diff --git a/Controllers/AdApiController.cs b/Controllers/AdApiController.cs
new file mode 100644
index 0000000..3cd22b4
--- /dev/null
+++ b/Controllers/AdApiController.cs
@@ -0,0 +1,104 @@
+using Microsoft.AspNetCore.Cors;
+using Microsoft.AspNetCore.Hosting.Server;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.Extensions.Options;
+using Newtonsoft.Json;
+using System.DirectoryServices;
+using System.DirectoryServices.AccountManagement;
+using System.DirectoryServices.Protocols;
+using System.Net;
+using System.Runtime.Versioning;
+using System.Security.Cryptography;
+using System.Text;
+using System.Text.RegularExpressions;
+using static DbTableClass;
+
+namespace ad_login.Controllers
+{
+    [EnableCors("any")]
+    [Route("adApi")]
+  
+    public class AdApiController : ControllerBase
+    {
+        private readonly IHttpContextAccessor _httpContextAccessor;
+        private readonly IWebHostEnvironment _hostingEnvironment;
+        private readonly PasswordManagementService _passwordManagement;
+        private readonly string _ldapServer;
+        private readonly string _domain;
+        private readonly string _baseDn;
+
+        public AdApiController(IHttpContextAccessor httpContextAccessor, IWebHostEnvironment webHostEnvironment, PasswordManagementService passwordManagement, IOptions<LdapSettings> ldapSettings)
+        {
+            this._httpContextAccessor = httpContextAccessor;
+            this._hostingEnvironment = webHostEnvironment;
+            this._passwordManagement = passwordManagement;
+            this._ldapServer = ldapSettings.Value.Server;
+            this._domain = ldapSettings.Value.Domain;
+            this._baseDn = ldapSettings.Value.BaseDn;
+        }
+
+        [EnableCors("any")]
+        [Route("aduserList")]
+        [SupportedOSPlatform("windows")]
+        public ActionResult AduserList(IFormCollection obj) {
+
+            Result ret = new Result();
+            List<String> expiringUsers = [];
+
+            DirectoryEntry entry = new DirectoryEntry($"LDAP://{_ldapServer}/{_baseDn}", GlobalClass.appsettings("LdapSettings:User"), GlobalClass.appsettings("LdapSettings:Password")); // 使用 LDAP 伺服器和基礎 DN 建立 DirectoryEntry 物件。
+            DirectorySearcher mySearcher = new DirectorySearcher(entry);
+            mySearcher.Filter = "(&(objectCategory=person)(objectClass=user))"; // 篩選有「上次密碼設定時間」、「Mail」的「使用者」。
+              // 電子郵件
+
+            foreach (SearchResult result in mySearcher.FindAll())
+            {
+                string userSAMAccountName = result.Properties["sAMAccountName"][0].ToString() ?? string.Empty; // AD 帳號
+                string userDisplayName = "";
+                string userMail = "";
+                if (result.Properties["displayName"].Count > 0)
+                    userDisplayName = result.Properties["displayName"][0].ToString();
+                else
+                    userDisplayName = userSAMAccountName;       // 顯示名稱
+
+                if (result.Properties["mail"].Count > 0) {
+                   userMail = result.Properties["mail"][0].ToString() ?? string.Empty;
+                }
+
+                int flags = (int)result.Properties["userAccountControl"][0];
+                string expiringUsersInfo = $"{userSAMAccountName};{userDisplayName};{userMail}";
+
+                adUser adUser = new adUser
+                {
+                    userAccount = userSAMAccountName,
+                    userDisplayName = userDisplayName,
+                    userMail = userMail
+                };
+
+                if (!Convert.ToBoolean(flags & 0x0002) && (userMail != "")) {
+                    ret.data.Add(adUser); // 如果帳號沒有被停用，且有電子郵件，就加入結果列表。
+                }
+            }
+
+            ret.ret = "yes";
+
+            return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8");
+        }
+
+        public class Result
+        {
+            public string ret = "no";
+            public string err_code = "0000";
+            public string message = "";
+            public List<adUser> data = new List<adUser>();
+        }
+
+        public class adUser
+        {
+            public string userAccount { get; set; } = string.Empty; // AD 帳號
+            public string userDisplayName { get; set; } = string.Empty; // 顯示名稱
+            public string userMail { get; set; } = string.Empty; // 電子郵件
+        }
+
+    }
+}
diff --git a/ad_login.csproj b/ad_login.csproj
index 95eebd6..6942260 100644
--- a/ad_login.csproj
+++ b/ad_login.csproj
@@ -20,6 +20,7 @@
     <PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
     <PackageReference Include="Swashbuckle.AspNetCore" Version="9.0.3" />
     <PackageReference Include="System.Data.SqlClient" Version="4.9.0" />
+    <PackageReference Include="System.DirectoryServices.AccountManagement" Version="9.0.8" />
     <PackageReference Include="System.DirectoryServices.Protocols" Version="9.0.8" />
     <PackageReference Include="System.Drawing.Common" Version="9.0.8" />
   </ItemGroup>
diff --git a/appsettings.json b/appsettings.json
index 139599e..8139a24 100644
--- a/appsettings.json
+++ b/appsettings.json
@@ -9,7 +9,9 @@
   "LdapSettings": {
     "Server": "office.bremen.tw", // 如果是用 Kerberos 驗證，AD 的伺服器不可以使用 IP。
     "Domain": "office.bremen.tw",
-    "BaseDn": "DC=office,DC=bremen,DC=tw"
+    "BaseDn": "DC=office,DC=bremen,DC=tw",
+    "User": "Administrator", // AD 的使用者名稱
+    "Password": "<%Bremen%>" // AD 的使用者密碼
   },
   "ConnectionStrings": {
     "SQLConnectionString": "Data Source=sql.bremen.com.tw;Initial Catalog=bremen_db;User ID=bremen_db;Password=4zI5j?45p;Max Pool Size=500;"