none
Can't get departmentNumber or employeeID using System.DirectoryServices.DirectorySearcher

    Question

  • I am trying to use the DirectorySearcher class to pull attributes from Active Directory.  All seems to work fine with the exception of departmentNumber and employeeID.  I assume it may be because they are numbers and there is some type of casting issue.  Can anyone tell me what I am doing wrong?

    Below is the block of code that I am searching with.  All other attributes are returned fine.  

    I've only been working in C# for a couple of months now, so please use very small words in any explanations. :o)

    //Define AD path
    DirectoryEntry adpath = new DirectoryEntry("GC://OU=Domain Users,DC=fake,DC=domain,DC=com");
                    
    string dsUserFilter = "(samaccountname=" + ddSAMAccountName.SelectedItem.Text + ")";
    
    string[] FieldsToReturn = {"displayname", "samaccountname", "departmentNumber", "employeeID", "givenName", "sn", "initials", "telephoneNumber", "otherTelephone", "mobile", "facsimileTelephoneNumber", "physicalDeliveryOfficeName", "streetAddress", "postOfficeBox", "l", "st", "postalCode", "co", "title", "department", "company", "manager", "extensionAttribute1", "extensionAttribute2", "extensionAttribute3", "extensionAttribute9", "extensionAttribute10", "extensionAttribute11"};
    
    //Search AD for uses and put attributes in a list collection
    using (DirectorySearcher dsUser = new DirectorySearcher(adpath, dsUserFilter, FieldsToReturn))

    Monday, April 10, 2017 9:03 PM

Answers

  • The departmentNumber and employeeID attributes are both string attributes, just like the others. The difference is that neither is in the Global Catalog, and you specify the GC: provider. You should retrieve the values if you specify the LDAP: provider instead.

    I need to check if all of the others you list are in the GC by default. Of course your AD may have been modified so the attributes you specify are in the GC, even though they might not be by default.

    Edit: By default the initials, otherTelephone, facsimileTelephoneNumber, physicalDeliveryOfficeName, postOfficeBox, postalCode, co, title, department, and company attributes are not in the GC (unless they got added in the latest releases of Windows Server). I don't know about the extension attributes, as they are added by Exchange.

    Edit: This command line statement will list all attributes in the PAS (Partial Attribute Set), that is replicated to the GC, in your environment:

    dsquery * "cn=Schema,cn=Configuration,dc=mydomain,dc=com" -Filter "(isMemberOfPartialAttributeSet=TRUE)" -Attr lDAPDisplayName

    Or you can use this PowerShell AD cmdlet:

    Get-ADObject -SearchBase "cn=Schema,cn=Configuration,dc=mydomain,dc=com" -LDAPFilter "(isMemberOfPartialAttributeSet=TRUE)" -Properties lDAPDisplayName | Select lDAPDisplayName

    where you substitute your domain in the path to the Configuration partition (container) of AD.


    Richard Mueller - MVP Enterprise Mobility (Identity and Access)



    • Edited by Richard MuellerMVP Monday, April 10, 2017 10:46 PM
    • Marked as answer by Will73 Monday, April 10, 2017 11:59 PM
    Monday, April 10, 2017 10:26 PM

All replies

  • The departmentNumber and employeeID attributes are both string attributes, just like the others. The difference is that neither is in the Global Catalog, and you specify the GC: provider. You should retrieve the values if you specify the LDAP: provider instead.

    I need to check if all of the others you list are in the GC by default. Of course your AD may have been modified so the attributes you specify are in the GC, even though they might not be by default.

    Edit: By default the initials, otherTelephone, facsimileTelephoneNumber, physicalDeliveryOfficeName, postOfficeBox, postalCode, co, title, department, and company attributes are not in the GC (unless they got added in the latest releases of Windows Server). I don't know about the extension attributes, as they are added by Exchange.

    Edit: This command line statement will list all attributes in the PAS (Partial Attribute Set), that is replicated to the GC, in your environment:

    dsquery * "cn=Schema,cn=Configuration,dc=mydomain,dc=com" -Filter "(isMemberOfPartialAttributeSet=TRUE)" -Attr lDAPDisplayName

    Or you can use this PowerShell AD cmdlet:

    Get-ADObject -SearchBase "cn=Schema,cn=Configuration,dc=mydomain,dc=com" -LDAPFilter "(isMemberOfPartialAttributeSet=TRUE)" -Properties lDAPDisplayName | Select lDAPDisplayName

    where you substitute your domain in the path to the Configuration partition (container) of AD.


    Richard Mueller - MVP Enterprise Mobility (Identity and Access)



    • Edited by Richard MuellerMVP Monday, April 10, 2017 10:46 PM
    • Marked as answer by Will73 Monday, April 10, 2017 11:59 PM
    Monday, April 10, 2017 10:26 PM
  • You're absolutely correct!  As soon as I switched to LDAP all started working.  I knew it had to be something simple that I was missing.  Thanks for your help!

    Monday, April 10, 2017 11:59 PM