LDAP Not all users returning Memberof information Asp.Net

I am using asp.net 2.0 with C#.  I am authenticating users against LDAP and that is working fine.  Once they are authenticated, I want to pull more information from LDAP, however, I have noticed that not all users will return information such as memberof.  I am however able to get the displayName.  I have the LDAP connection string in the web.config file, and I created a special user account that I use to query LDAP.  Below is the code that I am using.  For some reason not all users will return memberof information.
Please see the attached code snippet.

With the code, the display name is set regardless of the user, the memberOf will only set on certin users. I have looked through my LDAP directory and I do not see a connection between the users that do not show.  

Any help would be appreciated.  
Thank you.

DirectoryEntry entry = new DirectoryEntry();
 
        DirectorySearcher Dsearch = new DirectorySearcher(entry);
 
        String filterText = "sAMAccountName=" + _userName;
 
        Dsearch.Filter = filterText;
 
        SearchResult sResultSet = Dsearch.FindOne();
 
        if (sResultSet.Properties["displayName"].Count > 0)
        {
            _displayName = sResultSet.Properties["displayName"][0].ToString();
 
            string memberOF = (String)sResultSet.Properties["memberof"][0];
 
        }

Open in new window

shanemayAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Chris DentPowerShell DeveloperCommented:

Hey,

If the user is only a member of Domain Users of their Primary Group then memberOf will not return. Primary group membership is evaluated outside of memberOf / member.

Chris
0
shanemayAuthor Commented:
Thank you for the response.  Based on your comments, I added the following code to see if I could pull any other LDAP data from member.  Please see the attached code.  For some reason the only information being pulled on certain users is the "displayName" property.  The code works because I always get a displayName.  For some user I get most of the information, for some users I get nothing.  Again, thank you, any help would be greatly appreciated.  


names[0] = "Given Name = " + sResultSet.Properties["givenName"][0].ToString();
            names[1] = "initials = " + sResultSet.Properties["initials"][0].ToString();
            names[2] = "sn = " + sResultSet.Properties["sn"][0].ToString();
            names[3] = "homemdb = " + sResultSet.Properties["homemdb"][0].ToString();
            names[4] = "countrycode = " + sResultSet.Properties["countrycode"][0].ToString();
            names[5] = "cn = " + sResultSet.Properties["cn"][0].ToString();
            names[6] = "msexchuseraccountcontrol = " + sResultSet.Properties["msexchuseraccountcontrol"][0].ToString();
            names[7] = "mailnickname = " + sResultSet.Properties["mailnickname"][0].ToString();
            names[8] = "msexchhomeservername = " + sResultSet.Properties["msexchhomeservername"][0].ToString();
            names[9] = "msexchhidefromaddresslists = " + sResultSet.Properties["msexchhidefromaddresslists"][0].ToString();
            names[10] = "msexchalobjectversion = " + sResultSet.Properties["msexchalobjectversion"][0].ToString();
            names[11] = "usncreated = " + sResultSet.Properties["usncreated"][0].ToString();
            names[12] = "objectguid = " + sResultSet.Properties["objectguid"][0].ToString();
            names[13] = "msexchrequireauthtosendto = " + sResultSet.Properties["msexchrequireauthtosendto"][0].ToString();
            names[14] = "whenchanged = " + sResultSet.Properties["whenchanged"][0].ToString();
            names[15] = "memberof = " + sResultSet.Properties["memberof"][0].ToString();
            names[16] = "accountexpires = " + sResultSet.Properties["accountexpires"][0].ToString();
            names[17] = "displayname = " + sResultSet.Properties["displayname"][0].ToString();
            names[18] = "primarygroupid = " + sResultSet.Properties["primarygroupid"][0].ToString();
            names[19] = "badpwdcount = " + sResultSet.Properties["badpwdcount"][0].ToString();
            names[20] = "objectclass = " + sResultSet.Properties["objectclass"][0].ToString();
            names[21] = "instancetype = " + sResultSet.Properties["instancetype"][0].ToString();
            names[22] = "msmqdigests = " + sResultSet.Properties["msmqdigests"][0].ToString();
            names[23] = "objectcategory = " + sResultSet.Properties["objectcategory"][0].ToString();
            names[24] = "samaccounttype = " + sResultSet.Properties["samaccounttype"][0].ToString();
            names[25] = "whencreated = " + sResultSet.Properties["whencreated"][0].ToString();
            names[26] = "lastlogon = " + sResultSet.Properties["lastlogon"][0].ToString();
            names[27] = "useraccountcontrol = " + sResultSet.Properties["useraccountcontrol"][0].ToString();
            names[28] = "msmqsigncertificates = " + sResultSet.Properties["msmqsigncertificates"][0].ToString();
            names[29] = "samaccountname = " + sResultSet.Properties["samaccountname"][0].ToString();
            names[30] = "userparameters = " + sResultSet.Properties["userparameters"][0].ToString();
            names[31] = "mail = " + sResultSet.Properties["mail"][0].ToString();
            names[32] = "msexchmailboxsecuritydescriptor = " + sResultSet.Properties["msexchmailboxsecuritydescriptor"][0].ToString();
            names[33] = "adspath = " + sResultSet.Properties["adspath"][0].ToString();
            names[34] = "lockouttime = " + sResultSet.Properties["lockouttime"][0].ToString();
            names[35] = "homemta = " + sResultSet.Properties["homemta"][0].ToString();
            names[36] = "description = " + sResultSet.Properties["description"][0].ToString();
            names[37] = "msexchmailboxguid = " + sResultSet.Properties["msexchmailboxguid"][0].ToString();
            names[38] = "pwdlastset = " + sResultSet.Properties["pwdlastset"][0].ToString();
            names[39] = "logoncount = " + sResultSet.Properties["logoncount"][0].ToString();
            names[40] = "codepage = " + sResultSet.Properties["codepage"][0].ToString();
            names[41] = "name = " + sResultSet.Properties["name"][0].ToString();
            names[42] = "usnchanged = " + sResultSet.Properties["usnchanged"][0].ToString();
            names[43] = "legacyexchangedn = " + sResultSet.Properties["legacyexchangedn"][0].ToString();
            names[44] = "proxyaddresses = " + sResultSet.Properties["proxyaddresses"][0].ToString();
            names[45] = "userprincipalname = " + sResultSet.Properties["userprincipalname"][0].ToString();
            names[46] = "admincount = " + sResultSet.Properties["admincount"][0].ToString();
            names[47] = "badpasswordtime = " + sResultSet.Properties["badpasswordtime"][0].ToString();
            names[48] = "objectsid = " + sResultSet.Properties["objectsid"][0].ToString();
            names[49] = "msexchpoliciesincluded = " + sResultSet.Properties["msexchpoliciesincluded"][0].ToString();
            names[50] = "mdbusedefaults = " + sResultSet.Properties["mdbusedefaults"][0].ToString();
            names[51] = "distinguishedname = " + sResultSet.Properties["distinguishedname"][0].ToString();
            names[52] = "showinaddressbook = " + sResultSet.Properties["showinaddressbook"][0].ToString();
            names[53] = "givenname = " + sResultSet.Properties["givenname"][0].ToString();
            names[54] = "textencodedoraddress = " + sResultSet.Properties["textencodedoraddress"][0].ToString();
            names[55] = "lastlogontimestamp = " + sResultSet.Properties["lastlogontimestamp"][0].ToString(); 

