C# ADSIedit and LDAP

Question

            Console.WriteLine("Enter server:");
            string sServer = Console.ReadLine();
            Console.WriteLine("Enter account:");
            string sAccount = Console.ReadLine();
            Console.WriteLine("Enter password:");
            //string sPassword = Console.ReadLine();
            string sPassword = ReadPassword();
            //Console.WriteLine("Enter search4:");
            //string sSubscriber = Console.ReadLine();
            try
            {
                DirectoryEntry searchroot = new DirectoryEntry("LDAP://" + sServer, sAccount, sPassword);
                DirectorySearcher ds = new DirectorySearcher(searchroot);
                ds.SearchScope = SearchScope.Subtree;
                ds.Filter = "(&(objectClass=*)(cn=" + sUser + "))";
                //SearchResultCollection results = ds.FindAll();
                //string sResult = results.Count.ToString();
                /*foreach (SearchResult result in ds.FindAll())
                {

                    string legacyexchangedn = null;
                    if (result != null)
                    {
                        DirectoryEntry de = result.GetDirectoryEntry();
                        string cn = de.Properties["cn"].Value.ToString();
                        if (de.Properties["legacyexchangedn"].Value != null)
                        {
                            legacyexchangedn = de.Properties["legacyexchangedn"].Value.ToString();
                            Console.WriteLine("LegacyExchangeDN = " + legacyexchangedn);
                        }
                    }
                }*/
                SearchResult result = ds.FindOne();
                sResult = result.Properties.Count.ToString();
                string legacyexchangedn = null;
                if (result != null)
                {
                    DirectoryEntry de = result.GetDirectoryEntry();
                    string cn = de.Properties["cn"].Value.ToString();
                    if (de.Properties["legacyexchangedn"].Value != null)
                    {
                        legacyexchangedn = de.Properties["legacyexchangedn"].Value.ToString();
                        Console.WriteLine("LegacyExchangeDN = " + legacyexchangedn);
                    }
                }
            }
            catch (Exception er)
            {
                Console.WriteLine("Error in get directory entry data.");
                string msg = "\r\nSource:\r\n\t" + er.Source + "\r\n" +
                            "Stack trace:\r\n\t" + er.StackTrace + "\r\n" +
                            "Path: \r\n\t" + er.TargetSite + "\r\n" +
                            "Message:\r\n\t" + er.Message + "\r\n" +
                            "Data:\r\n\t" + er.Data + "\r\n" +
                            "Error:\r\n\t" + er.ToString() + "\r\n";
                Console.WriteLine(msg);
                Console.WriteLine("Result count = " + sResult);
            }

i'm trying to create a C# program to query the domain to find a single user to read what is being created in the "LegacyExchangeDN" object.

i'm running into a problem where i can't figure out how to make it work in production domain. of course it works find in my lab but always fail in the real domain.

i get this msg:

Source:
        System.DirectoryServices
Stack trace:
           at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
   at System.DirectoryServices.DirectoryEntry.Bind()
   at System.DirectoryServices.DirectoryEntry.get_AdsObject()
   at System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne)
   at System.DirectoryServices.DirectorySearcher.FindOne()
   at getAD.Program.test8(Boolean isXPR64)
Path:
        Void Bind(Boolean)
Message:
        The server is not operational.

Data:
        System.Collections.ListDictionaryInternal
Error:
        System.Runtime.InteropServices.COMException (0x8007203A): The server is not operational.

   at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
   at System.DirectoryServices.DirectoryEntry.Bind()
   at System.DirectoryServices.DirectoryEntry.get_AdsObject()
   at System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne)
   at System.DirectoryServices.DirectorySearcher.FindOne()
   at getAD.Program.test8(Boolean isXPR64)

no matter what server i use i can't seem to get past this error.

i have tried different servers, domain string.

the production domain has well over 6000 users.

any idea?

Answer 1

Hi

The account you use to query the DS have permissions to do so?

Answer 2

i assume so i was given a domain account to use.

i'm able to use ADSIEdit to travse through the domain.

