Missing properties when querying for non-admin users in AD


Eric Butler

I am trying to get user information out of AD (specifically the memberOf
property) from an ASP.net page and am having a strange problem. If the
user I query for is an administrator in the domain then I get a complete
list of all properties, including the one I need. However, if the user
that I query for is not an admin, I get back a much more limited set of
properties that doesn't include (among many other things) memberOf.

If I hard-code my username/password into the DirectoryEntry instance
that I use, I am able to get the complete property set for anyone, so I
figure there has to be an authentication issue somewhere. As far as I
can tell by default DirectoryEntry uses AuthenticationTypes.None, but I
am not sure exactly how AD treats this.

If I run this same code as a console application on the same server from
the same account that I tested hard-coding with above, everything works


private void Page_Load(object sender, System.EventArgs e) {
string role = "accounting".ToLower();
DirectorySearcher ds = new DirectorySearcher(new DirectoryEntry(null));
ds.Filter = "(sAMAccountName=" + Request.QueryString["username"] + ")";

SearchResult sr = ds.FindOne();
DirectoryEntry de = sr.GetDirectoryEntry();

PropertyValueCollection dir = de.Properties["memberOf"];
Response.Write("<p>Group Count:" + dir.Count + "</p>");
for(int i = 0; i < dir.Count; ++i) {
string currentItem = dir.ToString();
currentItem = currentItem.Substring(currentItem.IndexOf("CN=")+3);
currentItem = currentItem.Substring(0,currentItem.IndexOf(","));
Response.Write("<p>" + currentItem + "</p>");


Please let me know if you have any ideas about what I can do to make
this work!

Thanks a lot in advance.

- Eric


Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question