Directory Services, Search all available providers

Question

I have the following method used for searching for a User Group either on the local computer (done first) or in the Current Forest.

public string FindUserGroup(string group)
    {
        //Search local computer
        using (DirectorySearcher searcher = new DirectorySearcher(new DirectoryEntry()))
        {
            searcher.Filter = "(&(objectClass=group)(|(cn=" + group + ")(dn=" + group + ")))";
            SearchResult result = searcher.FindOne();
            if (result != null)
                return TranslateDirectoryEntryPath(result.GetDirectoryEntry().Path);
        }

        //Search current forest
        Forest forest = Forest.GetCurrentForest();
        foreach (Domain domain1 in forest.Domains)
        {
            using (DirectorySearcher searcher = new DirectorySearcher(domain1.GetDirectoryEntry()))
            {
                searcher.Filter = "(&(objectClass=group)(|(cn=" + group + ")(dn=" + group + ")))";
                SearchResult result = searcher.FindOne();
                if (result != null)
                    return TranslateDirectoryEntryPath(result.GetDirectoryEntry().Path);
            }
        }

        return string.Empty;
    }

My problem is that we as an example have say "domain.local" and "mydomain.local", and my current login is bound to "domain.local", then using below won't be able to find anything in "mydomain.local", even if I through the Windows User Interface is able to.

How can I search all viewable providers from my computers perspective when I don't nessesarily know them all? Do I REALLY have to do the Registry Work my self?

Edit:

One difference in the 2 domains is the "level" they are on when I in an object browser dialog chooses "Locations", it layouts as:

Computer
Entire Direction
- domain.local
mydomain.local

So "mydomain.local" excists outside what is referred to as "Entire Directory", yet my computer can locate it, if that makes any difference?

You just need to search your local computer and then search on the Gobal Catalog. If your forest doesn't have a Global Catalog, yes, you have to search from each of the domains one by one. — Harvey Kwok, Jan 06 '11 at 06:05
@Harvey Kwok: And that would only be accessible through the Registry?... because since the "Object browser dialog" lists the domain the computer has some knowledge of it. And i seems to recall to have found something about it in the registry, but hoped I did not have to dig it out there. — Jens, Sep 08 '11 at 11:22
You meant a full list of domains? It's usually got from the Active Directory. Active Directory stores which domain trust which domain. Check the CN=System container and find out all trustedDomain objects there. — Harvey Kwok, Sep 09 '11 at 04:51

score 0 · Answer 1 · answered Feb 11 '11 at 06:16

0

I don't see a problem as this code here would have already be binded to the other domains.

foreach (Domain domain1 in forest.Domains)
{
    using (DirectorySearcher searcher = new DirectorySearcher(domain1.GetDirectoryEntry()))
    {

Are you trying to say that later on you're binding a DirectoryEntry on your own, and you can't find objects from other domain?

answered Feb 11 '11 at 06:16

user607455

479
5
18

No, I'm saying the the code as is doesn't work. - - Our computers are bound to 2 domains... But using the code I can't find any objects in one of the domains. - - The domain I can't find objects from using the code, I can however easily find objects in using the object browser dialog when e.g. adding permissions to shared folders etc. etc... - - So my computer can obviously see what I refer to as "mydomain.local", yet my code can't... – Jens Feb 11 '11 at 09:49
I Have added some "new" information that I didn't notice before, not sure if they make any difference, code still does not work. – Jens Feb 11 '11 at 09:59
This part of the code sure works for me. I'm able to access other domains through this way. Could it be other reason like the search filter or something? Or maybe could try (cn=*) and list out all the objects. – user607455 Feb 11 '11 at 10:43
Well "forest.Domains" never returns that domain, so changing the search string kind of seems as grasping at straws here. – Jens Feb 14 '11 at 12:59

Directory Services, Search all available providers

1 Answers1