Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

LDAP lookup works for some users but not for others

Posted on 2009-03-30
4
Medium Priority
?
666 Views
Last Modified: 2012-05-06
Hi
I created an ASP.NET website for our intranet and one of the things it does is takes the PC login name and finds the Display Name from Active Directory.

So say for example I login to our domain
username hmcgeehan
domain harry-corp

Now this works fine for me and some users it returns the correct display name but for some users it's not finding a display name. It returns "name not found"

Any ideas?

Thanks
H

Public Shared Function getFullnameFromLogonUser(ByVal logonUser As String) As String
 
        Try
 
            Dim rootDirectoryEntry As DirectoryEntry = New DirectoryEntry("LDAP://harry-corp.net/OU=Users,OU=Accounts,DC=harry-corp,DC=net")
            
            Dim directorySearcher As DirectorySearcher = New DirectorySearcher(rootDirectoryEntry)
            Dim searchResultCollection As SearchResultCollection
            Dim searchResult As SearchResult
 
            directorySearcher.Sort = New SortOption("cn", SortDirection.Ascending)
            directorySearcher.Filter = "(userPrincipalName=" + logonUser + "@harry-corp.net)"
            directorySearcher.PropertiesToLoad.Add("cn")
            searchResultCollection = directorySearcher.FindAll
 
            For Each searchResult In searchResultCollection
 
                Return searchResult.GetDirectoryEntry().Properties("cn").Value
 
            Next
 
 
            Dim rootDirectoryEntry2 As DirectoryEntry = New DirectoryEntry("LDAP://harry-corp.net/OU=Test Users,OU=Test Accounts2,DC=harry-corp,DC=net")
            
            Dim directorySearcher2 As DirectorySearcher = New DirectorySearcher(rootDirectoryEntry2)
            Dim searchResultCollection2 As SearchResultCollection
            Dim searchResult2 As SearchResult
 
            directorySearcher2.Sort = New SortOption("cn", SortDirection.Ascending)
            directorySearcher2.Filter = "(userPrincipalName=" + logonUser + "@harry-corp.net)"
            directorySearcher2.PropertiesToLoad.Add("cn")
            searchResultCollection2 = directorySearcher2.FindAll
 
            For Each searchResult2 In searchResultCollection2
 
                Return searchResult2.GetDirectoryEntry().Properties("cn").Value
 
            Next
 
            Dim rootDirectoryEntry3 As DirectoryEntry = New DirectoryEntry("LDAP://harry-corp.net/OU=Users,OU=Accounts2,DC=harry-corp,DC=net")
            
            Dim directorySearcher3 As DirectorySearcher = New DirectorySearcher(rootDirectoryEntry3)
            Dim searchResultCollection3 As SearchResultCollection
            Dim searchResult3 As SearchResult
 
            directorySearcher3.Sort = New SortOption("cn", SortDirection.Ascending)
            directorySearcher3.Filter = "(userPrincipalName=" + logonUser + "@harry-corp.net)"
            directorySearcher3.PropertiesToLoad.Add("cn")
            searchResultCollection3 = directorySearcher3.FindAll
 
            For Each searchResult3 In searchResultCollection3
 
                Return searchResult3.GetDirectoryEntry().Properties("cn").Value
 
            Next
 
            Return "name not found"
 
        Catch
            Return "error"
        End Try
 
    End Function

Open in new window

0
Comment
Question by:hmcgeehan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 27

Expert Comment

by:nmarun
ID: 24018905
Please see if this works:

If not, try generalizing your LDAP connection string to:
LDAP://harry-corp.net/DC=harry-corp,DC=net

This could result in you making only one call for all users irrespective of their OU's.

