Solved

Sorting AD entries based on OU - Error:The server does not support the requested critical extension

Posted on 2004-09-01
24
2,804 Views
Last Modified: 2013-11-19
I am using a DirectorySearcher to return results from an LDAP query.

I got the code from the following book:

Professional C# 2nd Edition from Wrox

It works fine until I add in the line indicated below which is supposed to just sort my results.  Then I get this error :
"The server does not support the requested critical extension"


CODE:
========================================
using (DirectoryEntry de = new DirectoryEntry())
{
      // Set credentials of an AD account to "Run As"
      de.Username = XXXXXXXXXXXXXX;
      de.Password = XXXXXXXXXXXXXX;

      // Set active LDAP path
      de.Path = LDAPpath;
      using (DirectorySearcher searcher = new DirectorySearcher())
      {
            searcher.SearchRoot = de;
            searcher.Filter = "(&(objectClass=user))";
            searcher.SearchScope = SearchScope.Subtree;

            searcher.PropertiesToLoad.Add("sn");
            searcher.PropertiesToLoad.Add("givenName");
            searcher.PropertiesToLoad.Add("distinguishedName");

    /****The following line causes the error - if I remove this line it works, but unsorted ****/
            searcher.Sort = new SortOption("distinguishedName", SortDirection.Ascending);

            SearchResultCollection results = searcher.FindAll();

            UserListRepeater.DataSource = results;
            UserListRepeater.DataBind();
      }
}
========================================



Any ideas?
0
Comment
Question by:mrichmon
  • 14
  • 10
24 Comments
 
LVL 35

Author Comment

by:mrichmon
Comment Utility
Found out that if you sort on a different column it works, just not on the distingushedName column.

What I really am trying to do (which I realized the above won't work anyway) is to sort on the OU.  Andy ideas?
0
 
LVL 20

Expert Comment

by:ihenry
Comment Utility

None of Windows Server supports indexed distinguishedName attribute that I'm aware of.

Check this article
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adschema/adschema/a_distinguishedname.asp

And the other two attributes works because they are fully indexable,
http://msdn.microsoft.com/library/en-us/adschema/adschema/a_givenname.asp
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adschema/adschema/a_sn.asp


HTH
0
 
LVL 35

Author Comment

by:mrichmon
Comment Utility
Yes I understand that - I figured it out when I found that it worked on other columns - but the real question, as I mentioned above is how do I sort results based on the OU - since MS doesnt support sorting on the one field that contains this information?
0
 
LVL 20

Expert Comment

by:ihenry
Comment Utility

The easiest way, I think, is to sort by "Canonical-Name" attribute. It is canonical format of distinguished name.

Canonical-Name
http://msdn.microsoft.com/library/en-us/adschema/adschema/a_canonicalname.asp

Ldap has some limitation on attributes sorting but you can always create a collection class and handle the sorting algorithm yourself.
0
 
LVL 35

Author Comment

by:mrichmon
Comment Utility
No that will sort including the user name which is part of the cn

I do not want the sort based at all on the user, but on the OU the user belongs to.
0
 
LVL 20

Expert Comment

by:ihenry
Comment Utility

You want to sort based on parent distinguished name that contains the user, right? so it can  be OrganizationalUnit (OU), container, or other object class that can contain other objects. And how you want your search result to be listed down? something similar like this, I guess

User                  container
-------------            -----------------------------
krbtgt                  CN=Users,DC=domain07,DC=local
Administrator            CN=Users,DC=domain07,DC=local
Guest                  CN=Users,DC=domain07,DC=local
IUSR_ADAM            CN=Users,DC=domain07,DC=local
Admin                  OU=IntranetUsers,DC=domain07,DC=local
Henry                  OU=IntranetUsers,DC=domain07,DC=local
Celestial Palas            OU=IntranetUsers,DC=domain07,DC=local

When sorting by canonicalName, your search result would look something like this

User                  container
-------------            -----------------------------
Administrator            domain07.local/Users/Administrator
Guest                  domain07.local/Users/Guest
IUSR_ADAM            domain07.local/Users/IUSR_ADAM
krbtgt                  domain07.local/Users/krbtgt
Admin                  domain07.local/IntranetUsers/Admin
Celestial Palas            domain07.local/IntranetUsers/Celestial Palas
Henry                  domain07.local/IntranetUsers/Henry

If the search result contains multiple domains and container types, the list is still listed down in correct order than just sorting by "OU".
0
 
LVL 35

Author Comment

by:mrichmon
Comment Utility
When I print out cn I get the user's first and last name.

