD_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load

        Dim screenSize As Rectangle = Screen.PrimaryScreen.Bounds
        If screenSize.Width < 1024 Or screenSize.Height < 768 Then
            MessageBox.Show("Incorrect Screen Size" & _
            Environment.NewLine & Environment.NewLine & "This Application requires a Screen Resolution of 1024 x 768 and above. Please change", "Alert - PLEASE READ , PLEASE READ", MessageBoxButtons.OK, MessageBoxIcon.Information)
            Me.Close()
        Else

        End If

        'You grab the current logon username from environment object
        Dim userID As String = Environment.UserName
        'Then pass it into the function like this
        If IsMemberOf(userID, "GROUP NAME YOU WANT TO CHECK") Then
            'MessageBox.Show("Yes")
        Else
            MessageBox.Show("Unauthorised Access, You do not have permission to use this application" & _
                                    Environment.NewLine & Environment.NewLine & "Please contact the London Systems Team", "Alert - UNAUTHORISED ACCESS , UNAUTHORISED ACCESS", MessageBoxButtons.OK, MessageBoxIcon.Information)

            Me.Close()
        End If

    End Sub

    Public Shared Function IsMemberOf(ByVal userName As String, ByVal groupName As String) As Boolean


        ' Uncomment if using at Withers

        Dim answer As Boolean = False
        Dim dirEntry As DirectoryEntry = Nothing
        Dim serverName As String = "SERVER NAME"         'example "server1"
        Dim domainName As String = "DOMAIN NAME"  'example "yahoo", "msn", "google"...
        Dim domain As String = "NET"              'example "com", "org", "net"...
        Dim ldapPath As String = "LDAP://" & serverName & "/DC=" & domainName & ",DC=" & domain
        Dim dirSearcher As DirectorySearcher = Nothing
        Dim result As SearchResult = Nothing
        Try
            'dirEntry = New DirectoryEntry(ldapPath)
            'If you run into security permission issue, try this overload with supplied credentials
            dirEntry = New DirectoryEntry(ldapPath, "USERNAME", "PASSWORD", AuthenticationTypes.Secure)


            dirSearcher = New DirectorySearcher(dirEntry)
            With dirSearcher
                .Filter = "(SAMAccountName=" & userName & ")"
                .PropertiesToLoad.Add("memberOf")
                result = .FindOne()
            End With
            If Not result Is Nothing Then
                Dim propertyCount As Integer = result.Properties("memberOf").Count
                Dim dn As String = String.Empty
                Dim group As String = String.Empty
                Dim equalsIndex, commaIndex As Integer
                Dim propertyCounter As Integer = 0
                While propertyCounter < propertyCount
                    dn = CType(result.Properties("memberOf").Item(propertyCounter), String)
                    equalsIndex = dn.IndexOf("=", 1)
                    commaIndex = dn.IndexOf(",", 1)
                    If -1 = equalsIndex Then
                        Return False
                    End If
                    group = dn.Substring((equalsIndex + 1), (commaIndex - equalsIndex) - 1).ToUpper
                    If group = groupName.ToUpper Then
                        answer = True
                        Exit While
                    End If
                    propertyCounter += 1
                End While
            End If
        Catch ex As Exception
            Throw New Exception(ex.Message)
        Finally
            'Release unmanaged COM objects
            dirEntry = Nothing
            dirSearcher = Nothing
        End Try
        Return answer

    End Function

End Class

[Wokawidget]

Cool. Thanks for the code

Woka

[Wokawidget]

Hi.

I have cleaned the code up slightly for you. I hope you don't mind.
I have also combined the Validate and the Check group functions into one function.

You seemed to be doing something funny with the ldap path, so I simplified this also.

If you pass a groupname to the function then it validates this and checks if the user is a member, if no groupname is passed then the user is validated for a normal login.

Hope this helps, and thanks again for posting the code.

Code:

Private Function AuthenticateUser() As Boolean
        Dim username As String = "TestUser11@WokasCustomer.com"
        Dim password As String = "Woof123"
        Dim domain As String = "eQuest.local"

        Dim isAuthenticated As Boolean = ValidateActiveDirectoryLogin(domain, username, password, "Admins@WokasCustomer.com")

        Return isAuthenticated
    End Function




    Public Function ValidateActiveDirectoryLogin(ByVal domainName As String, ByVal userName As String, ByVal userPassword As String, ByVal groupName As String) As Boolean
        Dim isValidated As Boolean = False

        Try

            Dim ldapPath As String = "LDAP://" & domainName
            Dim dirEntry As New DirectoryEntry(ldapPath, userName, userPassword, AuthenticationTypes.Secure)
            Dim dirSearcher As New DirectorySearcher(dirEntry)

            dirSearcher.Filter = "(userPrincipalName=" & userName & ")"
            dirSearcher.PropertiesToLoad.Add("memberOf")

