I'm having a bit of a problem. I"m simply trying to read active directory now with system.directoryservices. I have a LDAP path i think its called and i get the children and for each child i for each through and so on for like 5 for each loops. OK no problem. But i don't always read the same number of records with the same loops. i added a parameter that i was getting the value of off of every user in my print out and i jumped from like 1500 to 1800 records. so i got a user and i'm reading first name and last name, and when i go through again reading as well location, suddenly more records. i thought a read for a value didn't change a thing. it existed or not, if it existed you get it , if not you get empty string. certainly enough empty strings were printed out. But i read active directory caches. could this be it? how does that work? how to read and write without caching?


Edited by adams161: n/a

6 Years
Discussion Span
Last Post by adams161

You didn't show any code so I assume you're using DirectorySearcher

private DirectorySearcher _Searcher;

_Searcher = new DirectorySearcher();
_Searcher.CacheResults = false;
// Set the rest of the properties

This disables local caching. If you have to repeat the query, the data is fetched from the DC again and this may slow the performance and causes more traffic in your LAN.



I'm going to try that trick of doing a search where its a user and setting cacheresults to false.

right now I'm not searching. I enter at some root level node, where all users live, then get its children and loop through them in a for each loop. then for every child i check if its a user and for every child i see if it has children so you have a second nested for each loop. in total i have 4 nested loops under the first loop.



What if you have a following group in your domain:

Ok, I think you'd be better to search with a filter instead of any nested loops. With VBScript it would go something like this

Option Explicit
Dim adoCommand, adoConnection, strBase, strFilter, strAttributes
Dim objRootDSE, strDNSDomain, strQuery, adoRecordset, strFirst, strLast

' Setup ADO objects.
Set adoCommand = CreateObject("ADODB.Command")
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"
adoCommand.ActiveConnection = adoConnection

' Search entire Active Directory domain.
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")
strBase = "<LDAP://" & strDNSDomain & ">"

' Filter on all users
strFilter = "(&(objectCategory=person)(objectClass=user))"

' Comma delimited list of attribute values to retrieve.
strAttributes = "firstName,lastName"

' Construct the LDAP syntax query.
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
adoCommand.CommandText = strQuery
adoCommand.Properties("Page Size") = 100
adoCommand.Properties("Timeout") = 30
adoCommand.Properties("Cache Results") = False

' Run the query.
Set adoRecordset = adoCommand.Execute

' Enumerate the resulting recordset.
Do Until adoRecordset.EOF
    ' Retrieve values.
    strFirst = adoRecordset.Fields("firstName").Value
    strLast = adoRecordset.Fields("lastName").Value
    Wscript.Echo strFirst & " " & strLast
    ' Move to the next record in the recordset.

' Clean up.

and "translated" to C#

DirectorySearcher oSearcher;

oSearcher = new DirectorySearcher();
oSearcher.SearchRoot = new DirectoryEntry("LDAP://CN=users,DC=yourdomain,DC=com");
oSearcher.CacheResults = false;
oSearcher.ClientTimeout=new TimeSpan(0,0,30); // 30 second for timeout
oSearcher.PageSize = 100;
oSearcher.Tombstone = false; // Do not include deleted items
oSearcher.Filter = "(&(objectCategory=person)(objectClass=user)(firstName=*)(lastName=*)"; // Users only
// Query
SearchResultCollection collNames = oSearcher.FindAll();
    // Handle results
// Some error handling too!

Didn't test the code above myself (as one always should), but it should work. Just in case, there's a good documentation of the DirectorySearcher Class in MSDN.



this should get me going. It will be easier to implement than simply googling. I actually found out today that my number of users ( about 900) matches what the network person says should be in there. I was concerned because there are about 2000 possible people who can be in AD but apparently only 900 have computer access.


This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.