So adding this code to above :

searcher.PropertiesToLoad.Add("cn");

Gives this :

Smith, John

0
 
LVL 35

Author Comment

by:mrichmon
Comment Utility
When I try :

searcher.PropertiesToLoad.Add("Canonical-Name");

It errors out if I try to display since it is not loaded - i.e. NULL
0
 
LVL 20

Expert Comment

by:ihenry
Comment Utility
Use ldap display name which is canonicalName not Canonical-Name.
0
 
LVL 35

Author Comment

by:mrichmon
Comment Utility
Okay I tested that just to be sure, but I was correct

canonicalName DOES include the username which means that it is included in the sort.

I do NOT want username included in the sort.  I want a sort on OU only.

0
 
LVL 35

Author Comment

by:mrichmon
Comment Utility
Well I tried actually sorting by canonicalName instead of just displaying it and I get the following error:

The server does not support the requested critical extension
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Runtime.InteropServices.COMException: The server does not support the requested critical extension

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
0
 
LVL 20

Expert Comment

by:ihenry
Comment Utility
mrichmon,
Please post some of your code, if possible I'll try to run it on my machine.
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 35

Author Comment

by:mrichmon
Comment Utility
I posted the code above.  I have just been changing the sort option line....
0
 
LVL 20

Expert Comment

by:ihenry
Comment Utility

The error occured because...Canonical-Name attribute turns out to be not sortable! :o((  I must have read the documentation wrongly, my bad..I'm sorry for that.

I looked at the all indexable attributes for AD, but nothing seems to help. And to sort on multiple attributes is also not doable. I think your best bet now is to rely on your own sorting algorithm. Anyway try the code below, it was tested using ADAM and worked perfectly on my machine. Hope it's useful for you.


//-------------- aspx.cs
public class ADSearcher : System.Web.UI.Page
{
      protected System.Web.UI.WebControls.DataGrid DataGrid1;

      private void Page_Load(object sender, System.EventArgs e)
      {
            if ( !Page.IsPostBack )
            {
                  SortedList list = SearchUser( "LDAP://xx.xx.68.xxx:50000/OU=Customers,O=myCompany,C=us", "CN=Admin,O=myCompany,C=us", "Abcde123" );
                  DataGrid1.DataSource = list;
                  DataGrid1.DataBind();
            }
      }

      public SortedList SearchUser( String ldapPath, String userName, String password )
      {
            String[] propertyNames = new String[] { "canonicalName", "distinguishedName", "givenName", "sn" };

            DirectoryEntry de = new DirectoryEntry( ldapPath, userName, password, AuthenticationTypes.ServerBind );
            DirectorySearcher ds = new DirectorySearcher( de );
            ds.PropertiesToLoad.AddRange( propertyNames );

            String qry = "(&(objectClass=user)(objectCategory=person))";
            ds.Filter = qry;

            SortedList list = null;
            try
            {
                  SearchResultCollection src = ds.FindAll();
                  if ( src.Count > 0 )
                  {
                        list = new SortedList( src.Count );

                        foreach ( SearchResult sr in src )
                        {
                              Hashtable properties = new Hashtable(CaseInsensitiveHashCodeProvider.DefaultInvariant, CaseInsensitiveComparer.DefaultInvariant);
                              String dn = (String) sr.Properties["distinguishedName"][0];
                              foreach ( String propertyName in propertyNames )
                              {
                                    if ( sr.Properties.Contains(propertyName) )
                                    {
                                          if ( sr.Properties[propertyName] != null )
                                                properties[propertyName] = sr.Properties[propertyName][0];
                                          else
                                                properties[propertyName] = null;
                                    }
                              }
                              list.Add( dn, properties );
                        }
                  }
                  return list;
            }
            catch (COMException)
            {
                  throw;
            }
            finally
            {
                  if (de != null) de.Dispose();
                  if (ds != null) ds.Dispose();
            }
      }

      #region Web Form Designer generated code
      override protected void OnInit(EventArgs e)
      {
            //
            // CODEGEN: This call is required by the ASP.NET Web Form Designer.
            //
            InitializeComponent();
            base.OnInit(e);
      }
      
      /// <summary>
      /// Required method for Designer support - do not modify
      /// the contents of this method with the code editor.
      /// </summary>
      private void InitializeComponent()
      {    
            this.Load += new System.EventHandler(this.Page_Load);

