R
Richard Scannell
Guest
I am building a console app in C# , .NET 4.6.1 to experiment with LDAP Queries using the code is below
using (var parentEntry = new DirectoryEntry("LDAP://" + Environment.UserDomainName))
using (var directorySearch = new DirectorySearcher(parentEntry))
{
directorySearch.PageSize = 10000;
directorySearch.Filter = "(objectClass=group)";
foreach (SearchResult searchEntry in directorySearch.FindAll())
{
var entry = new DirectoryEntry(searchEntry.GetDirectoryEntry().Path);
if (entry.Properties["sAMAccountName"].Value != null)
{
Console.WriteLine(entry.Properties["sAMAccountName"].Value.ToString());
}
}
}
With individual entries returning the values for OU="MyOrg", DC="MyDC" , DC= "ad"
Simple flat queries, such as "(objectClass=group)" work fine, but anything more complex involving tree walking always returns an empty set for directorySearch.FindAll().
I am sure there is an issue in the filter, & have tried the following variants and I am not sure what I am doing wrong:
directorySearch.Filter = "(member:1.2.840.113556.1.4.1941:=cn=MyGrp,OU=MyOrg,DC=MyDC,DC=ad)";
directorySearch.Filter = "(member:1.2.840.113556.1.4.1941:=cn=MyGrp,OU=*,DC=*,DC=*)";
directorySearch.Filter = "(member:1.2.840.113556.1.4.1941:=cn=MyGrp)";
directorySearch.Filter = "(member:1.2.840.113556.1.4.1941:=cn=MyGrp)";name; subtree
directorySearch.Filter = "(memberOf:1.2.840.113556.1.4.1941:=cn=MyGrp,OU=MyOrg,DC=MyDC,DC=ad)";
directorySearch.Filter = "(memberOf:1.2.840.113556.1.4.1941:=cn=MyGrp,OU=*,DC=*,DC=*)";
directorySearch.Filter = "(memberOf:1.2.840.113556.1.4.1941:=cn=MyGrp)";
directorySearch.Filter = "(memberOf:1.2.840.113556.1.4.1941:=cn=MyGrp)";name; subtree
With the following parm set or un set for each attempt
// directorySearch.SearchScope = SearchScope.Subtree;
I wish to query both a user's AD membership and the member / memberof / groups attributes for mid tree AD Groups ( like Group B below )
Group A
-Group B
-Group C
- User1
- User2
I already have a tree walk solution for that, but its quite slow,& this approach is meant to be quicker.
All ideas gratefully received
I am confident that the problem is in the query filter, but I have never used LDAP queries before
Thanks, Richard
Continue reading...
using (var parentEntry = new DirectoryEntry("LDAP://" + Environment.UserDomainName))
using (var directorySearch = new DirectorySearcher(parentEntry))
{
directorySearch.PageSize = 10000;
directorySearch.Filter = "(objectClass=group)";
foreach (SearchResult searchEntry in directorySearch.FindAll())
{
var entry = new DirectoryEntry(searchEntry.GetDirectoryEntry().Path);
if (entry.Properties["sAMAccountName"].Value != null)
{
Console.WriteLine(entry.Properties["sAMAccountName"].Value.ToString());
}
}
}
With individual entries returning the values for OU="MyOrg", DC="MyDC" , DC= "ad"
Simple flat queries, such as "(objectClass=group)" work fine, but anything more complex involving tree walking always returns an empty set for directorySearch.FindAll().
I am sure there is an issue in the filter, & have tried the following variants and I am not sure what I am doing wrong:
directorySearch.Filter = "(member:1.2.840.113556.1.4.1941:=cn=MyGrp,OU=MyOrg,DC=MyDC,DC=ad)";
directorySearch.Filter = "(member:1.2.840.113556.1.4.1941:=cn=MyGrp,OU=*,DC=*,DC=*)";
directorySearch.Filter = "(member:1.2.840.113556.1.4.1941:=cn=MyGrp)";
directorySearch.Filter = "(member:1.2.840.113556.1.4.1941:=cn=MyGrp)";name; subtree
directorySearch.Filter = "(memberOf:1.2.840.113556.1.4.1941:=cn=MyGrp,OU=MyOrg,DC=MyDC,DC=ad)";
directorySearch.Filter = "(memberOf:1.2.840.113556.1.4.1941:=cn=MyGrp,OU=*,DC=*,DC=*)";
directorySearch.Filter = "(memberOf:1.2.840.113556.1.4.1941:=cn=MyGrp)";
directorySearch.Filter = "(memberOf:1.2.840.113556.1.4.1941:=cn=MyGrp)";name; subtree
With the following parm set or un set for each attempt
// directorySearch.SearchScope = SearchScope.Subtree;
I wish to query both a user's AD membership and the member / memberof / groups attributes for mid tree AD Groups ( like Group B below )
Group A
-Group B
-Group C
- User1
- User2
I already have a tree walk solution for that, but its quite slow,& this approach is meant to be quicker.
All ideas gratefully received
I am confident that the problem is in the query filter, but I have never used LDAP queries before
Thanks, Richard
Continue reading...