CODEWITHSUNDEEP
c#active-directory
Robert Morgan
Robert Morgan

Reputation: 121

Searching for users across multiple Active Directory domains

I'm using the System.DirectoryServices.AccountManagement to provide user lookup functionality.

The business has several region specific AD domains: AMR, EUR, JPN etc.

The following works for the EUR domain, but doesn't return users from the other domains (naturally):

var context = new PrincipalContext(ContextType.Domain, "mycorp.com", "DC=eur,DC=mycorp,DC=com");

var query = new UserPrincipal(GetContext());

query.Name = "*Bloggs*";

var users = new PrincipalSearcher(query).FindAll().ToList();

However, if I target the entire directory, it doesn't return users from any of the region specific domains:

var context = new PrincipalContext(ContextType.Domain, "mycorp.com", "DC=mycorp,DC=com");

How do I search the entire directory?

Update

Read up on "How Active Directory Searches Work":

http://technet.microsoft.com/en-us/library/cc755809(v=ws.10).aspx

If I suffix the server name with port 3268 it searches against the Global Catalog:

var context = new PrincipalContext(ContextType.Domain, "mycorp.com:3268", "DC=mycorp,DC=com");

However it's very, very slow. Any suggestions on how to improve performance?

Upvotes: 12

Views: 9235

Answers (1)

asgreene
asgreene

Reputation: 21

Queries which have initial wildcards (*Bloggs*) will be slow unless you have a tuple index on the attribute being queries. None of the attributes in AD have this set by default. Better to not do initial wildcards.

Upvotes: 1

Related Questions