Directory Programming .NET

I am using the following code to populate a listbox with all the user names in AD

I get a unhandled error on the line i marked with asterick * can anyione tell me whaat is going on

her or what i need to do to fix this??

Many thanks

Public Shared Function GetUsers() As List(Of ADODSUser)
        Dim users As New List(Of ADODSUser)

        'Get the name of your domain in distinguishedName format
        Dim defaultNamingContext As String
        Using rootDSE As New DirectoryEntry("LDAP://RootDSE")
            defaultNamingContext = rootDSE.Properties("defaultNamingContext").Value.ToString()
        End Using

        'Create the ADsPath for the searchRoot
        Dim SearchRootADsPath As String = [String].Format("LDAP://OU=CS Users,OU=CS,OU=HO,{0}", defaultNamingContext)

        'Search the directory, and allow for > 1000 users to be returned
        Using searchRoot As New DirectoryEntry(SearchRootADsPath)
            Using ds As New DirectorySearcher(searchRoot)
                ds.Filter = "(&(objectClass=user)(objectCategory=person))"
                ds.SearchScope = SearchScope.Subtree
                ds.PageSize = 1000

                'Iterate over the results and add entries to the List
        ******    Using src As SearchResultCollection = ds.FindAll()
                    For Each sr As SearchResult In src
                        users.Add(New ADODSUser(sr.Properties("samAccountName")(0).ToString(), sr.Properties("distinguishedName")(0).ToString()))
                    Next
                End Using
            End Using
        End Using
        Return users
    End Function

What is the error and the stack trace?  My guess is that there is something wrong with the path you are specifying for your search root, but it would be hard to know without seeing your directory structure.

I just get and unhandled Com exception ,, how do i produce  a stack trace??

I know the structure and the ou accounts i need to query however i am still a little unsure

of the syntax for the "LDAP path???? Is ther anywhere wher it describes in detail what goes where??

 

Calling ToString() on the exception that is thrown will produce the stack trace.

Using src As SearchResultCollection = ds.FindAll().ToString()  ???????

This code throws a COMException.  Call ToString on the COMException that gets thrown.  You may need to implement a catch block to catch it.

here is what i got on the trace:

System.Runtime.InteropServices.COMException was unhandled
  ErrorCode=-2147467259
  Message="Unspecified error
"
  Source="System.DirectoryServices"
  StackTrace:
       at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
       at System.DirectoryServices.DirectoryEntry.Bind()
       at System.DirectoryServices.DirectoryEntry.get_AdsObject()
       at System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne)
       at System.DirectoryServices.DirectorySearcher.FindAll()
       at ADTester.Form1.GetUsers() in C:\Documents and Settings\meymit\My Documents\Visual Studio 2005\Projects\ADTester\ADTester\Form1.vb:line 17
       at ADTester.Form1.Form1_Load(Object sender, EventArgs e) in C:\Documents and Settings\meymit\My Documents\Visual Studio 2005\Projects\ADTester\ADTester\Form1.vb:line 29
       at System.EventHandler.Invoke(Object sender, EventArgs e)
       at System.Windows.Forms.Form.OnLoad(EventArgs e)
       at System.Windows.Forms.Form.OnCreateControl()
       at System.Windows.Forms.Control.CreateControl(Boolean fIgnoreVisible)
       at System.Windows.Forms.Control.CreateControl()
       at System.Windows.Forms.Control.WmShowWindow(Message& m)
       at System.Windows.Forms.Control.WndProc(Message& m)
       at System.Windows.Forms.ScrollableControl.WndProc(Message& m)
       at System.Windows.Forms.ContainerControl.WndProc(Message& m)
       at System.Windows.Forms.Form.WmShowWindow(Message& m)
       at System.Windows.Forms.Form.WndProc(Message& m)
       at System.Windows.Forms.Control.ControlNativeWindow.OnMessage(Message& m)
       at System.Windows.Forms.Control.ControlNativeWindow.WndProc(Message& m)
       at System.Windows.Forms.NativeWindow.DebuggableCallback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)
       at System.Windows.Forms.SafeNativeMethods.ShowWindow(HandleRef hWnd, Int32 nCmdShow)
       at System.Windows.Forms.Control.SetVisibleCore(Boolean value)
       at System.Windows.Forms.Form.SetVisibleCore(Boolean value)
       at System.Windows.Forms.Control.set_Visible(Boolean value)
       at System.Windows.Forms.Application.ThreadContext.RunMessageLoopInner(Int32 reason, ApplicationContext context)
       at System.Windows.Forms.Application.ThreadContext.RunMessageLoop(Int32 reason, ApplicationContext context)
       at System.Windows.Forms.Application.Run(ApplicationContext context)
       at Microsoft.VisualBasic.ApplicationServices.WindowsFormsApplicationBase.OnRun()
       at Microsoft.VisualBasic.ApplicationServices.WindowsFormsApplicationBase.DoApplicationModel()
       at Microsoft.VisualBasic.ApplicationServices.WindowsFormsApplicationBase.Run(String[] commandLine)
       at ADTester.My.MyApplication.Main(String[] Args) in 17d14f5c-a337-4978-8281-53493378c1071.vb:line 81
       at System.AppDomain.nExecuteAssembly(Assembly assembly, String[] args)
       at System.AppDomain.ExecuteAssembly(String assemblyFile, Evidence assemblySecurity, String[] args)
       at Microsoft.VisualStudio.HostingProcess.HostProc.RunUsersAssembly()
       at System.Threading.ThreadHelper.ThreadStart_Context(Object state)
       at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
       at System.Threading.ThreadHelper.ThreadStart()