      }
      #endregion
}

//-------------- aspx
<%@ Import Namespace="System.Collections" %>
<HTML>
      <HEAD>
            <title></title>
      </HEAD>
      <body>
            <form id="Form1" method="post" runat="server">
                  <p><asp:datagrid id="DataGrid1" runat="server" AutoGenerateColumns="False" CellPadding="3" BorderColor="#E7E7FF"
                              BorderStyle="None" BorderWidth="1px" BackColor="White" GridLines="Horizontal">
                              <SelectedItemStyle Font-Bold="True" ForeColor="#F7F7F7" BackColor="#738A9C"></SelectedItemStyle>
                              <AlternatingItemStyle BackColor="#F7F7F7"></AlternatingItemStyle>
                              <ItemStyle ForeColor="#4A3C8C" BackColor="#E7E7FF"></ItemStyle>
                              <HeaderStyle Font-Bold="True" ForeColor="#F7F7F7" BackColor="#4A3C8C"></HeaderStyle>
                              <FooterStyle ForeColor="#4A3C8C" BackColor="#B5C7DE"></FooterStyle>
                              <Columns>
                                    <asp:TemplateColumn HeaderText="Canonical-Name">
                                          <HeaderStyle Font-Bold="True" HorizontalAlign="Center"></HeaderStyle>
                                          <ItemTemplate>
                                                <%# ( (Hashtable) DataBinder.Eval(Container.DataItem, "value") )["canonicalName"] %>
                                          </ItemTemplate>
                                    </asp:TemplateColumn>
                                    <asp:TemplateColumn HeaderText="Obj-Dist-Name">
                                          <HeaderStyle Font-Bold="True" HorizontalAlign="Center"></HeaderStyle>
                                          <ItemTemplate>
                                                <%# ( (Hashtable) DataBinder.Eval(Container.DataItem, "value") )["distinguishedName"] %>
                                          </ItemTemplate>
                                    </asp:TemplateColumn>
                                    <asp:TemplateColumn HeaderText="Given-Name">
                                          <HeaderStyle Font-Bold="True" HorizontalAlign="Center"></HeaderStyle>
                                          <ItemTemplate>
                                                <%# ( (Hashtable) DataBinder.Eval(Container.DataItem, "value") )["givenName"] %>
                                          </ItemTemplate>
                                    </asp:TemplateColumn>
                                    <asp:TemplateColumn HeaderText="Surname">
                                          <HeaderStyle Font-Bold="True" HorizontalAlign="Center"></HeaderStyle>
                                          <ItemTemplate>
                                                <%# ( (Hashtable) DataBinder.Eval(Container.DataItem, "value") )["sn"] %>
                                          </ItemTemplate>
                                    </asp:TemplateColumn>
                              </Columns>
                              <PagerStyle HorizontalAlign="Right" ForeColor="#4A3C8C" BackColor="#E7E7FF" Mode="NumericPages"></PagerStyle>
                        </asp:datagrid></p>
            </form>
      </body>
</HTML>


Good Luck!
0
 
LVL 35

Author Comment

by:mrichmon
Comment Utility
It doesn't quite work, but is an interesting idea...


At first I used distinguishedName, but that was very unsorted.

Then I tried canonicalName in the sort and I found that the results I get are mostly sorted, but not completely

I have an OU structure like :

My Users
 --> Standard
        --> Other
        --> Managers
        --> Career Staff
              --> Temporary Staff
 --> Admin
        --> Restricted Admin
etc...

The results come up like (note I display OU as a dash separated list):

Admin
Admin
Admin - Restricted Admin
Admin - Restricted Admin
Admin - Restricted Admin
Standard
Standard - Managers
Standard - Managers
Standard
Standard - Other
Standard
Standard - Career Staff
Standard - Career Staff
Standard - Career Staff
Standard - Career Staff - Temporary Staff
Standard - Career Staff
etc...


I would expect this :
Admin
Admin
Admin - Restricted Admin
Admin - Restricted Admin
Admin - Restricted Admin
Standard
Standard
Standard
Standard - Career Staff
Standard - Career Staff
Standard - Career Staff
Standard - Career Staff
Standard - Career Staff - Temporary Staff
Standard - Managers
Standard - Managers
Standard - Other
etc...
0
 
LVL 20

Expert Comment

by:ihenry
Comment Utility

That's pretty easy to achieve with custom comparer.

