I have developed a small application which reads user information from Active directory.
In the beginning of the application I used the below filter
search.Filter = "(&((&(objectCategory=Person)(objectClass=User)))(displayName=*" + username + "*))";
This worked fine.
Now, I am giving the user an option to retrieve the employee details based on username OR office OR title fields.
The query I used to get the details is as follows, but not working. It throws and exception
"search filter is invalid."
(&((&(objectCategory=Person)(objectClass=User)))(|((displayName=*" + username + "*)(l = *" + location + "*)(title=*" + title + "*))))";
Example: retieve the details of employee based on location : Hyderabad
The runtime query looks like this
(&((&(objectCategory=Person)(objectClass=User)))(|((displayName=**)(l = *hyder*)(title=**)))
search filter is invalid.
I think, as your intentions are not clear, what you are looking for is something more like:
(&(objectCategory=Person)(objectClass=User)(|(displayName=sam)(l=location)(title=title)))
Which could be visualized as:
(&
(objectCategory=Person)
(objectClass=User)
(|
(displayName=*sam*)
(l=*location*)
(title=*title*)
)
)
Of course you would need to put in your code parameters instead of the values shown.
Related
I have a C# console application that updates Active Directory properties using data from the HR system.
Below is a sample of the code I'm using to update the manager property:-
if (ADManagerPath != adManager)
{
if (enableActiveDirectoryUpdates)
{
if (ADManagerPath.Length > 0)
{
deLDAPUpdate.Properties["manager"].Value = ADManagerPath;
managerUpdated++;
}
else
{
deLDAPUpdate.Properties["manager"].Clear();
managerBlanked++;
}
}
managerChanged = true;
}
Obviously, there are other properties that I am updating and finally if I have made any changes, there is a CommitChanges statement.
My issue is that the line will I am setting the manager, fails but only for 2 active directory accounts (which may well be for the same person).
The error codes I am receiving are (0x80005000) -2147463168. I have searched the site, and others, however most answers appear to be cases where LDAP has not been capitalized or the property/attribute you're trying to update does not exist. Both of which I do not believe apply to my situation, as I can update other accounts.
Can anybody help?
Okay I have fixed the above problem but still have a problem with these 2 accounts. The value I was reading from a database, somehow had an extra backslash in the manager path and that was the problem for setting the manager. My program now successfully can update a person's manager to 1 of these 2 accounts.
However I still believe there is a problem with the 2 accounts in question. I cannot set any property for the 2 accounts in question. Interestingly, I have developed a program, only for my use, where you enter a samAccountName and it will display and iterate through all the properties. However, this program also falls over when I attempt to use it on either of these accounts.
I write any errors to an exception table and all that error message says is "Unknown error (0x80005000)".
This program has been running for a couple of months, although it has been developed further over the past few weeks, and it is only these 2 accounts that will not update?
The code that I am using to create the various active directory connection objects is:-
string gcConnection = "GC://" + guidBindRootPath + "/<GUID=" + adID + ">";
deGUIDBind.Username = username;
deGUIDBind.Password = password;
deGUIDBind.AuthenticationType = AuthenticationTypes.Secure;
deGUIDBind.Path = gcConnection;
deLDAPUpdate.Username = username;
deLDAPUpdate.Password = password;
deLDAPUpdate.AuthenticationType = AuthenticationTypes.Secure;
string distinguishedName = deGUIDBind.Properties["distinguishedName"].Value.ToString();
string ldapConnection = "LDAP://" + getDomainNameFromDistinguishedName(distinguishedName) + "/" + distinguishedName;
deLDAPUpdate.Path = ldapConnection;
`
To reiterate, I have solved the problem of setting, the accounts in question, as the manager of other accounts, however, I can still not change any of the properties of the 2 problematic accounts. My program successfully updates other accounts.
The other program that I have written, in C#, which iterates through and displays all the properties, for a given samAccountName, also falls over for these 2 accounts.
string adDivision = convertNullToString(deLDAPUpdate.Properties["Division"].Value);
propertyDetails = propertyDetails + "Division" + "," + adDivision + Environment.NewLine;
foreach (System.DirectoryServices.PropertyValueCollection p in deLDAPUpdate.Properties)
With regard to the 2 problem accounts, this program falls over both on attempt to retrieve the division property and also when it attains to evaluate deLDAPUpdate.Properties.
I am not asking for help with the 2nd application, which is only for my own use, I only mention it since it seems to indicate that there might be a problem with the 2 accounts. This test application successfully displays the properties of other accounts.
I want to retrieve country, department, display name property from outlook.
Manually we are done using ctrl+k then right click outlook property.
If lots of records, then its time consuming process.
I have one mail id like var email="Something#domain.com"
Using
var a=outlook.Application.CreateReciepent("Email#hjg.com");
a.resolve();
var name=a.name;
able to fetch display name.
how to retrieve corresponding email id --country, department.
Please help me.
You will need to add System.DirectoryServices in the reference and userName in the code below is the NT Id (without domain). If you want to look for more properties you will need to search online for the exact string.
DirectorySearcher search = new DirectorySearcher();
// specify the search filter
search.Filter = "(&(objectClass=user)(anr=" + userName + "))";
// specify which property values to return in the search
search.PropertiesToLoad.Add("displayName"); // display name
search.PropertiesToLoad.Add("co"); // country name
search.PropertiesToLoad.Add("department"); // department
// perform the search
SearchResult result = search.FindOne();
I am working on a requirement where i need to display the permissisons of a folder for all Users and Groups programatically using C#.
