开发者

Could not query AD without distinguished name in SearchRequest?

问答 作者:

I am running a test Active directory and am trying to query with ldap. I created a searchrequest object with distingueshed name empty and a filter this is开发者_如何转开发 throwing noSuchObject error code with "object does not exist" message. I am only getting this from my test AD , if I use my company's production AD I am not getting exception, just a response with no hit. What do I need to change in my test AD to see similar behaviour ?

You can use a PrincipalSearcher and a "query-by-example" principal to do your searching:

// create your domain context
PrincipalContext ctx = new PrincipalContext(ContextType.Domain);

// define a "query-by-example" principal - here, we search for a UserPrincipal 
// and with specified last name (surname)
UserPrincipal qbeUser = new UserPrincipal(ctx);
qbeUser.Surname = "Willis";

// create your principal searcher passing in the QBE principal    
PrincipalSearcher srch = new PrincipalSearcher(qbeUser);

// find all matches
foreach(var found in srch.FindAll())
{
    // do whatever here - "found" is of type "Principal" - it could be user, group, computer.....          
}

If you haven't already - absolutely read the MSDN article Managing Directory Security Principals in the .NET Framework 3.5 which shows nicely how to make the best use of the new features in System.DirectoryServices.AccountManagement

Of course, depending on your need, you might want to specify other properties on that "query-by-example" user principal you create:

  • Surname (or last name)
  • DisplayName (typically: first name + space + last name)
  • SAM Account Name - your Windows/AD account name
  • User Principal Name - your "username@yourcompany.com" style name

You can specify any of the properties on the UserPrincipal and use those as "query-by-example" for your PrincipalSearcher.

@marc_s answered by giving you a way of searching

Back to your question, just a recall :

A LDAP search is

  1. The nod from which you ask to begin the search (in your case the DN of your OU)
  2. The scope of your search (base, onelevel, subtree)
  3. The filter of your search ((objectClass=group))
  4. The attributes you want to retreive

In you case it works when your ADSI layer is able to find a default Domain. So I think that you have to create a real LDAP-SEARCH request en perhaps also give credentials.

Thanks for the other answers. I solved my problem by using GC port 3268 instead of DC port 389 in the connection.

继续阅读:active-directorydistinguishedname

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9