Hi I would like to avoid printing certain rows (valid accounts) in my foreach loop (in GetSAM)as opposed to printing everything.
When I try to do so by commenting away the line (in valSAM) that prints the valid accounts, the will be a blank in the area where a valid account once was. I understand that this is because the foreach loops through all the variables in the database.
How am I able to remove the gaps between the output?
GetSAM:
//Get SAMAccount
private static string GetSAM(string ldapAddress, string serviceAccountUserName, string serviceAccountPassword)
{
string ldapPath = "LDAP://" + ldapAddress;
string ldapFilter = "(&(objectclass=user)(objectcategory=person))";
DirectoryEntry directoryEntry = new DirectoryEntry(ldapPath, serviceAccountUserName, serviceAccountPassword);
string readOutput;
List<string> list = new List<string>();
List<int> invalid = new List<int>();
using (DirectorySearcher directorySearcher = new DirectorySearcher(directoryEntry))
{
string samAccountName;
directorySearcher.Filter = ldapFilter;
directorySearcher.SearchScope = SearchScope.Subtree;
directorySearcher.PageSize = 1000;
using (SearchResultCollection searchResultCollection = directorySearcher.FindAll())
{
**foreach (SearchResult result in searchResultCollection)
{
samAccountName = result.Properties["sAMAccountName"][0].ToString();
if (valSAM(samAccountName, ldapAddress, serviceAccountUserName, serviceAccountPassword)!= true)
{
invalid.Add('1');
}
list.Add(samAccountName);
} //end of foreach**
// Count all accounts
int totalAccounts = list.Count;
// Count all invalid accounts
int invalidAccounts = invalid.Count;
Console.WriteLine("Found " + invalidAccounts + " invalid accounts out of " + totalAccounts + " user accounts.\nQuery in " + ldapAddress + " has finished.\n");
Console.WriteLine("Press [enter] to continue.\n");
readOutput = Console.ReadLine();
}//SearchResultCollection will be disposed here
}
return readOutput;
}
valSAM:
//Validate SAMAccount
private static bool valSAM(string samAccountName, string ldapAddress, string serviceAccountUserName, string serviceAccountPassword)
{
string ldapPath = "LDAP://" + ldapAddress;
DirectoryEntry directoryEntry = new DirectoryEntry(ldapPath, serviceAccountUserName, serviceAccountPassword);
StringBuilder builder = new StringBuilder();
bool accountValidation = false;
//create instance fo the directory searcher
DirectorySearcher desearch = new DirectorySearcher(directoryEntry);
//set the search filter
desearch.Filter = "(&(sAMAccountName=" + samAccountName + ")(objectcategory=user))";
//find the first instance
SearchResult results = desearch.FindOne();
using (PrincipalContext pc = new PrincipalContext(ContextType.Domain, ldapAddress))
{
//if users are present in database
if (results != null)
{
//Check if account is activated
bool isAccountActived = IsActive(results.GetDirectoryEntry());
//Check if account is expired or locked
bool isAccountLocked = IsAccountLockOrExpired(results.GetDirectoryEntry());
accountValidation = ((isAccountActived != true) || (isAccountLocked));
//account is invalid
if (accountValidation)
{
builder.Append("User account " + samAccountName + " is invalid. ");
if ((isAccountActived != true) && (isAccountLocked))
{
builder.Append("Account is inactive and locked or expired.").Append('\n'); ;
} else if (isAccountActived != true)
{
builder.Append("Account is inactive.").Append('\n'); ;
}
else if (isAccountLocked)
{
builder.Append("Account is locked or has expired.").Append('\n'); ;
}
else
{
builder.Append("Unknown reason for status. Contact admin for help.").Append('\n'); ;
}
accountValidation = false;
}
//account is valid
if ((isAccountActived) && (isAccountLocked != true))
{
**//builder.Append("User account " + samAccountName + " is valid.").Append('\n');
accountValidation = true;
}
}
else Console.WriteLine("Nothing found.");
Console.WriteLine(builder);
}//end of using
return accountValidation;
}
You probably want to only write if builder has something otherwise it will print an empty line. Namely, change
Console.WriteLine(builder);
to
if (builder.Length > 0)
{
Console.WriteLine(builder);
}
or just
Console.Write(builder);
if you're going to handle all of the new lines in the builder itself. If you're going to do that, use StringBuilder.AppendLine() instead of hardcoding the '\n' like that.