            Dim result As SearchResult = dirSearcher.FindOne()

            If Not result Is Nothing Then

                If groupName.Length = 0 Then
                    isValidated = True
                Else
                    Dim groupCount As Integer = result.Properties("memberOf").Count
                    Dim isInGroup As Boolean = False

                    For index As Integer = 0 To groupCount - 1
                        Dim groupDN As String = result.Properties("memberOf").Item(index)

                        Dim equalsIndex As Integer = groupDN.IndexOf("=")
                        Dim commaIndex As Integer = groupDN.IndexOf(",")

                        Dim group As String = groupDN.Substring((equalsIndex + 1), (commaIndex - equalsIndex) - 1).ToLower
                        If group.Equals(groupName.ToLower) Then
                            isInGroup = True
                            Exit For
                        End If
                    Next index

                    isValidated = isInGroup
                End If
            End If
        Catch ex As Exception
            Throw New Exception(ex.Message)
        End Try

        Return isValidated

    End Function

Woka

[cjwallace]

Hi mate. No of course i dont mind and its great to see another way of doing it. All about learning

Thanks again.

[Wokawidget]

np

Also, I changed it to search for sAMAccountName to userPrincipalName.

sAMAccountNames are like eQuest\Wokawidget
userPrincipalNames are like Wokawidget@eQuest.com

Most MS apps now use the UPN and not SAMAccountName...except some of thier hosting software, with exchange, as that requires the sAMAccountName to validate a mobile device.

Woka

[sherwin]

hi there.

not that into development, but i find the code very helpful.

is there a way for the code to be modified and also check for "Bad Login Count"?

regards.

[sherwin]

no suggestion? can someone suggest how to get badlogoncount?regards

[Wokawidget]

Well if badlogin account is an AD property, then just retrieve this property from the users AD object, which is got during validation process.

ie

Code:

int loginCount = Convert.ToInt32(userADobject.properties["badLogin"].Value.ToString())

But off the top of my head I dont know what the bad login count ad property is.

Woka

[sherwin]

thanks for the reply. i'll try that suggestion.

we used this:

Code:

    IntAttempts = objUser.BadLoginCount

but it's not working as expected.

regards.

[xion.truth]

The code works great. Thank you very much.

is there a way in this function to check the manager property within active directory. for instance:

Johns manager is Sam

When John logs in it runs

Code:

messagebox.show("Your manager is " &  somthing here)

thanks again

[Wokawidget]

Yes.
From Post 28, the user object is stored in a variable called "result".
So to get the manager you would use the following:

Code:

Dim managerPath As String.Empty;
if (result.Properties("managedBy").Count == 1) Then
   Dim managerDN As String = result.Properties("managedBy").Value.ToString()
   managerPath = string.Format("LDAP://{0}", managerDN); 
End If
if (managerPath.length > 0) Then
   DirectoryEntry managerObject = new DirectoryEntry(managerPath)
   string managerUPN = managerObject.Properties("userprincipalName").value.ToString()
   string managerDisplayName = managerUPN;
   if (managerObject.Properties("displayName").Count == 1) Then
      managerDisplayName = managerObject.Properties("displayName").value.ToString()
   End If
End if

Hope that helps.

Woka

[xion.truth]

Is that vb.net code or C# I have not been able to get it to work here is a screen shot of the errors:

[Wokawidget]

yes u are right...its a mix of them both

Doh

I have been coding in both a lot recently.
try this:

Code:

Dim managerPath As String = String.Empty
if (result.Properties("managedBy").Count = 1) Then
   Dim managerDN As String = result.Properties("managedBy").Value.ToString()
   managerPath = string.Format("LDAP://{0}", managerDN)
End If
if (managerPath.length > 0) Then
   Dim managerObject As DirectoryEntry = new DirectoryEntry(managerPath)
   Dim managerUPN As String= managerObject.Properties("userPrincipalName").value.ToString()
   Dim managerDisplayName As String = managerUPN
   if (managerObject.Properties("displayName").Count = 1) Then
      managerDisplayName = managerObject.Properties("displayName").value.ToString()
   End If
End if

Also u need to add:

Code:

dirSearcher.PropertiesToLoad.Add("managedBy")

[xion.truth]

Thank you so much for you time and help. I am a noob at active directory.

I also still have one error when i get to the

Code:

If (result.Properties("managedBy").Count = 1) Then

the system says "Object referance not set to an instace of an object"

also the code still shows the following error. If i remove the .value.toString and replace it with .toString it will take the error away but i dont know if it will work here is a picture. thanks again for your help!

[Wokawidget]

yea, sorry.Was on my mobile fone in town when I posted
instead of

.Value.ToString()

use

.Item(0).ToString();

Woka