0

Im using the Code from: How can I get a list of users from active directory? to get all User from my AD.

Now im trying to connect via LDAP to a Domain to get all Users from that Active Directory with the following changes:

using (PrincipalContext context = new PrincipalContext(ContextType.Domain, "192.168.1.100", "Username@testdomain.local", "Password"))

There are 2 different OUs at testdomain.local with Users but Im only getting the Users of one OU? I thought that gives me all Users from all OUs from AD?

If I use the following for my current AD Domain then I get all USers from all OUs?

using (PrincipalContext context = new PrincipalContext(ContextType.Domain, currentDomain))

Could that be a configuration problem on the other domain or is the Code not working with a LDAP Connection?

Thank you

UPDATE:

Code: 

using (PrincipalContext context = new PrincipalContext(ContextType.Domain, "192.168.1.100", "Username@testdomain.local", "Password"))
{
    using (PrincipalSearcher searcher = new PrincipalSearcher(new UserPrincipal(context)))
    {
        foreach (var result in searcher.FindAll())
        {
            DirectoryEntry de = result.GetUnderlyingObject() as DirectoryEntry;
            de.Properties["samAccountName"].Value
        }
        catch (Exception c)
        {
        }
        result.Dispose();
    }
}
Jawad
  • 11,028
  • 3
  • 24
  • 37
  • 1
    you are only showing the script that defines the domain / context you are working with.. not the query you are running that is limiting your results to one OU. If you are using PrincipalSearcher, it will find all accounts without limits on number of results or OU. – Jawad Feb 12 '20 at 13:45
  • Hi Jawad, it was the code from the linked post, IVe updated my post. Thank you –  Feb 12 '20 at 13:49

1 Answers1

0

The code you have above works fine and pull all the records without any errors or skips. I would recommend changing the domain name from IP address to testdomain.local and username without @testdomain.local.

If you are looking to get samAccountName, or other properties, and convert them to DirectoryEntry, I would recommend the following route that uses DirectorySearcher. It provides better performance and looks up in all OUs.

DirectoryEntry entry = new DirectoryEntry("LDAP://DC=testdomain,DC=local", "username", "password");
string searchQuery = $"(&(objectCategory=user)(objectClass=user))";

var listOfUsers = new List<string>();
DirectorySearcher ds = new DirectorySearcher(entry, searchQuery,
                            new string[] { "samAccountName" });
ds.SizeLimit = int.MaxValue;
ds.PageSize = int.MaxValue;
foreach (SearchResult user in ds.FindAll())
{
    string samAccountName = user.Properties["samAccountName"][0].ToString();
    Console.WriteLine(samAccountName);
    listOfUsers.Add(samAccountName);
}
Jawad
  • 11,028
  • 3
  • 24
  • 37
  • Thank you for your suggestion, I will take a look on it and maybe take that code. If I understand you right there is no need for a Principalsearcher oder PrincipalContext? Ive read that the principal searcher should be faster then the directorysearcher? I will check that. Thank you –  Feb 12 '20 at 14:31
  • 1
    I would definitely recommend you testing that. In all the testing I have done, DirectorySearcher is much faster than the PrincipalSearcher. [GabrielLuci](https://www.gabescode.com/active-directory/2018/12/15/better-performance-activedirectory.html) has a good read here regarding performance – Jawad Feb 12 '20 at 14:52
  • https://philipm.at/2018/searching_users_in_active_directory.html another one with some speed measures. Thank you –  Feb 12 '20 at 14:56