Recently I faced a weird issue where I was not able to run the LDAP queries using Directory Services API of .Net for other domains through legitmate user accounts.
If I was logged into Domain xyz.com, and I was able to run the LDAP queries in xyz.com domain, I was not able to run the queries on abc.com AD from xyz.com.
After digging and running through a few links, here is the code change that helped me fix the issue.
Before
Check the DirectoryEntry Path properties, it's set with direct ad domain.
- using (DirectoryEntry rootEntry = new DirectoryEntry())
- {
- rootEntry.Path = $"LDAP://dc=abc,dc=com";
- rootEntry.Username = yourid;
- rootEntry.Password = yourpassword;
-
- using (DirectorySearcher _searcher = new DirectorySearcher(rootEntry))
- {
- _searcher.Filter = filter;
- _searcher.PageSize = 1000;
-
-
- SearchResultCollection _searchResultCollections = _searcher.FindAll();
- }
- }
Fix
Changing the DirectoryEntry Path to explictly connect to the 389 port fixed the issue.
- rootEntry.Path = $"LDAP://abc.com:389/dc=abc,dc=com";
Here is the
MSDN article that explains in detail how the lDAP query search works, that gave me some hints.
Happy coding.