This looks to be a classic case of using non-domain credentials to attempt access to AD.  Whatever process is running this needs to be a domain account.  If this is in IIS, you need to run it under a domain identity in the app pool.  If you have the book, we go into quite a bit of detail on this in Chapter 8.

---

Ryan Dunn
Extemporaneous Mumblings
The .NET Developer's Guide to Directory Services Programming

The other thing is that this error actually usually corresponds to "invalid path name" which means that the path specified for the directoryentry is wrong (which is what I suspected in the first place).

What is the exact value of the path parameter passed to the DirectoryEntry here?

here is what i know the domain is ministryhealth.net  the users are in HYHCUSers OU whick is in the HYHC OU, the domain controler is dchyhcmin01,,, i have adminisrator rights

i thougt ROOT DSe would find any domain and bind to it?? without hafving to specify path??

 

thanks

The RootDSE does not require credentials to check the value of 'defaultNamingContext'.  It is intentionally used for anonymous access to read and bootstrap the process.  So, just because you can use the 'defaultNamingContext' does not mean you can read the directory otherwise.

Now, since you are using a Windows Forms application, this means that it will run under the security context of the current user.  If you are logged into the workstation (CTRL-ALT-DEL) as a domain user or the administrator in the domain, you would have sufficient credentials.

This means that Joe is likely right that you have a mistake in the LDAP:// path you are using.  If you take a look at:

[String].Format("LDAP://OU=CS Users,OU=CS,OU=HO,{0}", defaultNamingContext)

This path is likely incorrect.  You can check this using ldp.exe or the ADUC MMC.  To workaround this for now, simply use the 'defaultNamingContext' and do not add to it.  It will be a wider scoped search, but should be fine if you have a decent query filter (with index).

---

Ryan Dunn
Extemporaneous Mumblings
The .NET Developer's Guide to Directory Services Programming

So like this ??

Public Shared Function GetUsers() As List(Of ADODSUser)
        Dim users As New List(Of ADODSUser)

        'Get the name of your domain in distinguishedName format
        Dim defaultNamingContext As String
        Using rootDSE As New DirectoryEntry("LDAP://RootDSE")
            defaultNamingContext = rootDSE.Properties("defaultNamingContext").Value.ToString()
        End Using

        'Create the ADsPath for the searchRoot
     ***   Dim SearchRootADsPath As String = [String].Format("LDAP://", defaultNamingContext)

        'Search the directory, and allow for > 1000 users to be returned
        Using searchRoot As New DirectoryEntry(SearchRootADsPath)
            Using ds As New DirectorySearcher(searchRoot)
                ds.Filter = "(&(objectClass=user)(objectCategory=person))"
                ds.SearchScope = SearchScope.Subtree
                ds.PageSize = 1000

                'Iterate over the results and add entries to the List
        ******    Using src As SearchResultCollection = ds.FindAll()
                    For Each sr As SearchResult In src
                        users.Add(New ADODSUser(sr.Properties("samAccountName")(0).ToString(), sr.Properties("distinguishedName")(0).ToString()))
                    Next
                End Using
            End Using
        End Using
        Return users
    End Function

Something like that could work. 

In your previous code, you were trying to search within a specific part of the OU and here you are not.  Is it important to do so?  If it is, then you need to figure out the right path to use for your search root.  Otherwise, this could be fine.  It depends on whether or not you can use serverless binding and default credentials as well.

yes what i need is the correct LDAP association for the following

ministryhealth.net

ou-hyhc

ou-HYHCUsers

then another LDAP to

ministryhealth.net

ou-shsm

ou-users

I have login credentials with pass thru i believe i can access admin functions without a password already

Thanks

As always, I recommend using the tool ldp.exe to examine your LDAP directory and look at things like distinguished names to make sure you know what they really are.  You can also perform searches for some of these objects to get their distinguished names dynamically if you wish.