StringBuilder.AppendLine https://msdn.microsoft.com/en-us/library/system.text.stringbuilder.appendline(v=vs.110).aspx
Related
I'm trying to extract the values of a SharePoint list to use with Revit to update the status parameters of some elements and after many tries I can connect and get the values if I know the keys for the dictionary inside every ListItem, but there are many problems with this approach.
The first one is the need to know the keys, sometimes the key is changed because of encoding, It would be more productive for me to get all the list values at one time. I tried to use a GetDataTable like some tutorials, but it appears that this don't work with the client.
The second is sometimes I can't get the value of the List but a description of the value, like "Microsoft.SharePoint.Client.FieldLookupValue".
Can someone help me with this issue? Bellow is the code I'm using.
using Microsoft.SharePoint.Client;
using System;
using System.Security;
namespace ConsoleTESTES
{
class Program
{
static void Main(string[] args)
{
string username = "USERNAME";
string siteURL = "SITEURL";
SecureString password = GetPassword();
GetAllWebProperties(siteURL, username, password);
}
public static void GetAllWebProperties(string siteURL, string username, SecureString password)
{
using (var context = new ClientContext(siteURL))
{
context.Credentials = new SharePointOnlineCredentials(username, password);
Web web = context.Web;
context.Load(web);
context.ExecuteQuery();
Console.WriteLine("Title: " + web.Title + "; URL: " + web.Url);
// Assume the web has a list named "Announcements".
//List lista = context.Web.Lists.GetByTitle("Lista teste");
List lista = context.Web.Lists.GetByTitle("LIST");
// This creates a CamlQuery that has a RowLimit of 100, and also specifies Scope="RecursiveAll"
// so that it grabs all list items, regardless of the folder they are in.
CamlQuery query = CamlQuery.CreateAllItemsQuery();
ListItemCollection items = lista.GetItems(query);
// Retrieve all items in the ListItemCollection from List.GetItems(Query).
context.Load(items);
context.ExecuteQuery();
//GET VALUES FROM LISTITEM
foreach (ListItem listItem in items)
{
Console.WriteLine(listItem["Setor"] + " " + "|" + " "
+ listItem["LocalServico"] + " " + "|" + " "
+ listItem["Equipe"] + " " + "|" + " "
+ listItem["Confeccao"]);
}
Console.ReadLine();
}
}
public static SecureString GetPassword()
{
ConsoleKeyInfo info;
SecureString securePassword = new SecureString();
do
{
info = Console.ReadKey();
if (info.Key != ConsoleKey.Enter)
{
securePassword.AppendChar(info.KeyChar);
}
}
while (info.Key != ConsoleKey.Enter);
return securePassword;
}
}
}
You could get the values from the fields collection, but be warned that some special types of fields might require special treatment for the values and that you might not need to get all the values from the server (you can probably reduce your payload):
var items = lista.GetItems(query);
var fields = list.Fields;
var fieldsToIgnore = new[] { "ContentType", "Attachments" };
context.Load(items);
context.Load(fields);
context.ExecuteQuery();
foreach (ListItem listItem in items)
{
foreach (Field field in fields)
{
if (!fieldsToIgnore.Contains(fld.InternalName))
Console.WriteLine(item[field.InternalName]);
}
}
There are some fields that might not be loaded by default of that you might not need, so I have included the fieldsToIgnore to make your test easier.
After some search I found this solution to my FieldLookUpTable, to avoid errors if the item is null I added a if statement, but I could access the value with (listItem["Setor"] as FieldLookupValue).LookupValue. Here my messy code to check if is a LookupValue and get the value. Now I need to implement Pedro's solution to get all the values without the need to write everyone.
