RE: [ActiveDir] AD in .NET Visual Basic

[De Schepper Marc]

Title: Message

Indead, There was a typoe....   The webserver will run on a overpowerded DC, so the speed is no issue...   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: vrijdag 16 januari 2004 2:55 To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: RE: [ActiveDir] AD in .NET Visual Basic I think his filter was supposed to be   &(objectcategory=person)(objectclass=user)   and he typoed objectclass with objectcategory.   Something that should be faster (assuming objectclass not indexed) but I haven't proven out is   &(objectcategory=person)(samccountname=*)        joe   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al Sent: Thursday, January 15, 2004 9:19 AM To: '[EMAIL PROTECTED]' Cc: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] AD in .NET Visual Basic Yep.  Didn't mean to indicate otherwise Carlos, just that his bind was to a container/OU and not really looking for the objects contained; Thanks for the pointers.  Great newsgroup for this subject too :)   As a side note, I'm curious about the filter string you used.  Why use objectCategory=User AND objectCategory=Person in the same filter.  Wouldn't one or the other do for your search or am I missing something? -----Original Message----- From: Carlos Magalhaes [mailto:[EMAIL PROTECTED] Sent: Thursday, January 15, 2004 4:05 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] AD in .NET Visual Basic Marc,   I would also STRONGLY recommend you don't do this, the amount of overhead you have on your server for one and the time taken to return the results will really make life a nightmare.   You have been provided with the link to the paging example, this is the best practice to use. It is not uncommon that ppl change the paging size. I just have been bitten way too many times. It can even be used as a DOS attack :P   Al, the code does no actually create a bind to the directory until findall() or Findone() is called. During the process of Dim entry As New DirectoryServices.DirectoryEntry("LDAP://ou=tele_domusers,DC=PROD,DC=TELENET,DC=BE") Dim mySearcher As New System.DirectoryServices.DirectorySearcher(entry) mysearcher.Filter = "(&(objectCategory=user)(objectCategory=person))" Dim results As SearchResultCollection Dim result As SearchResult results = mysearcher.FindAll   You are merely setting properties on the directoryentry and directorySearcher object. ldap_bind_s (_s is because it's a secure connection) the LDAP API bind call only really happens at "results = mysearcher.FindAll" (through the ADSI COM object). This is supposedly done to prevent premature or unnecessary (i.e. if an error occurs) binding to the directory.   I hope that is understandable and explains the situation to you correctly...   LDAP (Active Directory , iPlanet, NDS?) programming? Http://groups.yahoo.com/group/adsianddirectoryservices Carlos Magalhaes.               From: joe [mailto:[EMAIL PROTECTED] Sent: Thursday, January 15, 2004 5:59 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] AD in .NET Visual Basic   NO do not do this. Incorrect answer.   The proper way to handle this is to specify a page size in the calls to active directory, something less than 1000 and then retrieve the data in multiple pages.   I would hate to see someone slowly increasing the page size on their server as the number of objects gets higher and higher. Heck I would have to set the page size to > 100,000 on one of my domains to return all the users and I would hate to see how long that query would run and how dead the DC would be trying to buffer that queries return set.      joe       From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Clay Perrine Sent: Wednesday, January 14, 2004 4:33 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] AD in .NET Visual Basic Per RFC the LDAP query limit is 1000 items. You can change that limit to reflect the additional number of items that you want to return.   This is done with the ntdsutil utility.  Use the LDAP policies. Change the MaxPageSize value.   Clay Perrine, MCSE Microsoft Directory Services Support Team   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of De Schepper Marc Sent: Wednesday, January 14, 2004 2:57 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] AD in .NET Visual Basic Thanks Carlos,   It works, But it only gives me the first 1000 users. Any Idea how I can see more than that? I've gat about 2000 Users.   Marc   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Carlos Magalhaes Sent: woensdag 14 januari 2004 21:19 To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] AD in .NET Visual Basic Hello Marc, Welcome to the world of System.DirectoryServices. Could you please post the extended error to the list? Just a few things, 1. You should specify a search filter for your query, this will limit the amount of time it takes for your query return results. An example to specify the search query =   mysearcher.Filter = "(&(objectCategory=user)(objectCategory=person))" 2. It is best practice to actually load the required properties into the search, you can load them one by one or you can load a property array. For example loading 1 by 1 = mysearcher.PropertiesToLoad.Add("cn") or an array = mysearcher.PropertiesToLoad.AddRange(MYSTRINGARRAY) 3. Also as a good practice instead of doin result.findall at the loop level rather try this Dim results As SearchResultCollection Dim result As SearchResult results = mysearcher.FindAll Then in your loop try   For Each result In results             If result.Properties.Contains("cn") Then                 'do something with result             End If         Next The reason you should use .Contains is because if the property does not contain a value you will receive and error = Object not set to an instance... As a test could you specify a username , password and authentication type in the directoryentry. For example Dim entry As New DirectoryServices.DirectoryEntry("LDAP://ou=tele_dom users,DC=PROD,DC=TELENET,DC=BE",<USERNAME>,<PASSWORD>,AUTHENTICATIONTYPE) This is just to perform a test we can change this later. Let us know about the extended error. You have obviously checked that the LDAP path is correct (sorry but I have to ask: P) Active Directory Programming ? - http://groups.yahoo.com/group/adsianddirectoryservices Carlos Magalhaes - ADSI MVP -----Original Message----- From: De Schepper Marc [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 14, 2004 9:24 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] AD in .NET Visual Basic Hey all, I'm trying to walk my first steps in .NET Visual Basic and I want to create a Web App to provide our people an interface to run some common tasks (since they won't follow procedures....) Is there someone who could help me with a simple sample app in ASP.NET that queries the AD and returns the list of users in a dropdownbox? More I don't need, the rest I do it myself I wrote some code, but running it from my WS returns me an error teeling me hey cannot contact the domain...whenever it hits the for next loop...My security is OK, I followed Q329986...I choose for methode 1 and changed the username for anonymous acces to a domain user This is the code I used PLEASE Help         Dim entry As New DirectoryServices.DirectoryEntry("LDAP://ou=tele_dom users,DC=PROD,DC=TELENET,DC=BE")         Dim mySearcher As New System.DirectoryServices.DirectorySearcher(entry)         Dim result As System.DirectoryServices.SearchResult         Dim oValue As New ArrayList         For Each result In mySearcher.FindAll()   oValue.Add(Microsoft.VisualBasic.Right(result.GetDirectoryEntry().Name,l en(result.GetDirectoryEntry().Name) - 3))         Next         User1.DataSource = oValue         User1.Visible = True   Thx Marc ************************************************************* Dit e-mail bericht inclusief eventuele ingesloten bestanden kan informatie bevatten die vertrouwelijk is en/of beschermd door intellectuele eigendomsrechten. Dit bericht is uitsluitend bestemd voor de geadresseerde(n). Elk gebruik van de informatie vervat in dit bericht (waaronder de volledige of gedeeltelijke reproductie of verspreiding onder elke vorm) door andere personen dan de geadresseerde(n) is verboden. Indien u dit bericht per vergissing heeft ontvangen, gelieve de afzender hiervan te verwittigen en dit bericht te verwijderen. This e-mail and any attachment thereto may contain information which is confidential and/or protected by intellectual property rights and are intended for the sole use of the addressees. Any use of the information contained herein (including but not limited to total or partial reproduction or distribution in any form) by other persons than the addressees is prohibited. If you have received this e-mail in error, please notify the sender and delete its contents. ************************************************************* List info   : http://www.activedir.org/mail_list.htm List FAQ    : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/