//-------------- aspx.cs
public class ADSearcher : System.Web.UI.Page
{
      protected System.Web.UI.WebControls.DataGrid DataGrid1;

      private void Page_Load(object sender, System.EventArgs e)
      {
            if ( !Page.IsPostBack )
            {
                  Hashtable[] list = SearchUser( "LDAP:/xx.xx.68.xxx/OU=MyUsers,O=myCompany,C=us", "CN=Admin,O=myCompany,C=us", "Abcde123" );
                  Array.Sort( list, new CanonicalNameComparer() );
                  DataGrid1.DataSource = list;
                  DataGrid1.DataBind();
            }
      }

      private Hashtable[] SearchUser( String ldapPath, String userName, String password )
      {
            String[] propertyNames = new String[] { "cn", "canonicalName", "distinguishedName", "givenName", "sn" };

            DirectoryEntry de = new DirectoryEntry( ldapPath, userName, password, AuthenticationTypes.ServerBind );
            DirectorySearcher ds = new DirectorySearcher( de );
            ds.PropertiesToLoad.AddRange( propertyNames );

            String qry = "(&(objectClass=user)(objectCategory=person))";
            ds.Filter = qry;

            Hashtable[] list = null;
            try
            {
                  SearchResultCollection src = ds.FindAll();
                  if ( src.Count > 0 )
                  {
                        list = new Hashtable[src.Count];
                        for ( int i=0; i<src.Count; i++ )
                        {
                              Hashtable properties = new Hashtable(CaseInsensitiveHashCodeProvider.DefaultInvariant, CaseInsensitiveComparer.DefaultInvariant);
                              foreach ( String propertyName in propertyNames )
                              {
                                    if ( src[i].Properties.Contains(propertyName) )
                                    {
                                          if ( src[i].Properties[propertyName] != null )
                                                properties[propertyName] = src[i].Properties[propertyName][0];
                                          else
                                                properties[propertyName] = null;
                                    }
                              }
                              list[i] = properties;
                        }
                  }
                  return list;
            }
            catch (COMException)
            {
                  throw;
            }
            finally
            {
                  if (de != null) de.Dispose();
                  if (ds != null) ds.Dispose();
            }
      }

      #region Web Form Designer generated code
      override protected void OnInit(EventArgs e)
      {
            //
            // CODEGEN: This call is required by the ASP.NET Web Form Designer.
            //
            InitializeComponent();
            base.OnInit(e);
      }
      
      /// <summary>
      /// Required method for Designer support - do not modify
      /// the contents of this method with the code editor.
      /// </summary>
      private void InitializeComponent()
      {    
            this.Load += new System.EventHandler(this.Page_Load);

      }
      #endregion
}

public class CanonicalNameComparer : IComparer
{
      #region IComparer Members

      public int Compare(object x, object y)
      {
            if ( !(x is Hashtable) || !(y is Hashtable) )
                  throw new ArgumentException( "value must be of type 'Hashtable'" );

            Hashtable xh = x as Hashtable;
            Hashtable yh = y as Hashtable;
            if ( !xh.ContainsKey("canonicalName") || !yh.ContainsKey("canonicalName") )
                  return 0;

            String xdn = ExtractDN( (String) xh["canonicalName"] );
            String ydn = ExtractDN( (String) yh["canonicalName"] );
            if ( xdn == ydn )
            {
                  String xcn = (String) xh["cn"];
                  String ycn = (String) yh["cn"];
                  return String.Compare(xcn, ycn);
            }
            else
                  return String.Compare(xdn, ydn);
      }

      private String ExtractDN( String dn )
      {
            int i = dn.LastIndexOf("/");
            return dn.Substring( 0, i );
      }
      #endregion
}