String setor = "";
String localServico = "";
String confeccao = "";
if (listItem["Setor"] != null && listItem["Setor"].ToString() == "Microsoft.SharePoint.Client.FieldLookupValue")
{
setor = (listItem["Setor"] as FieldLookupValue).LookupValue;
}
else if (listItem["Setor"] != null && listItem["Setor"].ToString() != "Microsoft.SharePoint.Client.FieldLookupValue")
{
setor = listItem["Setor"].ToString();
}
if (listItem["LocalServico"] != null && listItem["LocalServico"].ToString() == "Microsoft.SharePoint.Client.FieldLookupValue")
{
localServico = (listItem["LocalServico"] as FieldLookupValue).LookupValue;
}
else if (listItem["LocalServico"] != null && listItem["LocalServico"].ToString() != "Microsoft.SharePoint.Client.FieldLookupValue")
{
localServico = listItem["LocalServico"].ToString();
}
if (listItem["Confeccao"] != null && listItem["Confeccao"].ToString() == "Microsoft.SharePoint.Client.FieldLookupValue")
{
confeccao = (listItem["Confeccao"] as FieldLookupValue).LookupValue;
}
else if (listItem["Confeccao"] != null && listItem["Confeccao"].ToString() != "Microsoft.SharePoint.Client.FieldLookupValue")
{
confeccao = listItem["Confeccao"].ToString();
}
Console.WriteLine(setor + " " + "|" + " "
+ localServico + " " + "|" + " "
+ confeccao);
Have a utility I wrote that checks (among other things) the last time a set of servers was rebooted. This works great as long as the servers are all within my domain and the user launching the app have rights on the servers. Added a section where the user can specify alternative credentials, in our case specifically to deal with another domain. The credentials I am feeding into have domain admin rights on the destination domain, yet my code is getting an Access Denied (Unauthorized Access) error.
thanks!
private void btnLastReboot_Click(object sender, EventArgs e)
{
ConnectionOptions conOpts = new ConnectionOptions();
if (selectedList.Count > 0)
{
Cursor currentCursor = Cursor.Current;
Cursor.Current = Cursors.WaitCursor;
stripProgress.Visible = true;
stripProgress.Minimum = 0;
stripProgress.Maximum = selectedList.Count();
stripProgress.Step = 1;
stripProgress.Value = 0;
rtfOut.SelectionTabs = new int[] { 100, 200 };
rtfOut.Text = "";
var sq = new SelectQuery("Win32_OperatingSystem");
if (prefs.useCurrentUser == true)
{
// Setting all fields to NULL causes current user info to be used
conOpts.Username = null;
conOpts.Password = null;
conOpts.Authority = null;
}
else
{
conOpts.Username = prefs.userName;
conOpts.Password = prefs.password.ToString();
conOpts.Authority = "ntlmdomain:" + prefs.domain;
}
foreach (ServerList anEntry in selectedList)
{
stripProgress.Value++;
try
{
var mgmtScope = new ManagementScope("\\\\" + anEntry.ServerName + "\\root\\cimv2", conOpts);
mgmtScope.Connect();
var mgmtSearcher = new ManagementObjectSearcher(mgmtScope, sq);
foreach (var item in mgmtSearcher.Get())
{
var lastBoot = item.GetPropertyValue("LastBootUpTime").ToString();
DateTime lboot = ManagementDateTimeConverter.ToDateTime(lastBoot);
rtfOut.Text += anEntry.ServerName + "\t";
if(anEntry.ServerName.Length <= 9)
{
rtfOut.Text += "\t";
}
rtfOut.Text += lboot.ToLongDateString() + " (" + lboot.ToLongTimeString() + ")\r\n";
}
}
catch (Exception ex)
{
if (ex is UnauthorizedAccessException)
{
rtfOut.Text += anEntry.ServerName + "\t <Access Denied>\r\n";
}
else
{
rtfOut.Text += anEntry.ServerName + "\t <not responding>\r\n";
}
}
}
stripProgress.Visible = false;
Cursor.Current = currentCursor;
}
}
Had to sleep on it, but the answer finally hit me in the shower...
I store the password the user provides in a SecureString variable, but the ConnectionOptions' password field expects the value as a clear string. I was able to test this by temporarily hard coding a password in, which then worked. The final solution was to convert the SecureString to a clear string and then assign it to the ConnectionOption.
