Active Directory search from wcf and asmx services failing

Question

I have a simple setup below to search for users.

DirectoryEntry rootEntry = new DirectoryEntry("LDAP://someserver:123/OU=d-users,DC=domain,DC=x,DC=y,DC=com");

rootEntry.AuthenticationType = AuthenticationTypes.None;
string filter = "sAMAccountName=" + AccountName;
DirectorySearcher searcher = new DirectorySearcher(rootEntry, filter);
SearchResult foundUser = searcher.FindOne();

For some reason I can search via a simple Console/windows forms app but cannot search from a wcf or asmx service (v4.0, Integrated) on IIS(6.1). The exception is below;

exception:System.Runtime.InteropServices.COMException (0x8007200A): The specified directory service attribute or value does not exist.

   at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
   at System.DirectoryServices.DirectoryEntry.Bind()
   at System.DirectoryServices.DirectoryEntry.get_AdsObject()
   at System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne)
   at System.DirectoryServices.DirectorySearcher.FindOne()
   at Tester.FindAccountByName(String AccountName)

score 0 · Answer 1 · answered Jul 01 '15 at 08:43

0

Try to put your filter into brackets:

string filter = string.Format("(sAMAccountName={0})", AccountName);

See the relevant TechNet article on LDAP filter syntax for more details

answered Jul 01 '15 at 08:43

marc_s

732,580
175
1,330
1,459

made the filter like (sAMAccountName=jon.snow) but didn't work. – mechanicum Jul 01 '15 at 08:56

score 0 · Answer 2 · edited May 23 '17 at 11:51

Try using an DirectorySearcher, something like this:

    using (DirectorySearcher searcher = new DirectorySearcher(new DirectoryEntry("LDAP://someserver:123/OU=d-users,DC=domain,DC=x,DC=y,DC=com")))
                {
                    StringBuilder filterStringBuilder = new StringBuilder();
                    // Just create a single LDAP query for all user SIDs
                    filterStringBuilder.Append("(&(objectClass=user)(|");
                    filterStringBuilder.AppendFormat("({0}={1})", "sAMAccountName", AccountName);
                    filterStringBuilder.Append("))");
                    searcher.PageSize = 1000; // Very important to have it here. Otherwise you'll get only 1000 at all. Please refere to DirectorySearcher documentation

                    searcher.Filter = filterStringBuilder.ToString();
                    searcher.ReferralChasing = ReferralChasingOption.None;

                    searcher.PropertiesToLoad.AddRange(
                        new[] { "DistinguishedName" });

                    var result = searcher.FindOne();
                 }

More examples on how to use the DirectorySearcher you can find on msdn or stackoverflow

Added {AuthenticationType=AuthenticationTypes.None } for user errors. Also getting, "Additional information: The value for the property PageSize cannot be set." error. But when I remove the PageSize setting, I get null from FindOne(). — mechanicum, Jul 01 '15 at 09:31
remove the filtering (filterStringBuilder) and the PropertiesToLoad then try searcher.FindAll() and see what's returning — Zippy, Jul 01 '15 at 09:44
with or without PropertiesToLoad, I get 2000 member innerList, but with PropertiesToLoad, additionally I get 2 properties "ADsPath" and "DistinguishedName". — mechanicum, Jul 01 '15 at 10:38

Active Directory search from wcf and asmx services failing

2 Answers2