Here, is the code, i am using to do it:
DirectorySecurity filesecure = Directory.GetAccessControl(txtPath.Text);
StringBuilder strbldACLlist = new StringBuilder();
filesecure.GetSecurityDescriptorSddlForm(AccessControlSections.All);
foreach (FileSystemAccessRule ace in filesecure.GetAccessRules(true, true, typeof(NTAccount)))
{
strbldACLlist.Append(ace.FileSystemRights + ":" + ' ' + ace.IdentityReference.Value + "\n");
}
I am getting the output like this:
"ReadAndExecute, Synchronize: dm1\\55555\nFullControl: dm1\\343556\n268435456: dm1\\343556\nFullControl: NT AUTHORITY\\SYSTEM\n268435456: NT AUTHORITY\\SYSTEM\nFullControl: BUILTIN\\Administrators\n268435456: BUILTIN\\Administrators\n"
Here, for the first user i am getting properly the file permissions. But, if you see the second userid i.e 343556 , i am getting result two times as you can see Full Control for first time nad some number n268435456 which i do not under stand.
Can any one please analyze the output and explain what's happening actually..
Have a look here. It's saying that FileSystemAccessRights is a Flags enum (i.e. its values can be or-ed). The actual number you've got 268435456 - is a combination for which a name hasn't been supplied.
Cheers -
Response.Redirect(my site's url + "editques/" + "QuesID/" + QuesID + "/" );
Redirecting as shown above...In the editques.aspx page, whenI debug, I see the Query String's value as {QuesID=jhgjgjhjk&PID=jhhkjkj}
Where on earth did this PID came from!??
There must be some component that needs to persist a value between postbacks and is using the query string for that purpose.
Update: Are you by any chance displaying paginated data on the page? PID might stand for page id and might be generated by the component that is handling paging.
var c = new HttpValueCollection();
c.Add(HttpUtility.ParseQueryString(Request.Url.Query));
if (!string.IsNullOrEmpty(c["PID"]))
c.Remove("PID");
Are you sure you aren't redirecting before this line or after this line?
I don't even see the FAQID in that Qstring..
I'm coding some c# against Active Directory and have tried endlessly to get this to work to no avail. The following code works and the code that follows it does not:
The code below is using "WinNT://" + Environment.MachineName + ",Computer" to make the connection and works fine.
DirectoryEntry localMachine = new DirectoryEntry
("WinNT://" + Environment.MachineName + ",Computer");
DirectoryEntry admGroup = localMachine.Children.Find
("Administrators", "group");
object members = admGroup.Invoke("members", null);
foreach (object groupMember in (IEnumerable)members)
{
DirectoryEntry member = new DirectoryEntry(groupMember);
output.RenderBeginTag("p");
output.Write(member.Name.ToString());
output.RenderBeginTag("p");
}
base.Render(output);
I'm now trying to change the line:
"WinNT://" + Environment.MachineName + ",Computer"
to
"LDAP://MyDomainControllerName"
but it seems no matter what value I try in place of the value 'MyDomainControllerName' it wont work.
To get the 'MyDomainControllerName' value I right clicked on MyComputer and copied the computer name value as suggested elsewhere but this didn't work.
When I try using the LDAP://RootDSE option above it results in the following error:
The Active Directory object located at the path LDAP://RootDSE is not a container
Is this a problem with the member methods as you mention?
Yes- RootDSE is not a container - but it holds a number of interesting properties which you can query for - e.g. the name of your domain controller(s).
You can check these out by using code like this:
DirectoryEntry deRoot = new DirectoryEntry("LDAP://RootDSE");
if (deRoot != null)
{
Console.WriteLine("Default naming context: " + deRoot.Properties["defaultNamingContext"].Value);
Console.WriteLine("Server name: " + deRoot.Properties["serverName"].Value);
Console.WriteLine("DNS host name: " + deRoot.Properties["dnsHostName"].Value);
Console.WriteLine();
Console.WriteLine("Additional properties:");
foreach (string propName in deRoot.Properties.PropertyNames)
Console.Write(propName + ", ");
Console.WriteLine();
}
Or save yourself the trouble and go grab my "Beavertail ADSI Browser" in C# source code - shows in detail how to connect to RootDSE and what it offers.
When connecting to AD using the .NET Framework, you can use "serverless" binding or you can specify a server to use everytime (server bound).
Here's an example of using both:
// serverless
DirectoryEntry rootConfig = new DirectoryEntry("LDAP://dc=domainname,dc=com");
// server bound
DirectoryEntry rootEntry = new DirectoryEntry("LDAP://domainControllerName/dc=domainName,dc=com");
I think where you were going astray is you forgot to include the FQDN for your domain on the end. Hope this helps.
You need to pass it an authorized Username and password.
try setting: DirectoryEntry.Username and DirectoryEntry.Password
have you tried speciying the port number and other parms?
Our ldap string looks like: LDAP://myserver:1003/cn=admin#xyz.com|1,ou=Members,o=mdhfw2
It looks like you need to get the LDAP connection information. You can call LDAP://RootDSE to get the information as shown in the ASP.NET Wiki.
Please keep in mind that the LDAP objects do not have the same member methods and properties as the WINNT objects, so do not expect the group.Invoke("members") and other functions to work exactly the same. You should read up on the DirectoryServices documentation with LDAP as well.