If anyone is curious, I used this bit to convert the password back:
string password = new System.Net.NetworkCredential(string.Empty, securePassword).Password;
I am using the below code for login in using Ldap Authentication in ASP.net. However, I don't know how to pass the values from plain-text to this code. I want to run this through button click.
public class LdapAuthentication
{
private string _path;
private string _filterAttribute;
public LdapAuthentication(string path)
{
_path = path;
}
public bool IsAuthenticated(string domain, string username, string pwd)
{
string domainAndUsername = domain + #"\" + username;
DirectoryEntry entry = new DirectoryEntry(_path, domainAndUsername, pwd);
try
{
// Bind to the native AdsObject to force authentication.
Object obj = entry.NativeObject;
DirectorySearcher search = new DirectorySearcher(entry);
search.Filter = "(SAMAccountName=" + username + ")";
search.PropertiesToLoad.Add("cn");
search.PropertiesToLoad.Add("mail");
SearchResult result = search.FindOne();
if (null == result)
{
return false;
}
//if (result != null)
//{
// string mail = result.Properties["mail"][0].ToString();
//}
// Update the new path to the user in the directory
_path = result.Path;
_filterAttribute = (String)result.Properties["cn"][0];
_filterAttribute = (String)result.Properties["mail"][0];
}
catch (Exception ex)
{
throw new Exception("Error authenticating user. " + ex.Message);
}
return true;
}
public string GetGroups()
{
DirectorySearcher search = new DirectorySearcher(_path);
search.Filter = "(cn=" + _filterAttribute + ")";
search.Filter = "(mail=" + _filterAttribute + ")";
search.PropertiesToLoad.Add("memberOf");
StringBuilder groupNames = new StringBuilder();
try
{
SearchResult result = search.FindOne();
int propertyCount = result.Properties["memberOf"].Count;
String dn;
//int equalsIndex, commaIndex;
for (int propertyCounter = 0; propertyCounter < propertyCount;
propertyCounter++)
{
dn = (String)result.Properties["memberOf"][propertyCounter];
//equalsIndex = dn.IndexOf("=", 1);
//commaIndex = dn.IndexOf(",", 1);
//if (-1 == equalsIndex)
//{
// return null;
//}
//groupNames.Append(dn.Substring((equalsIndex + 1),
// (commaIndex - equalsIndex) - 1));
//groupNames.Append("|");
}
}
catch (Exception ex)
{
throw new Exception("Error obtaining group names. " +
ex.Message);
}
return groupNames.ToString();
}
}
This may be an oversimplification but...
public void LoginButton_Clicked(object sender, EventArgs e)
{
LdapAuthentication auth = new LdapAuthentication("YOURPATH");
if (auth.IsAuthenticated("YOURDOMAIN", txtId.Text, txtPassword.Text))
{
//Login Passed
}
}
I'm assuming you are using WebForms and your username textbox has the ID "txtId", and your password textbox has ID "txtPassword".
If you are not using WebForms the implementation will be different. As spectacularbob mentioned, we can't really answer your question until we know which UI Framework you are using.
I am having an issue when attempting to create a new user in active directory. I followed the steps provided in this link for using PrincipalContext (with the exception that I am only doing one user at a time when they are hired and entered into the system and not multiple so no loop is required). I am also using a UserPrincipal Extender.
