Java program to retrieve Active Directory(LDAP) User Properties

Problem Statement

You want to retrieve properties (like name, mail, telephonenumber, accountExpires etc.) of a Active Directory or a LDAP user.

What you need (replace in program)

  • You will need a username/pass that can connect to Active Director/LDAP. This is not some special user, but usually it is simply a user that is already there in Active Directory. This is string:,  in program below.
  • And of-course you need the username of the user(theUserName in program below) whose attribute you want to retrieve.
  • Your Active Directory/LDAP Host Name. This is the string: ActiveDirOrLDAPHost in program below.
  • Your Domain Name. This is the string: DC=YourDomain,DC=com, in program below.

The Program

import java.util.Hashtable;
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;

public class LDAPExaminer {

public static void main(String[] args) {
LDAPExaminer ldapExaminer = new LDAPExaminer();
//NOTE: replace theUserName below with the Active Directory/LDAP user whose attribites you want printed.
ldapExaminer.printUserBasicAttributes("<strong>theUserName</strong>", ldapExaminer.getLdapContext());

public LdapContext getLdapContext(){
LdapContext ctx = null;
Hashtable env = new Hashtable();
env.put(Context.SECURITY_AUTHENTICATION, "Simple");

//NOTE: replace with a User that is present in your Active Directory/LDAP
env.put(Context.SECURITY_PRINCIPAL, "<strong></strong>");
//NOTE: replace userpass with passwd of this user.
env.put(Context.SECURITY_CREDENTIALS, "userpass");
//NOTE: replace ADorLDAPHost with your Active Directory/LDAP Hostname or IP.
env.put(Context.PROVIDER_URL, "ldap://ActiveDirOrLDAPHost:389");

System.out.println("Attempting to Connect...");

ctx = new InitialLdapContext(env, null);
System.out.println("Connection Successful.");
}catch(NamingException nex){
System.out.println("LDAP Connection: FAILED");
return ctx;

private void printUserBasicAttributes(String username, LdapContext ctx) {
try {

SearchControls constraints = new SearchControls();
//NOTE: The attributes mentioned in array below are the ones that will be retrieved, you can add more.
String[] attrIDs = { "distinguishedName",
"telephonenumber", "canonicalName","userAccountControl","accountExpires"};

//NOTE: replace DC=domain,DC=com below with your domain info. It is essentially the Base Node for Search.
NamingEnumeration answer ="DC=YourDomain,DC=com", "sAMAccountName="
+ username, constraints);

if (answer.hasMore()) {
Attributes attrs = ((SearchResult);
throw new Exception("Invalid User");

} catch (Exception ex) {


2 responses

  1. Hi,
    I was wondering whether the context used in the code is closed anywhere? if not where i need to close them?
    Please reply.

    1. Sure you can can close the context once it is no longer needed.
      In the example code above, it can be closed in the main method.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: