Solved

LDAP lookup works for some users but not for others

Posted on 2009-03-30
4
657 Views
Last Modified: 2012-05-06
Hi
I created an ASP.NET website for our intranet and one of the things it does is takes the PC login name and finds the Display Name from Active Directory.

So say for example I login to our domain
username hmcgeehan
domain harry-corp

Now this works fine for me and some users it returns the correct display name but for some users it's not finding a display name. It returns "name not found"

Any ideas?

Thanks
H

Public Shared Function getFullnameFromLogonUser(ByVal logonUser As String) As String
 
        Try
 
            Dim rootDirectoryEntry As DirectoryEntry = New DirectoryEntry("LDAP://harry-corp.net/OU=Users,OU=Accounts,DC=harry-corp,DC=net")
            
            Dim directorySearcher As DirectorySearcher = New DirectorySearcher(rootDirectoryEntry)
            Dim searchResultCollection As SearchResultCollection
            Dim searchResult As SearchResult
 
            directorySearcher.Sort = New SortOption("cn", SortDirection.Ascending)
            directorySearcher.Filter = "(userPrincipalName=" + logonUser + "@harry-corp.net)"
            directorySearcher.PropertiesToLoad.Add("cn")
            searchResultCollection = directorySearcher.FindAll
 
            For Each searchResult In searchResultCollection
 
                Return searchResult.GetDirectoryEntry().Properties("cn").Value
 
            Next
 
 
            Dim rootDirectoryEntry2 As DirectoryEntry = New DirectoryEntry("LDAP://harry-corp.net/OU=Test Users,OU=Test Accounts2,DC=harry-corp,DC=net")
            
            Dim directorySearcher2 As DirectorySearcher = New DirectorySearcher(rootDirectoryEntry2)
            Dim searchResultCollection2 As SearchResultCollection
            Dim searchResult2 As SearchResult
 
            directorySearcher2.Sort = New SortOption("cn", SortDirection.Ascending)
            directorySearcher2.Filter = "(userPrincipalName=" + logonUser + "@harry-corp.net)"
            directorySearcher2.PropertiesToLoad.Add("cn")
            searchResultCollection2 = directorySearcher2.FindAll
 
            For Each searchResult2 In searchResultCollection2
 
                Return searchResult2.GetDirectoryEntry().Properties("cn").Value
 
            Next
 
            Dim rootDirectoryEntry3 As DirectoryEntry = New DirectoryEntry("LDAP://harry-corp.net/OU=Users,OU=Accounts2,DC=harry-corp,DC=net")
            
            Dim directorySearcher3 As DirectorySearcher = New DirectorySearcher(rootDirectoryEntry3)
            Dim searchResultCollection3 As SearchResultCollection
            Dim searchResult3 As SearchResult
 
            directorySearcher3.Sort = New SortOption("cn", SortDirection.Ascending)
            directorySearcher3.Filter = "(userPrincipalName=" + logonUser + "@harry-corp.net)"
            directorySearcher3.PropertiesToLoad.Add("cn")
            searchResultCollection3 = directorySearcher3.FindAll
 
            For Each searchResult3 In searchResultCollection3
 
                Return searchResult3.GetDirectoryEntry().Properties("cn").Value
 
            Next
 
            Return "name not found"
 
        Catch
            Return "error"
        End Try
 
    End Function

Open in new window

0
Comment
Question by:hmcgeehan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 27

Expert Comment

by:nmarun
ID: 24018905
Please see if this works:

If not, try generalizing your LDAP connection string to:
LDAP://harry-corp.net/DC=harry-corp,DC=net

This could result in you making only one call for all users irrespective of their OU's.

Public Shared Function getFullnameFromLogonUser(ByVal logonUser As String) As String
 
        Try
 
            Dim rootDirectoryEntry As DirectoryEntry = New DirectoryEntry("LDAP://harry-corp.net/OU=Users,OU=Accounts,DC=harry-corp,DC=net")
            
            Dim directorySearcher As DirectorySearcher = New DirectorySearcher(rootDirectoryEntry)
            Dim searchResultCollection As SearchResultCollection
            Dim searchResult As SearchResult
 
            directorySearcher.Sort = New SortOption("cn", SortDirection.Ascending)
            directorySearcher.Filter = "(userPrincipalName=" + logonUser + "@harry-corp.net)"
            directorySearcher.PropertiesToLoad.Add("cn")
            searchResultCollection = directorySearcher.FindAll
            
