CODEWITHSUNDEEP
c#active-directoryldap
Josh
Josh

Reputation: 1367

LDAP query doesn't display certain users

I am unable to display some users from LDAP. I dont know why. Here's my code

        try
        {

            string path = "LDAP://" + Program.domain;

            DirectoryEntry dEntry = new DirectoryEntry(path);


            DirectorySearcher dSearcher = new DirectorySearcher(dEntry);

            dSearcher.Filter = "(&(objectClass=user)(objectCategory=person))";

            //perform search on active directory
            sResults = dSearcher.FindAll();


            //loop through results of search
            foreach (SearchResult searchResult in sResults)
            {
                //string view = searchResult.Properties["samaccountname"][0].ToString();
                // Console.WriteLine(searchResult.Properties["userprincipalname"][0].ToString());

                if (searchResult.Properties["samaccountname"][0].ToString() == Program.username)
                {
                    Console.WriteLine("**********UserDetails******************");
                        foreach (Object propertyName in searchResult.Properties.PropertyNames)
                        {
                            ResultPropertyValueCollection valueCollection =
                                searchResult.Properties[(string)propertyName];


                            foreach (Object propertyvalue in valueCollection)
                            {
                                Console.WriteLine((string)propertyName + " : " + propertyvalue);

                                result = true;

                            }


                        }
                        Console.WriteLine("************************************");

                    }

                }

This displays few users but few other users who exist in AD are not displayed. They're also Domain Admins and Domain users. I don't see any permission issues too yet... I seriously need some help.Can someone help me please?

Thanks

Upvotes: 0

Views: 2684

Answers (1)

Eric Fleischman
Eric Fleischman

Reputation: 1158

There are two likely causes:

0) Access control: You do not have the appropriate level of access to view the objects in question (or the properties required to match them in the filter (be it objectClass or objectCategory)).

1) The target objects in question do not actually match the filter specified. Users can be something other than (&(objectClass=user)(objectCategory=person)).

My suggestion is to approach the problem as follows:

0) Take one sample user that you expect to match and inspect it carefully. Check to ensure that objectClass does in fact contain user and objectCategory is set to person. If not, modify your query to be inclusive of all of the users you are trying to find. (You can consult the AD schema to see the relationship between these things)

1) Make sure the context under which you're doing the query has access to all of the objects you want to find including the attributes that you're using in your filter. AD won't return a match to a query if you don't have access to all of the attributes in the filter...if it did, it'd be a form of information disclosure.

Upvotes: 0

Related Questions