none
LDAP Query fails sometimes

    Question

  • I have an LDAP query failing sometimes.  The LDAP query is used in an ASMX web service.

    Here are the details.

    • .Net 4.5
    • Active Directory Version (unknown possibly latest)
    • Visual Basic

    LDAP Query

    • (&(!(userAccountControl:1.2.840.113556.1.4.803:=2))(objectCategory=person)(objectClass=user)(!(sn=test*))(!(givenName=test*))(!(mail=test*))(!(mail=yy*))(userPrincipalName=*))

    Rough estimate of records

    60 thousand

    Code

    	'cred is an object that holds credentials for authenticating with AD
    
            Dim filterList As String = "(&(!(userAccountControl:1.2.840.113556.1.4.803:=2))(objectCategory=person)(objectClass=user)(!(sn=test*))(!(givenName=test*))(!(mail=test*))(!(mail=yy*))(userPrincipalName=*))"
            Dim directoryEntry As DirectoryEntry = dsEntry
            directoryEntry.Username = cred.Username
            directoryEntry.Password = cred.Password
            directoryEntry.Path = cred.Path
            directoryEntry.AuthenticationType = AuthenticationTypes.Secure
            Dim srch As DirectorySearcher = New DirectorySearcher(dsEntry, filterList, New String() {"uid", "userAccountControl", "sAMAccountName", "userPrincipalName"})
            srch.PageSize = 10000
            Try
                Dim srMany As SearchResultCollection = srch.FindAll()
                Try
                    Dim enumerator As IEnumerator = srMany.GetEnumerator()
                    While enumerator.MoveNext()
                        Dim srX As SearchResult = CType(enumerator.Current, SearchResult)
                        Dim i As LDAPIdentity = New LDAPIdentity()
                        Dim enabled As Boolean = True
                        Dim addToCollection As Boolean = True
    
                        Try
                            Dim uacString As Object = srX.Properties("userAccountControl")(0)
                            Dim disabled As Boolean = ((uacString And 2) > 0)
                            enabled = If(disabled, False, True)
    
                        Catch exX As Exception
    			
                        End Try
    
                        If enabled Then
                            Try
                                i.SAMAccountName = srX.Properties("sAMAccountName")(0).ToString()
                            Catch ex As Exception
                                Throw ex
                            End Try
                            Try
                                i.UserPrincipalName = srX.Properties("userPrincipalName")(0).ToString()
                            Catch ex As Exception
                            End Try
                        End If
    
                        If String.IsNullOrEmpty(i.UserPrincipalName) Then
                            addToCollection = False
                        End If
    
                        If addToCollection Then
                            Identities.Add(i)
                        End If
    
                    End While
                Finally
                End Try

    While running this query in Production:

    Here are the recent run times for this query.  It is encapsulated in an ASMX web service.

    7seconds

    8seconds

    8seconds

    102seconds

    failure

    failure

    9seconds

    11seconds


    Wednesday, March 7, 2018 2:20 PM

All replies

  • You haven't said anything about how it is failing (no results? error?)

    You also have CATCH blocks that either do nothing or simply (and redundantly) re-throw the exception. This is a Bad Thing.

    Get rid of all these CATCH blocks and add an overall TRY/CATCH around the whole thing that logs the exception somewhere and you might see what is going on.

    Wednesday, March 7, 2018 2:25 PM
  • Hi MLOGAN111,

    Thank you for posting here.

    For your question is more related to VB, I will move it to Visual Basic forum for suitable support.

    The CLR Forum discuss and ask questions about .NET Framework Base Classes (BCL) such as Collections, I/O, Regigistry, Globalization, Reflection. Also discuss all the other Microsoft libraries that are built on or extend the .NET Framework, including Managed Extensibility Framework (MEF), Charting Controls, CardSpace, Windows Identity Foundation (WIF), Point of Sale (POS), Transactions.

    Best Regards,

    Wendy


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Thursday, March 8, 2018 2:03 AM
  • I will echo the statement from RJP1973. We would need to see the exception, although in my experience I've seen LDAP queries fail as a result of timeouts, especially when Active Directory is busy processing other requests.

    If I understand your LDAP query, you are getting all users whose account is not disabled, ignoring test accounts? But then in your code you are checking the disabled property again, which should be true because it's already been applied in the filter. Is this correct?


    Paul ~~~~ Microsoft MVP (Visual Basic)

    Thursday, March 8, 2018 1:16 PM