How do I search for a list of user id's using LDAP and C#?

Question

I need to search for users given a specific list of User ID's. It works fine if I use this filter to search for a single user:

 using (DirectorySearcher ds = new DirectorySearcher(de) { Filter = $"(&(sAMAccountType=805306368)(sAMAccountName=xyz123))" })
 {
    SearchResult sr = ds.FindOne();
 }

I found this LDAP Filter Syntax page and it shows that conditions can be nested.

(|(cn=Jim Smith)(&(givenName=Jim)(sn=Smith)))

Conditions can be nested with parentheses, but make sure the parentheses match up.

So I tried using this filter and FindAll() and while I expected to see 1 for us and 1 for canada, it only found the one in canada.

(&(sAMAccountType=805306368)(!(sAMAccountName=xyz123)(sAMAccountName=abc456)))

Searching domain: us

Count: 0

Searching domain: canada

Count: 1

So maybe I'm not understanding the filter syntax well enough. Also, is it possible to search all domains with one call?

Answer 1

You're using an exclamation mark (!), which means "not". You want to use a pipe (|), which means "or":

(&(sAMAccountType=805306368)(|(sAMAccountName=xyz123)(sAMAccountName=abc456)))

If you have a large list of usernames that you're looking for (I'm talking hundreds), you might think of splitting them up into separate searches. I actually covered this (with sample code) in an article I wrote about this: Active Directory: Better performance