none
Nested LDAP Queries in (.NET4.6) C# using 1.2.840.113556.1.4.1941 syntax RRS feed

  • Question

  •  

    I am building a console app in C# , .NET 4.6.1 to experiment with LDAP Queries using the code is below 

    using (var parentEntry = new DirectoryEntry("LDAP://" + Environment.UserDomainName))
       using (var directorySearch = new DirectorySearcher(parentEntry))
                {
                    directorySearch.PageSize = 10000;
                    directorySearch.Filter = "(objectClass=group)";
                    foreach (SearchResult searchEntry in directorySearch.FindAll())
                        {                      
                            var entry = new DirectoryEntry(searchEntry.GetDirectoryEntry().Path);
                            if (entry.Properties["sAMAccountName"].Value != null)
                            {
                                Console.WriteLine(entry.Properties["sAMAccountName"].Value.ToString());
                            }
                        }                           
                }

    With individual entries returning the values for OU="MyOrg", DC="MyDC" , DC= "ad"  

    Simple flat queries, such as "(objectClass=group)" work fine, but anything more complex involving tree walking always returns an empty set for directorySearch.FindAll().  

    I am sure there is an issue in the filter, & have tried the following variants and I am not sure what I am doing wrong: 

    directorySearch.Filter = "(member:1.2.840.113556.1.4.1941:=cn=MyGrp,OU=MyOrg,DC=MyDC,DC=ad)";
    directorySearch.Filter = "(member:1.2.840.113556.1.4.1941:=cn=MyGrp,OU=*,DC=*,DC=*)";
    directorySearch.Filter = "(member:1.2.840.113556.1.4.1941:=cn=MyGrp)";
    directorySearch.Filter = "(member:1.2.840.113556.1.4.1941:=cn=MyGrp)";name; subtree
    directorySearch.Filter = "(memberOf:1.2.840.113556.1.4.1941:=cn=MyGrp,OU=MyOrg,DC=MyDC,DC=ad)";
    directorySearch.Filter = "(memberOf:1.2.840.113556.1.4.1941:=cn=MyGrp,OU=*,DC=*,DC=*)";
    directorySearch.Filter = "(memberOf:1.2.840.113556.1.4.1941:=cn=MyGrp)";
    directorySearch.Filter = "(memberOf:1.2.840.113556.1.4.1941:=cn=MyGrp)";name; subtree

    With the following parm set or un set for each attempt      

      //     directorySearch.SearchScope = SearchScope.Subtree;

    I wish to query both a user's AD membership and the member / memberof / groups attributes for mid tree AD Groups ( like Group B below )    

    Group A

         -Group B 

              -Group C

                      - User1

                      - User2

    I already have a tree walk solution for that, but its quite slow,& this approach is meant to be quicker.  

    All ideas gratefully received

    I am confident that the problem is in the query filter, but I have never used LDAP queries before 

                           

    Thanks, Richard



    Tuesday, October 22, 2019 11:44 AM

All replies

  • Hi Richard,

    Thank you for posting here.

    I am not familiar with LDAP query format, but I find the following link may be a useful link for you.

    Searching specific folder, Active Directory

    Besides, I think your question may be related to AD. So you could post it in their forum.

    Best Regards,

    Jack


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Wednesday, October 23, 2019 9:05 AM
    Moderator
  • Hi Jack

    Thank you for the reply. The link has given me a few things to try

    Best Regards Richard


    Richard

    Wednesday, October 23, 2019 9:53 AM