Here is the code that I have:
protected void CreateUserPE()
{
try
{
PrincipalContext userCtx = new PrincipalContext(ContextType.Domain, DomainFQDN, DomainFull);
string UserName = txtFirstName.Text.ToLower() + " " + txtLastName.Text.ToLower();
string password = "superSecretPassword";
UserPrincipalsEx newUser = new UserPrincipalsEx(userCtx, UserName, password, true);
newUser.SamAccountName = txtFirstName.Text.ToLower() + "." + txtLastName.Text.ToLower();
newUser.UserPrincipalName = txtFirstName.Text.ToLower() + "." + txtLastName.Text.ToLower() + "#rasm.com";
newUser.EmployeeId = txtEmpID.Text;
newUser.LastName = txtLastName.Text;
newUser.GivenName = txtFirstName.Text;
newUser.DisplayName = txtFirstName.Text + " " + txtLastName.Text;
newUser.Name = txtFirstName.Text + " " + txtLastName.Text;
newUser.SetPassword(password);
newUser.HomePostalAddress = txtAddress.Text + ", " + txtCity.Text + ", " + txtState.Text + ", " + txtZip.Text;
newUser.CountryName = txtCountry.Text;
newUser.HomePhone = txtHomePhone.Text;
newUser.MobilePhone = txtMobilePhone.Text;
newUser.DateOfBirth = txtDOB.Text;
newUser.EmergencyContact = txtEmergencyCnt.Text;
newUser.EmergencyPhone = txtContactPhone.Text;
newUser.Relationship = ddlRelationship1.SelectedItem.ToString();
newUser.EmergencyContact2 = txtEmergencyCnt2.Text;
newUser.EmergencyPhone2 = txtContactPhone2.Text;
newUser.Relationship2 = ddlRelationship2.SelectedItem.ToString();
newUser.EyeColor = ddlEyeColor.SelectedItem.ToString();
newUser.HairColor = ddlHairColor.SelectedItem.ToString();
newUser.Height = txtHeight.Text;
newUser.Weight = txtWeight.Text;
newUser.Gender = ddlGender.SelectedItem.ToString();
newUser.PersonalEmail = txtPersonalEmail.Text;
newUser.PassportExpires = txtPassportExp.Text;
newUser.HomeBase = ddlHomeStation.SelectedItem.ToString();
newUser.WorkLocation = txtWorkLocation.Text;
newUser.PID = txtPID.Text;
newUser.Team = txtTeam.Text;
newUser.Manager = "CN=" + txtSupervisor.Text + "," + DomainFull;
newUser.Title = ddlJobTitle.SelectedItem.ToString();
newUser.JobCode = txtJobCode.Text;
newUser.PLC = txtPLC.Text;
newUser.BPLC = txtBPLC.Text;
newUser.Specialty = txtSpecialty.Text;
newUser.Position = txtPosition.Text;
newUser.DateOfHire = txtDOH.Text;
newUser.DateOnContract = txtDOC.Text;
newUser.TaskOrder = ddlTaskOrder.SelectedItem.ToString();
newUser.Classification = ddlClass.SelectedIndex.ToString();
newUser.Section = txtSection.Text;
newUser.GatePass = txtGatePass.Text;
newUser.GatePassExpires = txtGatePassExp.Text;
newUser.WorkPhone = txtWorkPhone.Text;
newUser.CompanyEmail = txtCompEmail.Text;
newUser.aKOEmail = txtMilEmail.Text;
newUser.aKOSponsor = txtMilEmailSp.Text;
newUser.CACSponsor = txtCacSponsor.Text;
newUser.CACSponsorEmail = txtCacSponsorEmail.Text;
newUser.CacCardExpires = txtCacExpires.Text;
newUser.Enabled = true;
newUser.ExpirePasswordNow();
newUser.Save();
newUser.Dispose();
}
catch
{
}
}
The program goes all the way to newUser.Save() and then throws the following error in the catch statement:
System.DirectoryServices.AccountManagement.PrincipalOperationException was caught
HResult=-2146233087
Message=The attribute syntax specified to the directory service is invalid.
Source=System.DirectoryServices.AccountManagement
ErrorCode=-2147016693
StackTrace:
at System.DirectoryServices.AccountManagement.ADStoreCtx.Insert(Principal p)
at System.DirectoryServices.AccountManagement.Principal.Save()
at Personnel_Employee.CreateUserPE() in c:\inetpub\wwwroot\TestingFolder\Personnel\Add\Employee.aspx.cs:line 263
InnerException: System.DirectoryServices.DirectoryServicesCOMException
HResult=-2147016693
Message=The attribute syntax specified to the directory service is invalid.
Source=System.DirectoryServices
ErrorCode=-2147016693
ExtendedError=87
ExtendedErrorMessage=00000057: LdapErr: DSID-0C090D11, comment: Error in attribute conversion operation, data 0, v23f0
StackTrace:
at System.DirectoryServices.DirectoryEntry.CommitChanges()
at System.DirectoryServices.AccountManagement.SDSUtils.ApplyChangesToDirectory(Principal p, StoreCtx storeCtx, GroupMembershipUpdater updateGroupMembership, NetCred credentials, AuthenticationTypes authTypes)
InnerException:
Where am I going wrong.
