We help IT Professionals succeed at work.

Can not search LDAP Directory Services get errors  like "The parameter is incorrect" and "Unspecified error".

wsfindlater asked
Medium Priority
Last Modified: 2012-06-22
I am trying to use Microsoft dot Net (C#) to connect to my company directory services. Found a freeware tool "Softerra LDAP Browser" that I can use to connect with no problem. When I try to connect from my Web program using Microsoft "DirectoryServices", however, I am always getting error messages like "The parameter is incorrect" and "Unspecified error". Think that the problem has to do with the fact that in ASP.Net I am using the Internet Guest Account (USR_*) instead of my own account, and this account does not have authentication to the LDAP server. Trying to get around this problem by using my account for authentication, but have not had any luck so far. Also I am worried that my access might be blocked somehow but IT policies on my personal computer which has their version of Windows. Have run into this problem in the past where something that works on my server does not work on my PC. Problem is I do not have my new server yet.

If any of this makes sense to you I would really appreciate any help you might give me.
Watch Question

An error like "The parameter is incorrect" suggests that you are connected to the LDAP server, but that you are performing a query which is not possible or trying to access something with bad parameters.

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
You can do a whois look up to know who is authenticated using Http.Current.User.Identity.Name (or Thread.CurrentThread.CurrentPrincipal). With anonymous access enable, you will get either ASPNET (or 'NT AUTHORITY\Network Service' for Win2K3) or IUSR_<machine> account depending on whether or not impersonation is enabled. On the other hand, if you disable anonymous access and enable Integrated Windows Authentication, the expression will return the name of the user, e.g. domain\username.

Some another things to look at is to run nslookup.exe and see if it can resolve the domain name. Also, check whether your network enforces kerberos delegation. If that the case, the domain user, IIS, the PC, browser must be trusted for delegation. And lastly, please post the piece of code that's giving the problem, maybe someone could see something unobviously wrong in it.



This is my code:

using System;
using System.Collections;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Web;
using System.Web.SessionState;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.HtmlControls;
using System.DirectoryServices;
using System.IO;

namespace DirectoryServices
      /// <summary>
      /// Summary description for WebForm1.
      /// </summary>
      public class WebForm1 : System.Web.UI.Page

            private void Page_Load(object sender, System.EventArgs e)
//                        string LDAPServerName = "ldap://ldap.directory.ray.com:389/ou=person,o=raytheon.com,c=us??base?(uid=hac61882)";
                        string LDAPServerName = "ldap://ldap.directory.ray.com:389/ou=person,o=raytheon.com,c=us";
                        DirectoryEntry entry = new DirectoryEntry(LDAPServerName);
//                        entry.Username = "uid=HAC61882,ou=employee,ou=person,o=raytheon.com,c=US";
//                        entry.Username = "uid=HAC61882";
//                        entry.Password = "";
//                        entry.AuthenticationType = AuthenticationTypes.Secure;
                        entry.AuthenticationType = AuthenticationTypes.Anonymous;
                        DirectorySearcher mySearcher = new DirectorySearcher(entry);
                        SearchResultCollection results;
                        mySearcher.Filter = "(uid=HAC61882)";
                        results = mySearcher.FindAll();
                        foreach(SearchResult resEnt in results)
                              ResultPropertyCollection propcoll=resEnt.Properties;
                              foreach(string key in propcoll.PropertyNames)
                                    foreach(object values in propcoll[key])
                  catch(Exception e1)
                        LogTrace("WebForm1.aspx.cs","Page_Load,Error,e1=" + e1.Message);
            #region Web Form Designer generated code
            override protected void OnInit(EventArgs e)
                  // CODEGEN: This call is required by the ASP.NET Web Form Designer.
            /// <summary>
            /// Required method for Designer support - do not modify
            /// the contents of this method with the code editor.
            /// </summary>
            private void InitializeComponent()
                  this.Load += new System.EventHandler(this.Page_Load);

            private void LogTrace (string Catagory, string szMyString )
                  if (Trace.IsEnabled)
                        StreamWriter wrter = File.AppendText ( MapPath("log.csv") );
                        wrter.Write( DateTime.Now.ToShortTimeString() + "," +
                              DateTime.Now.Ticks.ToString("d") + "," + Catagory + "," + szMyString + "\n" );

The LDAP provider is case sensitive and needs to be upper case.

string LDAPServerName = "LDAP://ldap.directory.ray.com:389/ou=person,o=raytheon.com,c=us";



Found out from a college of mine the Microsoft Directory Services does not support Novell LDAP (sufficiently).
Had to use a special .dll that Novell has created to support .Net "Novell.Directory.Ldap.dll"

This can be found at:


Nevertheless, thanks for your efforts.

mm..I'm not sure how valid the statement is. I have seen people (including myself) used System.DirectoryServices with non Microsoft LDAP directory servers, e.g. Novell eDirectory, iPlanet, etc to do normal user management tasks without any problem.
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.