active directory users on asp.net

Question

I want to create a directory intranet web site using Active Directory for our company. I got this so far, but when I run in debug mode the code breaks in searchResultCollection....search.findAll(); displaying:

[DirectoryServicesCOMException (0x80072020): An operations error occurred.]

I have tried changing the IIS asp.net impersonation to enabled but I get a HTTP Error 500.24. My user name has read access to Active Directory. Is there some thing I am missing or could some one point me to the right direction. I have looked everywhere this is were I'm getting stuck.

Thanks in advance for any help.

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data;
using System.DirectoryServices;
using System.Web.Security;

public partial class _Default : System.Web.UI.Page
{
     protected void Page_Load(object sender, EventArgs e)
     {
          if (!Page.IsPostBack)
             GetADUsers();
      }

      public void GetADUsers()
      {
          DirectoryEntry myLdap = new DirectoryEntry("LDAP://OU=Nix,DC=systems,DC=com");
          DirectorySearcher search = new DirectorySearcher(myLdap);
          search.CacheResults = true;
          search.SearchScope = SearchScope.Subtree;
          search.Filter = "(objectlass=person)";
          SearchResultCollection allResults = search.FindAll();

          foreach (SearchResult sr in allResults)
          {
               Response.Write(sr.Properties["name"].ToString());
          }
     }

Answer 1

After self reboot, I tested again it ran without errors then added the rest code to display in a gridview.

 public partial class _Default : System.Web.UI.Page
 {
 protected void Page_Load(object sender, EventArgs e)
 {
      if (!Page.IsPostBack)
         GetADUsers();
  }

  public void GetADUsers()
  {
      DirectoryEntry myLdap = new DirectoryEntry("LDAP://OU=Nix,DC=systems,DC=com");
      DirectorySearcher search = new DirectorySearcher(myLdap);
      search.CacheResults = true;
      search.SearchScope = SearchScope.Subtree;
      search.Filter = "(objectlass=person)";
      SearchResultCollection allResults = search.FindAll();
      search.PropertiesToLoad.Add("samaccountname");

      Grid1.DataSource = allResults;
      Grid1.DataBind();
 }

Answer 2

You can use a PrincipalSearcher and a "query-by-example" principal to do your searching:

// create your domain context
using (PrincipalContext ctx = new PrincipalContext(ContextType.Domain))
{
   // define a "query-by-example" principal - here, we search for a UserPrincipal 
   // and with the first name (GivenName) of "Bruce" and a last name (Surname) of "Miller"
   UserPrincipal qbeUser = new UserPrincipal(ctx);
   qbeUser.GivenName = "Bruce";
   qbeUser.Surname = "Miller";

   // create your principal searcher passing in the QBE principal    
   PrincipalSearcher srch = new PrincipalSearcher(qbeUser);

   // find all matches
   foreach(var found in srch.FindAll())
   {
       // do whatever here - "found" is of type "Principal" - it could be user, group, computer.....          
   }
}

If you haven't already - absolutely read the MSDN article Managing Directory Security Principals in the .NET Framework 3.5 which shows nicely how to make the best use of the new features in System.DirectoryServices.AccountManagement. Or see the MSDN documentation on the System.DirectoryServices.AccountManagement namespace.

Of course, depending on your need, you might want to specify other properties on that "query-by-example" user principal you create:

• DisplayName (typically: first name + space + last name)
• SAM Account Name - your Windows/AD account name
• User Principal Name - your "username@yourcompany.com" style name

You can specify any of the properties on the UserPrincipal and use those as "query-by-example" for your PrincipalSearcher.