Reputation: 2119
LDAP user enumeration does not return all domain users
I am using the following code to fetch list of all users in the given domain.
DirectoryEntry dirEntry = new DirectoryEntry( "LDAP://domainname", userName, password );
System.DirectoryServices.DirectorySearcher dirSearcher = new System.DirectoryServices.DirectorySearcher( dirEntry );
dirSearcher.Filter = "(&(objectClass=user)(objectCategory=person))";
foreach ( SearchResult resEnt in dirSearcher.FindAll( ) )
{
//Access searchResult
}
But results returned are partial and do not reflect all the registered users in the domain. Is there anything I am missing out here?
Thanks in advance,
Bharath.
Upvotes: 2
Views: 2023
Answers (3)
Reputation: 21
Sounds like you need to set the PageSize to a non-zero value. Excellent overview here.
Upvotes: 2
Reputation: 4100
Silly question for you, how many are returned? Any chance it is right around 1000 or 2000?
AD has a default limit on how many search results are returned in one simple query. You can page your results, or change the limit, but if you are getting right around 1000 or 2000 that would be a dead giveaway.
In that case, Uwe's answer to test with an external LDAP browser would show the same results. (I personally use LBE or ApacheDS. LBE is 600K and lightweight).
Upvotes: 3
Reputation: 40736
Usually, I hunt issues like these with the free version of the Softerra LDAP Browser (be sure to use version 2.6 which is free and usually still sufficient).
Upvotes: 2
Related Questions
- LDAP Query not returning all queried attributes
- fetch active directory user data using C#
- LDAP Query returns incorrect results
- LDAP search returns less objects than expected
- Find all users in Ldap using asp.net c#
- How to retrieve all users of Active Directory?
- Why is my LDAP query failing?
- c# LDAP membership enumeration
- Get a full list of users from LDAP
- Active Directory not finding all users in C#