tags:

views:

191

answers:

1
Q: 

How do I get DirectorySearcher to honor my specified SearchScope?

I have the following C# code in a project:

    DirectoryEntry root = new DirectoryEntry(@"LDAP://ad.mydomain.com");
    DirectorySearcher ds = new DirectorySearcher(root);
    ds.DerefAlias = DereferenceAlias.Always;
    ds.SearchScope = SearchScope.Subtree;
    ds.Filter = "(|(name=John_Smith)(cn=John_Smith))";
    SearchResultCollection src = ds.FindAll();

I'm monitoring LDAP traffic to the AD server with MS Network Monitor and I see this when the search takes place:

  Frame: Number = 1417, Captured Frame Length = 404, MediaType = ETHERNET 
+ Ethernet: Etype = Internet IP (IPv4),DestinationAddress:[XXX],SourceAddress:[XXX]
+ Ipv4: Src = XXX, Dest = XXX, Next Protocol = TCP, Packet ID = 9696, Total IP Length = 390
+ Tcp: Flags=...AP..., SrcPort=1521, DstPort=LDAP(389), PayloadLen=350, Seq=3825204841 - 3825205191, Ack=1241404727, Win=16425 (scale factor 0x2) = 65700
- Ldap: Search Request, MessageID: 1, BaseObject: NULL, SearchScope: base Object, SearchAlias: neverDerefAliases
  - Parser: Search Request, MessageID: 1
   + ParserHeader: 
   + MessageID: 1
   + OperationHeader: Search Request, 3(0x3)
   - SearchRequest: BaseDN: NULL, SearchScope: base Object, SearchAlias: neverDerefAliases
    + BaseObject: NULL
    + Scope: base Object
    + Alias: neverDerefAliases
    + SizeLimit: No Limit
    + TimeLimit: 120 seconds
    + TypesOnly: False
    - Filter: (objectclass Present)
     + Operator: Present, 7(0x07)
     - Length: 11
        Length: 11 bytes, LengthOfLength = 0
     + PresentFilter: objectclass Present
    - Attributes: ( subschemaSubentry )( dsServiceName )( namingContexts )( defaultNamingContext )( schemaNamingContext )( configurationNamingContext )( rootDomainNamingContext )( supportedControl )( supportedLDAPVersion )( supportedLDAPPolicies )( supportedSASLMec
     + AttributeSelectionHeader: 
     + Attribute: subschemaSubentry
     + Attribute: dsServiceName
     + Attribute: namingContexts
     + Attribute: defaultNamingContext
     + Attribute: schemaNamingContext
     + Attribute: configurationNamingContext
     + Attribute: rootDomainNamingContext
     + Attribute: supportedControl
     + Attribute: supportedLDAPVersion
     + Attribute: supportedLDAPPolicies
     + Attribute: supportedSASLMechanisms
     + Attribute: dnsHostName
     + Attribute: ldapServiceName
     + Attribute: serverName
     + Attribute: supportedCapabilities

Neither the search scope or filter I requested appear to be being used in the query. I tried using Softerra LDAP Administrator to perform a root search on "John_Smith" and network monitor shows what appears to be a perfectly good LDAP query, with filter and search scope intact.

What am I missing?

+1  A: 

This is how I do it:

searcher.Filter = "(&(objectClass=user)(|(cn=John_Smith)(sAMAccountName=John_Smith)))";

An awesome site for everything AD is this one that I use.

http://www.codeproject.com/KB/system/everythingInAD.aspx

Aaron  2010-03-11 16:43:46
+1 I'm currently developing a block of our framework that dialogs with AD using this precise article! It's awesome what it contains as information! Very good reference!
Will Marcouiller  2010-03-11 16:55:29
This doesn't work for me. I get no results and the LDAP packet appears to still have no filter and scope = base object. Even when I copy-paste the exact filter being used by the Softerra tool I get no results and no apparent filter being passed to the server.
Wayne  2010-03-11 17:16:06
This sounds like a stupid question, but are you absolutely sure that John_Smith is the 'sAMAccountname'?
Aaron  2010-03-11 17:20:27
Also, are you sure you don't need to set your username and pasword properties for your Directory Entry?
Aaron  2010-03-11 17:22:28
Well, it's a different name that I'm searching for, but it's definitely a valid account name in AD. I'm able to find it via the WinNT provider and the Softerra tool.
Wayne  2010-03-11 17:23:02
It doesn't seem to make any difference if I pass credentials or not.
Wayne  2010-03-11 17:24:43
I've never used the MS Network Monitor before, but perhaps the filter isn't being shown because you're not actually getting the directory entry. Does ds.FindAll() return null?
Aaron  2010-03-11 18:53:00
I get a SearchResultCollection with Count = 0 no matter what I try. I have been able to get what I need with a combination of System.DirectoryServices.AccountManagement and direct LDAP queries, but I'm at a loss as to why my simple query above isn't working. I'm sure I'm missing something head-slappingly simple...
Wayne  2010-03-11 22:19:22
The only explanation I can come up with is either your LDAP connection is incorrect or the username you're searching for is incorrect...but neither of those seems to be the case, so I'm at a loss here.
Aaron  2010-03-11 22:33:37

related questions

Subsonic Vs NHibernate
How to check For File Lock in C# ?
Is nAnt still supported and suitable for .net 3.5/VS2008?
Limit size of Queue<T> in .NET?
Viewstate invalid when using Safari
Free OCR library
Unhandled Exception Handler in .NET 1.1
Localising date format descriptors
Get a new object instance from a Type in C#
VFP .NET OLEdb provider does not work in Win 64-Bits. Help
.NET Testing Framework Advice
Embedded Database for .net that can run off a network
Automatically update version number
Homegrown consumption of web services
How do you migrate a large app from VB6 to VB .net ?
.NET Migrations Engine
Adding Scripting functionality to .NET applications
SQLite and XSD
Floating Point Number parsing: Is there a Catch All algorithm?
How do I programmatically create a PDF in my .NET application?
How do I sync the SVN revision number with my ASP.NET web site?
XSD DataSets and ignoring foreign keys
Anatomy of a "Memory Leak"
Reliable Timer in a Console Application
How do I calculate relative time?