You can not update an attribute with null or empty. I personaly dislike solutions with dummy values. If you are using the context principle just simply check for null or empty and dont update if its the case like:
if (!string.IsNullOrEmpty(txtbox.Text)){ newUser.attributeName = txtbox.Text}
If you are using an directory entry instead of an usercontext you can do something like this:
string adPath = "LDAP://server.domain.com/CN=John,CN=Users,dc=domain,dc=com";
DirectoryEntry userEntry = new DirectoryEntry(adPath);
if (txtBox.text == "")
{
userEntry.Properties["proppertyName"].Clear();
}
else if (!string.IsNullOrEmpty(txtBox.text))
{
userEntry.Properties[attribute.Key].Value = txtBox.text;
}
// dont do a thing when txtBox.Text is empty
It looks like more code but its much easier to make a foreachloop for it if you have a list with all attribute like:
private void UpdateEntryAttributes(DirectoryEntry entry, Dictionary<string, string> attributes)
{
foreach (KeyValuePair<string, string> attribute in attributes)
{
entry.Properties[attribute.Key].Value = attribute.Value;
if (attribute.Value == "")
{
entry.Properties[attribute.Key].Clear();
}
else if (!string.IsNullOrEmpty(attribute.Value))
{
entry.Properties[attribute.Key].Value = attribute.Value;
}
}
This can happen when attempting to write either a null or empty string to an AD field that prohibits it. An easy way to check whether this is the problem is to temporarily replace all such values with a dummy string (length > 0) and then run the code again. If that works, you can attempt a fix by changing the offending value--with AD, sometimes if null doesn't work, then an empty string will work, or vice versa.
I am new to stackoverflow as a member, although I follow this a lot :)
My code which connects to active directory to get the members of a functional group, gives me only 1490 odd members out of 1680 odd members actually in the list. I have searched a lot on Stackoverflow and on Internet, but I have not found out answer to why the code would result in incomplete list. Could, anyone please give me any pointers on this. Thanks :)
Here is the code which connects to the Active Directory to retrieve the data:
public static DataTable GetAdUsers(string configSection)
{
DataRow dr;
Hashtable ADGroups = (Hashtable)ConfigurationManager.GetSection(configSection);
string adGroup;
string adGroupDesc;
string sApplication;
string sLast_Login;
string sAccount_owner;
string sPath;
DataTable dt = new DataTable();
sApplication = "Application";
dt.Columns.Add(sApplication);
dt.Columns.Add("Profile", Type.GetType("System.String"));
dt.Columns.Add("Account Name", Type.GetType("System.String"));
sLast_Login = "Last Login";
dt.Columns.Add(sLast_Login);
sAccount_owner = "Account Owner";
dt.Columns.Add(sAccount_owner);
sPath = "Path";
dt.Columns.Add(sPath);
string domainName = "myDomain";
PrincipalContext pcRoot = new PrincipalContext(ContextType.Domain, domainName);
IDictionaryEnumerator adGroupEnumerator = ADGroups.GetEnumerator();
while (adGroupEnumerator.MoveNext())
{
adGroup = adGroupEnumerator.Key.ToString();
adGroupDesc = adGroupEnumerator.Value.ToString();
GroupPrincipal grp = GroupPrincipal.FindByIdentity(pcRoot, IdentityType.SamAccountName, adGroup);
System.DirectoryServices.DirectoryEntry de = (System.DirectoryServices.DirectoryEntry)grp.GetUnderlyingObject();
foreach (string sDN in de.Properties["member"])
{
System.DirectoryServices.DirectoryEntry deMember = new System.DirectoryServices.DirectoryEntry("LDAP://" + sDN.ToString());
try
{
dr = dt.NewRow();
string output1;
string subStringE1 = "DC=";
int length1 = de.Path.ToString().Length;
int length0 = de.Path.ToString().IndexOf(subStringE1);
string str1 = de.Path.ToString().Substring(length0, length1 - length0);
string subStringE2 = ",DC";
int length2 = str1.ToString().IndexOf(subStringE2);
output1 = str1.ToString().Substring(3, length2 - 3);
dr["Application"] = "Application";
dr["Profile"] = adGroupDesc;
string AccountName = deMember.Properties["samAccountName"].Value.ToString();
dr["Account Name"] = deMember.Properties["samAccountName"].Value.ToString();
dr["Last Login"] = "";
dr["Account Owner"] = deMember.Properties["givenName"].Value.ToString() + #"-" + deMember.Properties["sn"].Value.ToString();
string Path = output1 + #"\" + adGroup + #"\" + deMember.Properties["samAccountName"].Value.ToString();
Console.WriteLine(Path);
dr["Path"] = output1 + #"\" + adGroup + #"\" + deMember.Properties["samAccountName"].Value.ToString();
dt.Rows.Add(dr);
}
catch (Exception ex)
{
Console.WriteLine("Error occured for user name" + sDN + "\n" + ex.Message);
}
}
}
return dt;
}
}
Because of the default limit of SizeLimit, you're probably only getting around the 1,490 objects or so. To fix that you need to "page" through the results.