Open in new window

0
Chris DentPowerShell DeveloperCommented:
I'd have to guess it was how you were attempting to return / display the values that's at fault. Reading them in like that should work, although some will be pretty useless.  If I use the method above and simply write the response to a Label it works.

For memberOf, it's an array, so you'd have to loop through each value rather than just the first index.

Chris
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

shanemayAuthor Commented:
Thank you again for the reply.  Below is the code that I use to display the information.  I agree. It should work, and it does for some users.  For others I get nothing.  I feel that it is a permission issue, but I am not sure were to begin.  I used the generic label names for testing just to see what it would return.  Do you think it could have to do with the account the manages the asp.net worker thread?  I am really at a loss.  
         lblDisplayName.Text = _displayName;
 
        _fullUserName = DOMAIN_PREFIX + _userName;
 
        lblGroupName.Text = _groupName;
        lblLDAPMember.Text = _LDAPMembership;
 
        DateTime myDate = new DateTime();
 
        myDate = DateTime.Now;
 
        lblDate.Text = myDate.ToLongDateString();
 
        Label1.Text = names[0];
        Label2.Text = names[1];
        Label3.Text = names[2];
        Label4.Text = names[3];
        Label5.Text = names[4];
        Label6.Text = names[5];
        Label7.Text = names[6];
        Label8.Text = names[7];
        Label9.Text = names[8];
        Label10.Text = names[9];
        Label11.Text = names[10];
        Label12.Text = names[11];
        Label13.Text = names[12];
        Label14.Text = names[13];
        Label15.Text = names[14];
        Label16.Text = names[15];
        Label17.Text = names[16];
        Label18.Text = names[17];
        Label19.Text = names[18];
        Label20.Text = names[19];

Open in new window

0
anipeddiCommented:
In my past project i had faced this issue and i did solve it.
Are you using windows authentication, if so turn on impersonation in your application,
steps to do this
1)have user credentials who has admin access on Active Directory
2)Go to your web.config file, Turn on impersonation, specify username and password(you could encrypt the user credentials)
  for example
                                           <authentication mode="Windows"/>
            <identity impersonate="true" userName="xxxx" password="xxxx"/>

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
shanemayAuthor Commented:
Thank you for the reply, when you suggest that the user have admin access on Active Directory, do you mean the user should have admin access to the server.  I am running windows Server 2003.  Also, I am using windows authentication.  I created a log in page that authenticates against my LDAP.  I will make the changes on Monday and reply back.  Again, thank you for the suggestion.
0
anipeddiCommented:
I think initially you should understand the concept of impersonation. Pls read this article
http://www.c-sharpcorner.com/UploadFile/manishkdwivedi/impersonation10092007065217AM/impersonation.aspx
http://msdn.microsoft.com/en-us/library/xh507fc5(VS.71).aspx


The user who uses the application does not need to have Admin rights on the Server.
but the problem is with out having admin rights he can not see the memberof() information So,
Use your login screen to authenticate the user, and turn on impersonation.
when you turn on the impersonation No matter who logged in to the application, just uses the user credentials what you have specified in the impersonation node to hit the Active directory.
0
Chris DentPowerShell DeveloperCommented:

> but the problem is with out having admin rights he can not see the memberof() information So

Yes he can.

All attributes are have authenticated users Read unless that has been explicitly removed on the directory level.

Web Applications do not need to run as Administrator to read the directory.

Chris
0
Henrik JohanssonSystems engineerCommented:
memberOf doesn't return primary group membership.
To get that information, you nead to compare the group's PrimaryGroupToken with the user's PrimaryGroupId.
Collect a recordset with the groups and when accessing the user, apply a filter on the group-recordset to find the matching primary group.
rsGroup.Filter="(PrimaryGroupToken="+sResultSet.Properties("primaryGroupId")+")"
0
shanemayAuthor Commented:
Thank you your help.  This worked out perfectly.  Again, thank you.  
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Databases

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.