DirectorySearcher fails with "Access denied" when OU= is in root p
BillInPA
I am preparing a tool which will compare app based users and groups agains
active directory
I want to use DirectorySeacher to get a baseline then look at deltas on
specified intervals
What I cant do is init the searcher root path to an OU in the tree
Heres the code that works, but isnt what I need as it doesnt have OU in the
path
String[] properties = { "objectGUID", "sAMAccountName", "displayName",
"mail", "member" };
String filter = "(| (objectClass=group) (objectClass=user) )";
DirectoryEntry de = new DirectoryEntry("LDAP://DC=MyCompany;DC=com");
DirectorySearcher searcher = new DirectorySearcher(filter, properties);
searcher.SearchRoot = de;
searcher.SearchScope = SearchScope.Subtree;
searcher.Sort = new SortOption("name", SortDirection.Ascending);
searcher.DirectorySynchronization = new DirectorySynchronization();
SearchResultCollection results = searcher.FindAll();
So, that works
BUT, what I need is
DirectoryEntry de = new DirectoryEntry(
"LDAP://OU=TheUnit;DC=MyCompany;DC=com"
);
When I add the OU=, the call fails with "Access denied"
Ive been bangig at this for a couple days, and have tried changing the
semicolons to commas, various formats, etc
Any help is greatly appreciated
Joe Kaplan
Like a said before, the issue is one of permissions. The account being used
to access the directory does not appear to have the permissions required to
do what you want to do. It would be helpful if you could show a full stack
trace of the error though.
The proper delimiter for an LDAP path is ",", not ";". ";" is accepted for
backward compat with LDAP V2 but is not current and is not used in
representations sent to the client.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
"BillInPA" <Bill...@discussions.microsoft.com> wrote in message
news:3C90A39B-424C-421D...@microsoft.com...