Wednesday, February 8, 2012

Results from Active Directory search query doesn't contain all the objects

If you are wondering why AD search didnot return all the results, the answer is there is a limit of 1000 records per search.This is the scenario we had:

We have many sub domains on the network like
a1.test.com
a2.test.com

We have users under a1.test.com like a1\user1a,a1\user2a . . . .
We have also users under a2.test.com like a2\user1,a2\user2...; also we have rda2\user3 rda2\user4....;
I dont have lot of knowledge about "AD" structure or the terminology.I dont know how the rda2\user3,user4 ended up under a2.test.com

My user is rda2\user3 and if look at the user domain using the "set" command I get a2.test.com, my user dns domain is rda2.

The problem is in my windows app I am trying to show the list of users under every domain
It shows somethings like this in the treeview
a1.test.com
a1\user1a
a1\user2a
a2.test.com
a2\user1
a2\user2
But users rda2\user3 and rda2\user4 is missing from the list.

I use the following code to get the list of users.Also I use the windows add user dialog on my machine I can see all the users if I pick "a2.test.com" as my source and hit find now.

--To get the list of users
Dim ds As New DirectorySearcher(Domain.GetCurrentDomain.GetDirectoryEntry)
ds.PropertiesToLoad.Add(samaccountname)
ds.Filter = "(&(objectClass=user)(objectCategory=person))"
For Each sr As SearchResult In ds.FindAll()
WriteLog("getUsersInGroup first for DomainName " + DomainName)
GetUser() -- code below
Next

--To get user
Searcher = New DirectorySearcher(Domain.GetCurrentDomain.GetDirectoryEntry())
Searcher.Filter = "(&(objectCategory=person)(objectClass=user)(samaccountname=" & adn.UserName & "))"
Searcher.PropertiesToLoad.Add(LDAP_PROPERTY_FIRST_NAME)
Searcher.PropertiesToLoad.Add(LDAP_PROPERTY_LAST_NAME)
Searcher.PropertiesToLoad.Add(LDAP_PROPERTY_EMAIL)

It seems like that the Domain I am trying to search has more than 1000 objects and the usersrda2\user3 and rda2\user4 are added recently so they are never returned back, I tried to use the windows built-in user search dialog and got a error "that there are more than 10000 objects", so to solve the problem

 I have added a filter textbox and is filtering the results.Now I have the users I wanted in the treeview.

Other option would be to set the DirectorySearcher.PageSize to value that is greater than 0 and less than 1000 and get all the results back, keep in mind this might be slow.

No comments:

Post a Comment