Active Directory Search fails ("The directory service is unavailab

Discussion in 'ASP .Net Security' started by ejcosta, Oct 7, 2004.

  1. ejcosta

    ejcosta Guest

    Hi all,

    I'm having one of those nerve wrecking errors, when trying to perform a
    simple search in an Active Directory. The objective of the code is to, given
    a user name, search the AD for couple of specified properties, including the
    groups the user belongs to.

    The odd thing is that, if I set filter simply as "(objectCategory=user)", it
    works. If I add any other search criteria, it throws an exception with the
    message "the directory service is unavailable.".

    Can any of you help? Here's the code that I'm using to perform the search:

    public static void GetADUserGroups(string LoggedInUser){
    DirectorySearcher search = new DirectorySearcher("LDAP://" +
    Common.getValue("SPDomain"));
    search.Filter = @"(objectCategory=user)(samaccountname=" + LoggedInUser +
    ")";

    search.PropertiesToLoad.Add("memberof");
    search.PropertiesToLoad.Add("department");
    search.PropertiesToLoad.Add("cn");
    search.PropertiesToLoad.Add("sn");
    search.PropertiesToLoad.Add("name");
    search.PropertiesToLoad.Add("samaccountname");

    System.Text.StringBuilder groupNames = new System.Text.StringBuilder();

    // Search time out
    TimeSpan waitTime;
    try{
    waitTime = new TimeSpan(0, 0, 60); //hh--mm-ss
    search.ClientTimeout = waitTime; //wait this much time to display results
    }
    catch (Exception Ex){
    throw new SystemException("Error = " + Ex.Message + Ex.InnerException, Ex);
    }

    try{
    SearchResult result = search.FindOne();
    if(result != null){
    int propertyCount = result.Properties["memberOf"].Count;
    String dn;
    int equalsIndex, commaIndex;

    for(int propertyCounter = 0; propertyCounter < propertyCount;
    propertyCounter++){
    dn = (String)result.Properties["memberOf"][propertyCounter];
    equalsIndex = dn.IndexOf("=", 1);
    commaIndex = dn.IndexOf(",", 1);
    if(-1 == equalsIndex){
    return;
    }
    groupNames.Append(dn.Substring((equalsIndex + 1), (commaIndex
    - equalsIndex) - 1));
    groupNames.Append("|");
    }
    }
    }
    catch(Exception ex){
    throw new Exception("Error obtaining group names. " + ex.Message);
    }
    }

    Thanks in advance for all the help you guys can provide!
    ejcosta
     
    ejcosta, Oct 7, 2004
    #1
    1. Advertising

  2. Your search filter should look like this for a compound query:
    (&(objectCategory=user)(samaccountname=username))

    Normally, I'd expect an invalid filter syntax error though.

    You might also need to include credentials in your DirectoryEntry
    constructor if your security context isn't a domain account or can't hop to
    the domain controller due to impersonation/delegation issues. This is
    common in ASP.NET.

    Joe K.

    "ejcosta" <> wrote in message
    news:...
    > Hi all,
    >
    > I'm having one of those nerve wrecking errors, when trying to perform a
    > simple search in an Active Directory. The objective of the code is to,
    > given
    > a user name, search the AD for couple of specified properties, including
    > the
    > groups the user belongs to.
    >
    > The odd thing is that, if I set filter simply as "(objectCategory=user)",
    > it
    > works. If I add any other search criteria, it throws an exception with the
    > message "the directory service is unavailable.".
    >
    > Can any of you help? Here's the code that I'm using to perform the search:
    >
    > public static void GetADUserGroups(string LoggedInUser){
    > DirectorySearcher search = new DirectorySearcher("LDAP://" +
    > Common.getValue("SPDomain"));
    > search.Filter = @"(objectCategory=user)(samaccountname=" + LoggedInUser +
    > ")";
    >
    > search.PropertiesToLoad.Add("memberof");
    > search.PropertiesToLoad.Add("department");
    > search.PropertiesToLoad.Add("cn");
    > search.PropertiesToLoad.Add("sn");
    > search.PropertiesToLoad.Add("name");
    > search.PropertiesToLoad.Add("samaccountname");
    >
    > System.Text.StringBuilder groupNames = new System.Text.StringBuilder();
    >
    > // Search time out
    > TimeSpan waitTime;
    > try{
    > waitTime = new TimeSpan(0, 0, 60); //hh--mm-ss
    > search.ClientTimeout = waitTime; //wait this much time to display results
    > }
    > catch (Exception Ex){
    > throw new SystemException("Error = " + Ex.Message + Ex.InnerException,
    > Ex);
    > }
    >
    > try{
    > SearchResult result = search.FindOne();
    > if(result != null){
    > int propertyCount = result.Properties["memberOf"].Count;
    > String dn;
    > int equalsIndex, commaIndex;
    >
    > for(int propertyCounter = 0; propertyCounter < propertyCount;
    > propertyCounter++){
    > dn = (String)result.Properties["memberOf"][propertyCounter];
    > equalsIndex = dn.IndexOf("=", 1);
    > commaIndex = dn.IndexOf(",", 1);
    > if(-1 == equalsIndex){
    > return;
    > }
    > groupNames.Append(dn.Substring((equalsIndex + 1), (commaIndex
    > - equalsIndex) - 1));
    > groupNames.Append("|");
    > }
    > }
    > }
    > catch(Exception ex){
    > throw new Exception("Error obtaining group names. " + ex.Message);
    > }
    > }
    >
    > Thanks in advance for all the help you guys can provide!
    > ejcosta
     
