DirectoryEntry Page Size limit

Question

The code below works just fine, however what's happening is the code limits the results to 1500 users and we have more than 1500 users. What I'm trying to do is retrieve a list of all users that are a member of a specific group. I know DirectorySearcher has a PageSize setting however, I'm unable to find a way to set DirectoryEntry PageSize will still only pulling members of that group.

Does anybody know a way to change the page size? Or maybe how to pull members of a specific group in another fashion that will accommodate pagesize?

DirectoryEntry dEntryhighlevel = new DirectoryEntry("LDAP://CN=Users,OU=MyOu,OU=Clients,OU=Home,DC=bridgeTech,DC=net");
foreach (object dn in dEntryhighlevel.Properties["member"])
{
    DirectoryEntry singleEntry = new DirectoryEntry("LDAP://" + dn);
    DirectorySearcher dSearcher = new DirectorySearcher(singleEntry);
    //filter just user objects
    dSearcher.SearchScope = SearchScope.Base;
    //dSearcher.Filter = "(&(objectClass=user)(dn=" + dn + "))";
    //dSearcher.PageSize = 1000;
    SearchResult singleResult = null;
    singleResult = dSearcher.FindOne();
    if (singleResult != null)
    {
        string Last_Name = singleResult.Properties["sn"][0].ToString();
        string First_Name = singleResult.Properties["givenname"][0].ToString();
        string userName = singleResult.Properties["samAccountName"][0].ToString();
        string Email_Address = singleResult.Properties["mail"][0].ToString();
        OriginalList.Add(Last_Name + "|" + First_Name + "|" + userName + "|" + Email_Address);
    }
    singleEntry.Close();
}

Answer 1

This came up in another thread recently: Always getting 1500 member of distribution list using PowerShell

In short, you want to use ranged retrieval to get the membership. This is the mechanism designed to help you fetch large attributes with >1500 values in them.

While we're on this topic, I'd like to predict your next thread. :) Reading the membership of the group will yield missing results depending upon the API you use. If you are "close to the metal" and using LDAP APIs, you'll find that users in the group due to primary group membership will be missing. I'd test this with whatever approach you use after resolving the ranged retrieval issue to ensure you don't miss anyone. More info on this here: retrieving group members/membership from active directory when members attrib doesn't work

Answer 2

I'm working on something similar to this at the moment and noticed that your code differs to mine slightly. I haven't had any issues with limited results using the following code structure:

DirectoryEntry dEntryhighlevel = new DirectoryEntry("LDAP://CN=Users,OU=MyOu,OU=Clients,OU=Home,DC=bridgeTech,DC=net");
DirectorySearcher dSearcher = new DirectorySearcher();
//filter just user objects
dSearcher.Filter = "(objectClass=user)";
dSearcher.PageSize = 1000;
SearchResultCollection resultCollection = dirSearcher.FindAll();
foreach (SearchResult userResults in resultCollection )
{
    string Last_Name = userResults .Properties["sn"][0].ToString();
    string First_Name = userResults .Properties["givenname"][0].ToString();
    string userName = userResults .Properties["samAccountName"][0].ToString();
    string Email_Address = userResults .Properties["mail"][0].ToString();
    OriginalList.Add(Last_Name + "|" + First_Name + "|" + userName + "|" + Email_Address);
}

That should return all your users. You'll need to use LDAP search patterns in your dSearcher.Filter in order to narrow users down to a specific group - see this link for some additional help with that.