//-------------- aspx
<%@ Import Namespace="System.Collections" %>
<HTML>
      <HEAD>
            <title></title>
      </HEAD>
      <body>
            <form id="Form1" method="post" runat="server">
                  <p><asp:datagrid id="DataGrid1" runat="server" CellPadding="3" BorderColor="#E7E7FF" BorderStyle="None"
                              BorderWidth="1px" BackColor="White" GridLines="Horizontal" AutoGenerateColumns="False">
                              <SelectedItemStyle Font-Bold="True" ForeColor="#F7F7F7" BackColor="#738A9C"></SelectedItemStyle>
                              <AlternatingItemStyle BackColor="#F7F7F7"></AlternatingItemStyle>
                              <ItemStyle ForeColor="#4A3C8C" BackColor="#E7E7FF"></ItemStyle>
                              <HeaderStyle Font-Bold="True" ForeColor="#F7F7F7" BackColor="#4A3C8C"></HeaderStyle>
                              <FooterStyle ForeColor="#4A3C8C" BackColor="#B5C7DE"></FooterStyle>
                              <Columns>
                                    <asp:TemplateColumn HeaderText="Canonical-Name">
                                          <HeaderStyle Font-Bold="True" HorizontalAlign="Center"></HeaderStyle>
                                          <ItemTemplate>
                                                <%# ( DataBinder.Eval(Container, "DataItem[canonicalName]") ) %>
                                          </ItemTemplate>
                                    </asp:TemplateColumn>
                                    <asp:TemplateColumn HeaderText="Obj-Dist-Name">
                                          <HeaderStyle Font-Bold="True" HorizontalAlign="Center"></HeaderStyle>
                                          <ItemTemplate>
                                                <%# ( DataBinder.Eval(Container, "DataItem[distinguishedName]") ) %>
                                          </ItemTemplate>
                                    </asp:TemplateColumn>
                              </Columns>
                              <PagerStyle HorizontalAlign="Right" ForeColor="#4A3C8C" BackColor="#E7E7FF" Mode="NumericPages"></PagerStyle>
                        </asp:datagrid></p>
            </form>
      </body>
</HTML>
0
 
LVL 35

Author Comment

by:mrichmon
Comment Utility
What I don't understand is if it is sorting why are all the same ones not together currently?
0
 
LVL 20

Expert Comment

by:ihenry
Comment Utility

The sorting is being done in client side not AD, what does it look like in your machine?
0
 
LVL 35

Author Comment

by:mrichmon
Comment Utility
What do you mean client side?  I understand that it is not done in AD but it should be done in the ASP.NET server side.

However, the above code with a custom comparator did seem to work.

Thanks.
0
 
LVL 35

Author Comment

by:mrichmon
Comment Utility
Whoops I just noticed that the above sorts only OU (whereas the Sorted List - although not perfect -also sorted secondarily by last name)

Is there a way to modify this to sort first by canonicalName, then by sn then givenName?

Thanks so much!
0
 
LVL 20

Accepted Solution

by:
ihenry earned 500 total points
Comment Utility
>> whereas the Sorted List - although not perfect -also sorted secondarily by last name
That because its elements are sorted by keys. And If the keys are Canonical-Name attribute
each will contain cn attribute in which last name usually is part of it.

>> Is there a way to modify this to sort first by canonicalName, then by sn then givenName?
Sure it is, replace the DistinguishedNameComparer class with this one

public class DistinguishedNameComparer : IComparer
{
      #region IComparer Members

      public int Compare(object x, object y)
      {
            if ( !(x is Hashtable) || !(y is Hashtable) )
                  throw new ArgumentException( "value must be of type 'Hashtable'" );

            Hashtable xh = x as Hashtable;
            Hashtable yh = y as Hashtable;
            if ( !xh.ContainsKey("canonicalName") || !yh.ContainsKey("canonicalName") )
                  return 0;

            String xSortString = ExtractDN( (String) xh["canonicalName"] );
            String ySortString = ExtractDN( (String) yh["canonicalName"] );

            if ( xSortString == ySortString )
            {
                  xSortString = (String) xh["sn"] + (String) xh["givenName"];
                  ySortString = (String) yh["sn"] + (String) yh["givenName"];
            }

            return String.Compare( xSortString, ySortString );
      }

      private String ExtractDN( String dn )
      {
            int i = dn.LastIndexOf("/");
            return dn.Substring( 0, i +1 );
      }

      #endregion
}
0
 
LVL 35

Author Comment

by:mrichmon
Comment Utility
Thanks that worked!
0
 
LVL 35

Author Comment

by:mrichmon
Comment Utility
And thanks for being so patient!
0
 
LVL 20

Expert Comment

by:ihenry
Comment Utility

No problem, mrichmon. Anytime..
And have a nice weekend!
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Browsers only know CSS so your awesome SASS code needs to be translated into normal CSS. Here I'll try to explain what you should aim for in order to take full advantage of SASS.
Calculating holidays and working days is a function that is often needed yet it is not one found within the Framework. This article presents one approach to building a working-day calculator for use in .NET.
Viewers will learn about the regular for loop in Java and how to use it. Definition: Break the for loop down into 3 parts: Syntax when using for loops: Example using a for loop:
The viewer will learn how to count occurrences of each item in an array.

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now