12

I'm using the System.DirectoryServices.AccountManagement to provide user lookup functionality.

The business has several region specific AD domains: AMR, EUR, JPN etc.

The following works for the EUR domain, but doesn't return users from the other domains (naturally):

var context = new PrincipalContext(ContextType.Domain, "mycorp.com", "DC=eur,DC=mycorp,DC=com");

var query = new UserPrincipal(GetContext());

query.Name = "*Bloggs*";

var users = new PrincipalSearcher(query).FindAll().ToList();

However, if I target the entire directory, it doesn't return users from any of the region specific domains:

var context = new PrincipalContext(ContextType.Domain, "mycorp.com", "DC=mycorp,DC=com");

How do I search the entire directory?

Update

Read up on "How Active Directory Searches Work":

http://technet.microsoft.com/en-us/library/cc755809(v=ws.10).aspx

If I suffix the server name with port 3268 it searches against the Global Catalog:

var context = new PrincipalContext(ContextType.Domain, "mycorp.com:3268", "DC=mycorp,DC=com");

However it's very, very slow. Any suggestions on how to improve performance?

abatishchev
  • 98,240
  • 88
  • 296
  • 433
Robert Morgan
  • 121
  • 1
  • 4
  • Figured it out. Will post answer when SO lets me. – Robert Morgan Dec 20 '12 at 10:01
  • Can you please post what you did to get this working? – FMFF Apr 02 '13 at 20:44
  • Adding port number to the domain string and container param made it work for me, thanks – filip Apr 14 '14 at 14:41
  • 1
    "To search the global catalog, instead of the local domain partition, you must specify port 3268 in the search tool that you are using, instead of port 389, the standard LDAP port. Anytime that you specify port 3268, you are searching in the global catalog." http://technet.microsoft.com/en-us/library/cc755809%28v=ws.10%29.aspx – Tim Valentine May 01 '14 at 14:14
  • @RobertMorgan Did you find any solution to improve the performance? – Milind Thakkar Apr 07 '18 at 16:35

1 Answers1

1

Queries which have initial wildcards (*Bloggs*) will be slow unless you have a tuple index on the attribute being queries. None of the attributes in AD have this set by default. Better to not do initial wildcards.

asgreene
  • 21
  • 2