 

Answer 3

Hi

Try a simple method:

I think you miss to load the properties you want to access like this ds.PropertiesToLoad.Add("member");

public static ArrayList getUsers(string group)

        {
            try
            {
                DirectorySearcher ds = new DirectorySearcher();
                ds.SearchRoot = de2;
                ds.SearchScope = SearchScope.Subtree;
                ds.Filter = String.Format("(cn={0})", group);
                ds.PropertiesToLoad.Add("member");
                SearchResult result = ds.FindOne();
                string se;
                ArrayList lista = new ArrayList();
                foreach (string s in result.Properties["member"])
                {
                    se = s.ToString().Split(',')[0];
                    se = se.ToString().Split('=')[1];

                    lista.Add(se);
                }
                ds.Dispose();
                return lista;
            }
            catch
            {
                throw new Exception();
            }
        }

 

Answer 4

Hi,

I hope that the properties "legacyexchangedn" will not be loaded to directorysearcher properties for searching, you need to add the properties specifically for searching any how in the block where you are searching the Directory, try to add the following code

at the top and let me know whether it works

  DirectoryEntry searchroot = new DirectoryEntry("LDAP://" + sServer, sAccount, sPassword);
                DirectorySearcher ds = new DirectorySearcher(searchroot);
                ds.SearchScope = SearchScope.Subtree;
                ds.Filter = "(&(objectClass=*)(cn=" + sUser + "))";
   ds.PropertiesToLoad.Add("cn");
            ds.PropertiesToLoad.Add("legacyexchangedn");

Hope it helps.If you have further queries let me know i am glad to help.

Regards,
A.Murugan

 

 

---

If it solved your problem,Please click "Mark As Answer" on that post and "Mark as Helpful". Happy Programming!

Answer 5

Murugan,

i'm not sure i understand why adding "ds.PropertiesToLoad.Add" is need?

the program works like it should in the lab it fails in the production environment.

the error message created does not lead me to believe there is an issue with the search filter.

 

Answer 6

Hi

Have you tested my solution? can you read another propertie, for example:

userPrincipalName

Also try to force objectclass=user instead of using * wildcard just to simplifie a bit and to isolate the problem, i also recommend to use :

String.Format("(&(objectClass={0})(cn={1}))", "user", sUser);

---

MCP

Answer 7

Leandro,

sorry have not got to try your suggestion must clear my table of the morning work load.

but the question still stands if it works in the lab why not production. these are pretty much standard AD objects, right? and again the error does not suggest the query was wrong.

Answer 8

Hi

You can try to use a LDAP tool to test your search like http://securityxploded.com/ldapsearch.php , in the production site, if you can apply the filters you want and retrive the right info, we need to analize the error in another perspective.

 

 

---

MCP

Answer 9

Leandro,

McAfee is warning me about the site your link i taking me to. how safe is this?

Answer 10

Hi

Try this on from cnet http://download.cnet.com/LDAPSearch/3000-2085_4-75179594.html i installed and works fine for me.

---

MCP

Answer 11

Hi

You can also use this one http://www.freedownloadscenter.com/Network_and_Internet/Misc__Networking_Tools/Softerra_LDAP_Browser_Screenshot.html

---

MCP

Answer 12

Leandro,

i tried on my lab and the ldapsearch does not find the "legacyexchangedn" where my project does.

"ldap base dn:" left empty

"object filter:" (&(objectClass=*)(cn=xchm10))

"get all possible attributes" is checked

"scope search" ldap_scope_subtree

the output shows the result of the search but does not provide the user data. i guess i'm not sure what is expected in the "ldap base dn"?

Answer 13

Hi

         Sorry for have you install ldapsearch, use the last link i wrote, from Softerra, that one is much easear to use and have more detail. Thanks

---

MCP

Answer 14

yes LDAP BROWSER is easier to use.

i have to wait to later tonight to try on the production.

Answer 15

Leandro,

i have tried my project on another lab and it fails.

i loaded the LDAP BROWSER and got the log from the query but i can't understand what i'm doing wrong in my project.

can you possibly give some insight?