Just use the code referenced at Enumerating Members in a Large Group .
When there is the possibility that the result set that will be returned will contain more than 1000 items, you must use a paged search. Searches of Active Directory performed without paging are limited to returning a maximum of the first 1000 records. With a paged search, the result set is presented as individual pages, each containing a predetermined number of result entries. With this type of search, new pages of result entries are returned until the end of the result set is reached.
By default, the server that responds to a query request completely calculates a result set before returning data. In a large result set, this requires server memory as the result set is acquired, and network bandwidth when the large result is returned. Setting a page size allows the server to send the data in pages as the pages are being built. The client then caches this data and provides a cursor to the application level code.
Paging is set by defining how many rows the server calculates before the data is returned over the network to the client.
Found the answer by researching through and trying my luck.
Using Directory Entry was the problem, and did not ned to use Page Searching, although I tried the same.
The working code is as below:
GroupPrincipal grp = GroupPrincipal.FindByIdentity(pcRoot, adGroup); //fglbcmdolpctx
if (grp != null)
{
foreach (Principal p in grp.GetMembers(true))
{
try
{
dr = dt.NewRow();
dr["Application"] = "Commodities OpenLink";
dr["Profile"] = adGroupDesc;
string AccountName = p.SamAccountName.ToString().ToLower();
dr["Account Name"] = AccountName;
dr["Last Login"] = "";
string sLastName, sFirstName;
int iLastNameIndex0, iLastNameIndex1, iFirstNameIndex0, iFirstNameIndex1;
int lengthofString = p.Name.ToString().Length;
iLastNameIndex1 = p.Name.ToString().IndexOf(",");
if (iLastNameIndex1 == -1)
{
sLastName = "";
}
else
{
sLastName = p.Name.ToString().Substring(0, iLastNameIndex1);
}
iFirstNameIndex0 = p.Name.ToString().IndexOf(",");
iFirstNameIndex1 = p.Name.ToString().IndexOf(":");
if (iFirstNameIndex0 == -1 || iFirstNameIndex1 == -1)
{
sFirstName = p.Name.ToString();
sLastName = "";
}
else
{
sFirstName = p.Name.ToString().Substring(iFirstNameIndex0 + 1, iFirstNameIndex1 - iFirstNameIndex0 - 1);
}
sAccount_owner = sLastName + #"-" + sFirstName;
dr["Account Owner"] = sAccount_owner;
string sPath_Domain_Part;
string sFirstIndexofExtraction = "DC=";
int ilength_String = p.DistinguishedName.ToString().Length;
int iLenght_ExtractionPoint1 = p.DistinguishedName.ToString().IndexOf(sFirstIndexofExtraction);
string str1 = p.DistinguishedName.ToString().Substring(iLenght_ExtractionPoint1, ilength_String - iLenght_ExtractionPoint1);
string subStringE2 = ",DC";
int iLenght_ExtractionPoint2 = str1.IndexOf(subStringE2);
sPath_Domain_Part = str1.Substring(3, iLenght_ExtractionPoint2 - 3);
string sPath1 = sPath_Domain_Part + #"\" + adGroup + #"\" + p.SamAccountName.ToString();
dr["Path"] = sPath_Domain_Part + #"\" + adGroup + #"\" + p.SamAccountName.ToString();
dt.Rows.Add(dr);
}
catch (Exception ex)
{
Global.logfile.WriteLine("Error occured for user name" + adGroup + p.SamAccountName + "\n" + ex.Message);
}
}
}