Public Shared Function getFullnameFromLogonUser(ByVal logonUser As String) As String
 
        Try
 
            Dim rootDirectoryEntry As DirectoryEntry = New DirectoryEntry("LDAP://harry-corp.net/OU=Users,OU=Accounts,DC=harry-corp,DC=net")
            
            Dim directorySearcher As DirectorySearcher = New DirectorySearcher(rootDirectoryEntry)
            Dim searchResultCollection As SearchResultCollection
            Dim searchResult As SearchResult
 
            directorySearcher.Sort = New SortOption("cn", SortDirection.Ascending)
            directorySearcher.Filter = "(userPrincipalName=" + logonUser + "@harry-corp.net)"
            directorySearcher.PropertiesToLoad.Add("cn")
            searchResultCollection = directorySearcher.FindAll
            
            Dim userFound as bool = False
            Dim userFullName as String = String.Empty
 
            For Each searchResult As SearchResult In searchResultCollection
 		If searchResult.Properties("cn").Count > 0 Then
	                userFullName = searchResult.GetDirectoryEntry().Properties("cn").Value
	                userFound = True
	                Exit For
	        End If
            Next
 
 	    If userFound = False Then
 
		    Dim rootDirectoryEntry2 As DirectoryEntry = New DirectoryEntry("LDAP://harry-corp.net/OU=Test Users,OU=Test Accounts2,DC=harry-corp,DC=net")
 
		    Dim directorySearcher2 As DirectorySearcher = New DirectorySearcher(rootDirectoryEntry2)
		    Dim searchResultCollection2 As SearchResultCollection
		    Dim searchResult2 As SearchResult
 
		    directorySearcher2.Sort = New SortOption("cn", SortDirection.Ascending)
		    directorySearcher2.Filter = "(userPrincipalName=" + logonUser + "@harry-corp.net)"
		    directorySearcher2.PropertiesToLoad.Add("cn")
		    searchResultCollection2 = directorySearcher2.FindAll
 
		    For Each searchResult As SearchResult In searchResultCollection
			If searchResult.Properties("cn").Count > 0 Then
				userFullName = searchResult.GetDirectoryEntry().Properties("cn").Value
				userFound = True
				Exit For
			End If
		    Next
	    End If
	    
	    If userFound = False Then
 
		    Dim rootDirectoryEntry3 As DirectoryEntry = New DirectoryEntry("LDAP://harry-corp.net/OU=Users,OU=Accounts2,DC=harry-corp,DC=net")
 
		    Dim directorySearcher3 As DirectorySearcher = New DirectorySearcher(rootDirectoryEntry3)
		    Dim searchResultCollection3 As SearchResultCollection
		    Dim searchResult3 As SearchResult
 
		    directorySearcher3.Sort = New SortOption("cn", SortDirection.Ascending)
		    directorySearcher3.Filter = "(userPrincipalName=" + logonUser + "@harry-corp.net)"
		    directorySearcher3.PropertiesToLoad.Add("cn")
		    searchResultCollection3 = directorySearcher3.FindAll
 
		    For Each searchResult As SearchResult In searchResultCollection
			If searchResult.Properties("cn").Count > 0 Then
				userFullName = searchResult.GetDirectoryEntry().Properties("cn").Value
				userFound = True
				Exit For
			End If
		    Next
	    End If
 
 	    If userFound = False Then
            	userFullName = "name not found"
            End If
            
            Return userFullName
 
        Catch
            Return "error"
        End Try
 
    End Function

Open in new window

0
 

Author Comment

by:hmcgeehan
ID: 24019874
I've worked out that - for the users it wasn't finding in AD - it was crashing out and the exception I caught said An Operations Error Has Occured.

Thanks

nmarun I will try your sggestion now thanks
0
 

Accepted Solution

by:
hmcgeehan earned 0 total points
ID: 24020134
I just noticed that in the web.config
<identity impersonate="true"/>

I changed this to
<identity impersonate="false"/>
and it seems to work now.

I don't fully understand why that worked!

The thing is the users who were getting errors with the .net page were in a specific OU of Active Directory.
Maybe when impersonate was set to true the web page ran under their login details and they didn't have the permissions to do an LDAP lookup?

thanks
0
 
LVL 27

Expert Comment

by:nmarun
ID: 24020203
That is weird. As you said, these users might be missing some permissions to do a LDAP lookup. Please assign points to your post and mark this issue for PAQ.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

One of the pain points with developing AJAX, JavaScript, JQuery, and other client-side behaviors is that JavaScript doesn’t allow for cross domain request for pulling content. For example, JavaScript code on www.johnchapman.name could not pull conte…
ASP.Net to Oracle Connectivity Recently I had to develop an ASP.NET application connecting to an Oracle database.As I am doing it first time ,I had to solve several problems. This article will help to such developers  to develop an ASP.NET client…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…

704 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question