# Search Request
# Message ID: 74
# Date: 20111110200149.0Z
# Server: ldap://172.19.217.18:389
# Base DN: 
# Search scope: subTree
# Filter: (&(objectClass=*)(cn=xpradmin))
# Attributes: objectclass, subschemaSubentry
# Attributes only: no
# Size limit: 0 (no limit)
# Time limit: 0 (no limit)
# Dereference aliases: 0 (Never)
# Referral chasing: 0x2 (query: Manual, mode: Merge)

# Search Result: Entry
# Message ID: 74
# Date: 20111110200149.0Z
# Server: ldap://172.19.217.18:389
dn: CN=xpradmin,CN=Users,DC=WIN2008LAB
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
subSchemaSubEntry: CN=Aggregate,CN=Schema,CN=Configuration,DC=WIN2008LAB

# Search Result: Done
# Message ID: 74
# Date: 20111110200149.0Z
# Server: ldap://172.19.217.18:389
# Result code: 0 (Success)

Answer 16

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.DirectoryServices;
//for the registry collection
using System.Security.Permissions;
using Microsoft.Win32;

namespace getAD
{
    class Program
    {
        static void Main(string[] args)
        {
            bool isXPR64 = false;

            Console.WriteLine("Enter 0 for all windows 32 bit or 1 for windows 2008 64bit");
            
            try
            {
                switch (Console.ReadLine())
                {
                    case "0":
                        isXPR64 = false;
                        Console.WriteLine("false");
                        break;
                    case "1":
                        isXPR64 = true;
                        Console.WriteLine("true");
                        break;
                }

                //test1();
                //test2();
                //test3();
                //test4();
                //test5();
                //test6();
                //test7(isXPR64);
                //test8(isXPR64);
                //test9();
                //test10(isXPR64);
                test11(isXPR64);
            }
            catch (Exception er)
            {
                string msg = "\r\nSource:\r\n\t" + er.Source + "\r\n" +
                            "Stack trace:\r\n\t" + er.StackTrace + "\r\n" +
                            "Path: \r\n\t" + er.TargetSite + "\r\n" +
                            "Message:\r\n\t" + er.Message + "\r\n" +
                            "Data:\r\n\t" + er.Data + "\r\n" +
                            "Error:\r\n\t" + er.ToString() + "\r\n";
                Console.WriteLine(msg);
                msg = "Arg 0 = " + args[0];
                Console.WriteLine(msg);
            }
        }

        private static void test11(bool isXPR64)
        {
            string sdomain = null, sUser = null, sResult = null;
            RegistryKey regKey = null;
            bool bSuccess = false;

            try
            {
                if (isXPR64 == true)
                {
                    regKey = Registry.LocalMachine.OpenSubKey(@"software\wow6432node\project");
                    sdomain = (string)regKey.GetValue("ADsDomainPath");
                    regKey = Registry.LocalMachine.OpenSubKey(@"software\wow6432node\project");
                    sUser = (string)regKey.GetValue("ACCOUNTDN");
                    regKey.Close();
                }
                else if (isXPR64 == false)
                {
                    regKey = Registry.LocalMachine.OpenSubKey(@"software\project");
                    sdomain = (string)regKey.GetValue("ADsDomainPath");
                    regKey = Registry.LocalMachine.OpenSubKey(@"software\project");
                    sUser = (string)regKey.GetValue("ACCOUNTDN");
                    //regKey.Close();
                }
            }
            catch (Exception er)
            {
                Console.WriteLine("Error in get registry.");
                string msg = "\r\nSource:\r\n\t" + er.Source + "\r\n" +
                            "Stack trace:\r\n\t" + er.StackTrace + "\r\n" +
                            "Path: \r\n\t" + er.TargetSite + "\r\n" +
                            "Message:\r\n\t" + er.Message + "\r\n" +
                            "Data:\r\n\t" + er.Data + "\r\n" +
                            "Error:\r\n\t" + er.ToString() + "\r\n";
                Console.WriteLine(msg);
            }

            try
            {
                Console.WriteLine("Starting (cn) search");

                DirectoryEntry entryRoot = new DirectoryEntry("LDAP://RootDSE");
                string strRoot = (string)entryRoot.Properties["defaultNamingContext"][0];
                string objRoot = "LDAP://" + strRoot;

