Avatar Mike Noordermeer Querying Active Directory from Java using ADSI

Mike Noordermeer | Published January 27, 2012 |

In order to query a user’s Active Directory properties from a Java application, we have a couple of possibilities. The most obvious option is to directly query using an LDAP connection through JNDI. Since Active Directory, by default, does not support anonymous binds, this requires a user account in the AD domain, storing/maintaining the user account in the application configuration, and a simple or Kerberos bind on the LDAP connection. All doable, but why not use the computer’s domain credentials (assuming the computer is part of the AD domain)?

To use the computer’s domain credentials (and not require any configuration of credentials in the application itself), we can use the Active Directory Service Interface (ADSI), which is a set of COM interfaces, accessible using ActiveX Data Objects (ADO). For this, we need to use JNI and Jacob (Java - Com bridge), for which the documentation is quite poor. To help you out, here is some code and the right dependencies.

First of all, include the following dependencies in your project (Gradle style syntax):

A small example to retrieve the employeeNumber attribute from the current AD domain:

comments powered by Disqus