locked
System.DirectoryServices.DirectorySearcher Problems RRS feed

  • Question

  • User-1235702106 posted
    I have just begun exploring AD and hopefully soon will explore ADAM. Basically what I am doing is exploring the Namespace System.DirectoryServices and am hoping to get familiar with the functions and results. Any help or guidance would be greatly appreciated. I am trying to search our active directory for a users name but I get unusual error messages. The code I am using to perform the search is below. This is a web application. Private Sub Page_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load Dim entry As New DirectoryServices.DirectoryEntry("LDAP://website.com/DC=website,DC=com") Dim mySearcher As New System.DirectoryServices.DirectorySearcher(entry) Dim result As System.DirectoryServices.SearchResult mySearcher.Filter = ("(anr= John)") For Each result In mySearcher.FindAll() <----------- Line 32 Response.Write(result.GetDirectoryEntry().Path) Next End Sub The error I am getting is: An operations error occurred Exception Details: System.Runtime.InteropServices.COMException: An operations error occurred [COMException (0x80072020): An operations error occurred] System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) +516 System.DirectoryServices.DirectoryEntry.Bind() +10 System.DirectoryServices.DirectoryEntry.get_AdsObject() +10 System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne) +198 System.DirectoryServices.DirectorySearcher.FindAll() +10 Intranet.ADTest.Page_Load(Object sender, EventArgs e) in C:\xxx\xxx\xxx\xxx\xxx\ADTest.aspx.vb:32 System.Web.UI.Control.OnLoad(EventArgs e) +67 System.Web.UI.Control.LoadRecursive() +35 System.Web.UI.Page.ProcessRequestMain() +731
    Tuesday, June 29, 2004 11:55 AM

All replies

  • User-1235702106 posted
    Weird. I created a new project and pasted the code into that and it worked. hmmm
    Tuesday, June 29, 2004 1:26 PM
  • User1354132231 posted
    The .FindAll() invokes a bind to the Directory, which will try and pass your credentials. If you are using a web app, it typically runs under ASPNET or NETWORK SERVICE account and those credentials typically don't have permission on the domain. When you pasted into a Winform app, your underlying credentials are transferred when the app runs in your security context. If you have permission on the domain, then your WinForm app will as well.
    Tuesday, June 29, 2004 2:27 PM
  • User1041807581 posted
    Is there any way that you can grant the Network Service read permission to the active directory?
    Wednesday, July 5, 2006 6:46 AM
  • User1354132231 posted
    This error indicates that your security context does not have access to AD.  Read the 'READ ME FIRST' post at the top of this forum here that explains why this is.
    Wednesday, July 5, 2006 10:09 AM
  • User1354132231 posted
    Is there any way that you can grant the Network Service read permission to the active directory?

    No, the account must be a domain account to have access to AD and Network Service is a local account*.

    *- unless you did something silly like install IIS on a domain controller.
    Wednesday, July 5, 2006 10:10 AM