                Console.WriteLine("ROOTDSE = {0}", strRoot);
                Console.WriteLine("LDAP STRING (search root) = {0}", objRoot);
                Console.WriteLine();

                DirectoryEntry searchRoot = new DirectoryEntry(objRoot);
                DirectorySearcher search = new DirectorySearcher(searchRoot);
                search.Filter = "(&(objectClass=user)(objectCategory=person)(cn=" + sUser + "))";
                
                string legacyexchangedn = null;
                SearchResult result = search.FindOne();
                if (result != null)
                {
                    DirectoryEntry de = result.GetDirectoryEntry();
                    string cn = de.Properties["cn"].Value.ToString();
                    if (de.Properties["legacyexchangedn"].Value != null)
                    {
                        legacyexchangedn = de.Properties["legacyexchangedn"].Value.ToString();
                        Console.WriteLine("User = {0}\r\nDomain = {1}\r\nDomainPath = {2}\r\nLegacyExchangeDN = {3}",
                            cn, strRoot, objRoot, legacyexchangedn);
                        bSuccess = true;
                    }
                }
                else
                    Console.WriteLine("Result is empty for {0}", sUser);
            }
            catch (Exception er)
            {
                Console.WriteLine("Error in get directory entry data for (cn).");
                string msg = "\r\nSource:\r\n\t" + er.Source + "\r\n" +
                            "Stack trace:\r\n\t" + er.StackTrace + "\r\n" +
                            "Path: \r\n\t" + er.TargetSite + "\r\n" +
                            "Message:\r\n\t" + er.Message + "\r\n" +
                            "Data:\r\n\t" + er.Data + "\r\n" +
                            "Error:\r\n\t" + er.ToString() + "\r\n";
                Console.WriteLine(msg);
            }

            if (bSuccess == false)
            {
                try
                {
                    Console.WriteLine("\r\nStarting (sAMAccountName) search");

                    DirectoryEntry entryRoot = new DirectoryEntry("LDAP://RootDSE");
                    string strRoot = (string)entryRoot.Properties["defaultNamingContext"][0];
                    string objRoot = "LDAP://" + strRoot;

                    Console.WriteLine("ROOTDSE = {0}", strRoot);
                    Console.WriteLine("LDAP STRING (search root) = {0}", objRoot);
                    Console.WriteLine();

                    DirectoryEntry searchRoot = new DirectoryEntry(objRoot);
                    DirectorySearcher search = new DirectorySearcher(searchRoot);
                    search.Filter = "(&(objectClass=user)(objectCategory=person)(sAMAccountName=" + sUser + "))";

                    string legacyexchangedn = null;
                    SearchResult result = search.FindOne();
                    if (result != null)
                    {
                        DirectoryEntry de = result.GetDirectoryEntry();
                        string cn = de.Properties["cn"].Value.ToString();
                        if (de.Properties["legacyexchangedn"].Value != null)
                        {
                            legacyexchangedn = de.Properties["legacyexchangedn"].Value.ToString();
                            Console.WriteLine("User = {0}\r\nDomain = {1}\r\nDomainPath = {2}\r\nLegacyExchangeDN = {3}",
                                cn, strRoot, objRoot, legacyexchangedn);
                        }
                    }
                    else
                        Console.WriteLine("Result is empty for {0}", sUser);
                }
                catch (Exception er)
                {
                    Console.WriteLine("Error in get directory entry data (sAMAccountName).");
                    string msg = "\r\nSource:\r\n\t" + er.Source + "\r\n" +
                                "Stack trace:\r\n\t" + er.StackTrace + "\r\n" +
                                "Path: \r\n\t" + er.TargetSite + "\r\n" +
                                "Message:\r\n\t" + er.Message + "\r\n" +
                                "Data:\r\n\t" + er.Data + "\r\n" +
                                "Error:\r\n\t" + er.ToString() + "\r\n";
                    Console.WriteLine(msg);
                }

            }
            Console.ReadLine();

        }//private static void test11(bool isXPR64)
	}        
}

Leandro,

thank you for your assistance. i wanted to let you know i have struggled through this project and got it work well even in my production system where there are over 13,000 users and mixed OUs.

there is no security issues so i will post my code.