Administrative Limit Exceeded During C# LDAP Search

Question

I am trying to do a LDAP Search however I keep getting the following error:

Unhandled Exception: System.Runtime.InteropServices.COMException (0x80072024): T
he administrative limit for this request was exceeded.

   at System.DirectoryServices.SearchResultCollection.ResultsEnumerator.MoveNext
()
   at System.DirectoryServices.DirectorySearcher.FindOne()

Here is the code: (The error is thrown at FindOne())

        DirectoryEntry dirEntry = new DirectoryEntry("LDAP://myldap.com:1701/ou=People,o=My Company,c=CA", "", "", AuthenticationTypes.Anonymous);
        DirectorySearcher dirSearcher = new DirectorySearcher(dirEntry);

        string filter = "mail";
        string filterValue = "[email protected]";

        dirSearcher.Filter = string.Format("({0}={1})", filter, filterValue);

        SortOption sortOption = new SortOption(filter, SortDirection.Ascending);

        dirSearcher.Sort = sortOption;
        dirSearcher.PropertiesToLoad.Add("uid");
        dirSearcher.SearchScope = SearchScope.Subtree;

        SearchResult result = dirSearcher.FindOne();

        DirectoryEntry directEntry = result.GetDirectoryEntry();
        Console.WriteLine("Result: {0}", directEntry.Properties["uid"].Value.ToString());

Any ideas how to get around this?

Answer 1

Many LDAP server implementations have limits on how many results will be returned in a query.

AD defaults to 1000 or 2000. I forget offhand. eDirectory defaults to no limit. Others vary.

You can either ask the admins to change the limit, or else, page your code so it gets only a page (or limited number of results) at a time.

Answer 2

Removed this line and it works:

dirSearcher.PropertiesToLoad.Add("uid");

Must have been grabbing the UID from every result instead of just a matching result and therefore was going over the Admin limit.