    Joe Kaplan \(MVP - ADSI\), Oct 7, 2004
    #2
    1. Advertising

  3. ejcosta

    Eurico Costa Guest

    Re: Active Directory Search fails ("The directory service is unava

    Joe,

    Thank you so much for your help. Your answer worked perfectly.

    Regards,
    Eurico

    "Joe Kaplan (MVP - ADSI)" wrote:

    > Your search filter should look like this for a compound query:
    > (&(objectCategory=user)(samaccountname=username))
    >
    > Normally, I'd expect an invalid filter syntax error though.
    >
    > You might also need to include credentials in your DirectoryEntry
    > constructor if your security context isn't a domain account or can't hop to
    > the domain controller due to impersonation/delegation issues. This is
    > common in ASP.NET.
    >
    > Joe K.
    >
    > "ejcosta" <> wrote in message
    > news:...
    > > Hi all,
    > >
    > > I'm having one of those nerve wrecking errors, when trying to perform a
    > > simple search in an Active Directory. The objective of the code is to,
    > > given
    > > a user name, search the AD for couple of specified properties, including
    > > the
    > > groups the user belongs to.
    > >
    > > The odd thing is that, if I set filter simply as "(objectCategory=user)",
    > > it
    > > works. If I add any other search criteria, it throws an exception with the
    > > message "the directory service is unavailable.".
    > >
    > > Can any of you help? Here's the code that I'm using to perform the search:
    > >
    > > public static void GetADUserGroups(string LoggedInUser){
    > > DirectorySearcher search = new DirectorySearcher("LDAP://" +
    > > Common.getValue("SPDomain"));
    > > search.Filter = @"(objectCategory=user)(samaccountname=" + LoggedInUser +
    > > ")";
    > >
    > > search.PropertiesToLoad.Add("memberof");
    > > search.PropertiesToLoad.Add("department");
    > > search.PropertiesToLoad.Add("cn");
    > > search.PropertiesToLoad.Add("sn");
    > > search.PropertiesToLoad.Add("name");
    > > search.PropertiesToLoad.Add("samaccountname");
    > >
    > > System.Text.StringBuilder groupNames = new System.Text.StringBuilder();
    > >
    > > // Search time out
    > > TimeSpan waitTime;
    > > try{
    > > waitTime = new TimeSpan(0, 0, 60); //hh--mm-ss
    > > search.ClientTimeout = waitTime; //wait this much time to display results
    > > }
    > > catch (Exception Ex){
    > > throw new SystemException("Error = " + Ex.Message + Ex.InnerException,
    > > Ex);
    > > }
    > >
    > > try{
    > > SearchResult result = search.FindOne();
    > > if(result != null){
    > > int propertyCount = result.Properties["memberOf"].Count;
    > > String dn;
    > > int equalsIndex, commaIndex;
    > >
    > > for(int propertyCounter = 0; propertyCounter < propertyCount;
    > > propertyCounter++){
    > > dn = (String)result.Properties["memberOf"][propertyCounter];
    > > equalsIndex = dn.IndexOf("=", 1);
    > > commaIndex = dn.IndexOf(",", 1);
    > > if(-1 == equalsIndex){
    > > return;
    > > }
    > > groupNames.Append(dn.Substring((equalsIndex + 1), (commaIndex
    > > - equalsIndex) - 1));
    > > groupNames.Append("|");
    > > }
    > > }
    > > }
    > > catch(Exception ex){
    > > throw new Exception("Error obtaining group names. " + ex.Message);
    > > }
    > > }
    > >
    > > Thanks in advance for all the help you guys can provide!
    > > ejcosta

    >
    >
    >
     
    Eurico Costa, Oct 8, 2004
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?bWc=?=

    Active Directory problem - search.FindAll()

    =?Utf-8?B?bWc=?=, Feb 22, 2004, in forum: ASP .Net
    Replies:
    0
    Views:
    2,386
    =?Utf-8?B?bWc=?=
    Feb 22, 2004
  2. P Webster
    Replies:
    2
    Views:
    11,089
    P Webster
    Mar 25, 2006
  3. Dirk Hagemann

    Search Filter Syntax in Active Directory

    Dirk Hagemann, Sep 29, 2004, in forum: Python
    Replies:
    0
    Views:
    327
    Dirk Hagemann
    Sep 29, 2004
  4. Tim Golden
    Replies:
    2
    Views:
    4,436
    Dirk Hagemann
    Oct 12, 2004
  5. PPL-KMS
    Replies:
    1
    Views:
    196
    Paul Clement
    Oct 5, 2004
Loading...

Share This Page