LDAP Query fails sometimes


  • I have an LDAP query failing sometimes.  The LDAP query is used in an ASMX web service.

    Here are the details.

    • .Net 4.5
    • Active Directory Version (unknown possibly latest)
    • Visual Basic

    LDAP Query

    • (&(!(userAccountControl:1.2.840.113556.1.4.803:=2))(objectCategory=person)(objectClass=user)(!(sn=test*))(!(givenName=test*))(!(mail=test*))(!(mail=yy*))(userPrincipalName=*))

    Rough estimate of records

    60 thousand


    	'cred is an object that holds credentials for authenticating with AD
            Dim filterList As String = "(&(!(userAccountControl:1.2.840.113556.1.4.803:=2))(objectCategory=person)(objectClass=user)(!(sn=test*))(!(givenName=test*))(!(mail=test*))(!(mail=yy*))(userPrincipalName=*))"
            Dim directoryEntry As DirectoryEntry = dsEntry
            directoryEntry.Username = cred.Username
            directoryEntry.Password = cred.Password
            directoryEntry.Path = cred.Path
            directoryEntry.AuthenticationType = AuthenticationTypes.Secure
            Dim srch As DirectorySearcher = New DirectorySearcher(dsEntry, filterList, New String() {"uid", "userAccountControl", "sAMAccountName", "userPrincipalName"})
            srch.PageSize = 10000
                Dim srMany As SearchResultCollection = srch.FindAll()
                    Dim enumerator As IEnumerator = srMany.GetEnumerator()
                    While enumerator.MoveNext()
                        Dim srX As SearchResult = CType(enumerator.Current, SearchResult)
                        Dim i As LDAPIdentity = New LDAPIdentity()
                        Dim enabled As Boolean = True
                        Dim addToCollection As Boolean = True
                            Dim uacString As Object = srX.Properties("userAccountControl")(0)
                            Dim disabled As Boolean = ((uacString And 2) > 0)
                            enabled = If(disabled, False, True)
                        Catch exX As Exception
                        End Try
                        If enabled Then
                                i.SAMAccountName = srX.Properties("sAMAccountName")(0).ToString()
                            Catch ex As Exception
                                Throw ex
                            End Try
                                i.UserPrincipalName = srX.Properties("userPrincipalName")(0).ToString()
                            Catch ex As Exception
                            End Try
                        End If
                        If String.IsNullOrEmpty(i.UserPrincipalName) Then
                            addToCollection = False
                        End If
                        If addToCollection Then
                        End If
                    End While
                End Try

    While running this query in Production:

    Here are the recent run times for this query.  It is encapsulated in an ASMX web service.









    Wednesday, March 7, 2018 2:20 PM

All replies

  • You haven't said anything about how it is failing (no results? error?)

    You also have CATCH blocks that either do nothing or simply (and redundantly) re-throw the exception. This is a Bad Thing.

    Get rid of all these CATCH blocks and add an overall TRY/CATCH around the whole thing that logs the exception somewhere and you might see what is going on.

    Wednesday, March 7, 2018 2:25 PM
  • Hi MLOGAN111,

    Thank you for posting here.

    For your question is more related to VB, I will move it to Visual Basic forum for suitable support.

    The CLR Forum discuss and ask questions about .NET Framework Base Classes (BCL) such as Collections, I/O, Regigistry, Globalization, Reflection. Also discuss all the other Microsoft libraries that are built on or extend the .NET Framework, including Managed Extensibility Framework (MEF), Charting Controls, CardSpace, Windows Identity Foundation (WIF), Point of Sale (POS), Transactions.

    Best Regards,


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact

    Thursday, March 8, 2018 2:03 AM
  • I will echo the statement from RJP1973. We would need to see the exception, although in my experience I've seen LDAP queries fail as a result of timeouts, especially when Active Directory is busy processing other requests.

    If I understand your LDAP query, you are getting all users whose account is not disabled, ignoring test accounts? But then in your code you are checking the disabled property again, which should be true because it's already been applied in the filter. Is this correct?

    Paul ~~~~ Microsoft MVP (Visual Basic)

    Thursday, March 8, 2018 1:16 PM