Reputation: 657
How to resolve "The server does not support the control. The control is critical." Active Directory error
When trying to get all users from AD based on a role I was getting the exception:
System.DirectoryServices.Protocols.DirectoryOperationException: The size limit was exceeded
With help of this thread : LdapConnection SearchRequest throws exception for “The size limit was exceeded I tried implementing paging.
Now I am getting an exception:
The server does not support the control. The control is critical.
Any ideas on how to go about resolving it? I get a smaller list of role based users fine without paging. Thanks.
UPDATE: I found code to check if paging is supported by AD here iPlanet LDAP and C# PageResultRequestControl and I got the result that paging is supported.
Upvotes: 5
Views: 6563
Answers (3)
Reputation: 959
I recently experienced this issue even though I had explicitly set the LDAP version number to 3 and was using NTML authentication.
In my case there was a mutli domain Active Directory Domain Services forest and the problem was resolved by changing the port number used to establish the LDAP connection from 389 to 3268.
It turns out that these ports have very specific purposes -
389 - requests information from the local domain controller. The local domain controller has access to the complete list of attributes for all objects within the domain however querying for objects stored on an another domain requires referral chasing and this was where I was seeing "The server does not support the control" error.
3268 - This port is used to access the Global Catalog, this is a repository of all of the objects within the entire forest. It does have it limits in that the Global Catalog only stores attributes that have been marked for replication. Another side effect is that the Global Catalog is much more performant that access the local domain controller as it has no reliance on referral chasing to work.
Upvotes: 2
Reputation: 591
It is true that it helps to change from AuthType.Basic, but in case anyone wants to get it working with AuthType.Basic then you need to make sure to set LDAP protocol version to 3:
var connection = new LdapConnection(new LdapDirectoryIdentifier(server), null, AuthType.Basic);
connection.Bind(new NetworkCredential(username, password));
connection.SessionOptions.ProtocolVersion = 3;
I found this solution here: https://groups.google.com/d/msg/microsoft.public.active.directory.interfaces/x1ZiixXknqk/m7-Li21QBoIJ
Upvotes: 4
Reputation: 657
The solution posted in response to thread Paged LDap search fails with “The requested attribute does not exists” helped me with my issue too. I was using AuthType.Basic and changing it to AuthType.Ntlm had the paging code running fine. I doubt it will affect any other piece of AD code that I have but I'll check and post if I find anything to watch out for.
Thanks.
Upvotes: 2
Related Questions
- Getting "The server could not be contacted." when trying to access active directory
- Active Directory COM Exception - An operations error occurred (0x80072020)
- System.DirectoryServices.AccountManagement.PrincipalServerDownException: The server could not be contacted
- Server is unwilling to process the request for ActiveDirectory
- Unhandled Exception Active Directory
- The server is not operational
- The requested operation did not satisfy one or more constraints associated with the class of the object?
- Problem while accessing active directory using C# DirectoryServices
- C# - COMException was unhandled
- Active directory server is not operational. error code 2147016646