            Dim userFound as bool = False
            Dim userFullName as String = String.Empty
 
            For Each searchResult As SearchResult In searchResultCollection
 		If searchResult.Properties("cn").Count > 0 Then
	                userFullName = searchResult.GetDirectoryEntry().Properties("cn").Value
	                userFound = True
	                Exit For
	        End If
            Next
 
 	    If userFound = False Then
 
		    Dim rootDirectoryEntry2 As DirectoryEntry = New DirectoryEntry("LDAP://harry-corp.net/OU=Test Users,OU=Test Accounts2,DC=harry-corp,DC=net")
 
		    Dim directorySearcher2 As DirectorySearcher = New DirectorySearcher(rootDirectoryEntry2)
		    Dim searchResultCollection2 As SearchResultCollection
		    Dim searchResult2 As SearchResult
 
		    directorySearcher2.Sort = New SortOption("cn", SortDirection.Ascending)
		    directorySearcher2.Filter = "(userPrincipalName=" + logonUser + "@harry-corp.net)"
		    directorySearcher2.PropertiesToLoad.Add("cn")
		    searchResultCollection2 = directorySearcher2.FindAll
 
		    For Each searchResult As SearchResult In searchResultCollection
			If searchResult.Properties("cn").Count > 0 Then
				userFullName = searchResult.GetDirectoryEntry().Properties("cn").Value
				userFound = True
				Exit For
			End If
		    Next
	    End If
	    
	    If userFound = False Then
 
		    Dim rootDirectoryEntry3 As DirectoryEntry = New DirectoryEntry("LDAP://harry-corp.net/OU=Users,OU=Accounts2,DC=harry-corp,DC=net")
 
		    Dim directorySearcher3 As DirectorySearcher = New DirectorySearcher(rootDirectoryEntry3)
		    Dim searchResultCollection3 As SearchResultCollection
		    Dim searchResult3 As SearchResult
 
		    directorySearcher3.Sort = New SortOption("cn", SortDirection.Ascending)
		    directorySearcher3.Filter = "(userPrincipalName=" + logonUser + "@harry-corp.net)"
		    directorySearcher3.PropertiesToLoad.Add("cn")
		    searchResultCollection3 = directorySearcher3.FindAll
 
		    For Each searchResult As SearchResult In searchResultCollection
			If searchResult.Properties("cn").Count > 0 Then
				userFullName = searchResult.GetDirectoryEntry().Properties("cn").Value
				userFound = True
				Exit For
			End If
		    Next
	    End If
 
 	    If userFound = False Then
            	userFullName = "name not found"
            End If
            
            Return userFullName
 
        Catch
            Return "error"
        End Try
 
    End Function

Open in new window

0
 

Author Comment

by:hmcgeehan
ID: 24019874
I've worked out that - for the users it wasn't finding in AD - it was crashing out and the exception I caught said An Operations Error Has Occured.

Thanks

nmarun I will try your sggestion now thanks
0
 

Accepted Solution

by:
hmcgeehan earned 0 total points
ID: 24020134
I just noticed that in the web.config
<identity impersonate="true"/>

I changed this to
<identity impersonate="false"/>
and it seems to work now.

I don't fully understand why that worked!

The thing is the users who were getting errors with the .net page were in a specific OU of Active Directory.
Maybe when impersonate was set to true the web page ran under their login details and they didn't have the permissions to do an LDAP lookup?

thanks
0
 
LVL 27

Expert Comment

by:nmarun
ID: 24020203
That is weird. As you said, these users might be missing some permissions to do a LDAP lookup. Please assign points to your post and mark this issue for PAQ.
0

Featured Post

Salesforce Has Never Been Easier

Improve and reinforce salesforce training & adoption using WalkMe's digital adoption platform. Start saving on costly employee training by creating fast intuitive Walk-Thrus for Salesforce. Claim your Free Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

One of the pain points with developing AJAX, JavaScript, JQuery, and other client-side behaviors is that JavaScript doesn’t allow for cross domain request for pulling content. For example, JavaScript code on www.johnchapman.name could not pull conte…
Today is the age of broadband.  More and more people are going this route determined to experience the web and it’s multitude of services as quickly and painlessly as possible. Coupled with the move to broadband, people are experiencing the web via …
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question