by Administrator
24. May 2010 23:40
You need to be careful if you are listing or enumerating members in large groups (i.e. over 1500 members). The standard approach in the first code sample doesn't work as the DE.Properties["member"] property will only return 1500 members
The solution is shown in the 2nd code snippet using the ADSI Edit Invoke statement
using System;
using System.Collections;
using System.Collections.Generic;
using System.Text;
using System.DirectoryServices;
using ActiveDs;
namespace DirectoryServices
{
static class ADGroup
{
const string GROUP_PATH = "LDAP://PATHTOGROUPGOESHERE";
const string MEMBER_PATH = "LDAP://PATHTOUSERGOESHERE";
const string MEMBER_DISTINGUISHED_NAME = "USERDISTINGUISHEDNAMEGOESHERE";
public static void ListMembers()
{
using (DirectoryEntry DE = new DirectoryEntry(GROUP_PATH))
{
for (int i = 0; i < DE.Properties["member"].Count; i++)
{
string val = DE.Properties["member"][i].ToString();
Console.WriteLine(i + " - " + val);
}
}
}
}
}
Use the code below to enumerate/list members in a large group (over 1500 members)
using System;
using System.Collections;
using System.Collections.Generic;
using System.Text;
using System.DirectoryServices;
using ActiveDs;
namespace DirectoryServices
{
static class ADGroup
{
const string GROUP_PATH = "LDAP://PATHTOGROUPGOESHERE";
const string MEMBER_PATH = "LDAP://PATHTOUSERGOESHERE";
const string MEMBER_DISTINGUISHED_NAME = "USERDISTINGUISHEDNAMEGOESHERE";
public static void ListMembers()
{
using (DirectoryEntry DE = new DirectoryEntry(GROUP_PATH))
{
IADsMembers groupMembers = (IADsMembers) DE.Invoke("members", null);
int ctr = 0;
foreach (object groupMember in groupMembers)
{
IADs user = (IADs)groupMember;
ctr = ctr + 1;
Console.WriteLine(ctr + " - " + user.Name);
}
}
}
}
}
by Administrator
24. May 2010 23:39
You need to be careful if you checking if a member exists in a large group (i.e. over 1500 members). The standard approach in the first code sample doesn't work as the DE.Properties["member"] property will only return 1500 members
The solution is shown in the 2nd code snippet using the ADSI Edit Invoke statement
using System;
using System.Collections;
using System.Collections.Generic;
using System.Text;
using System.DirectoryServices;
using ActiveDs;
namespace DirectoryServices
{
static class ADGroup
{
const string GROUP_PATH = "LDAP://PATHTOGROUPGOESHERE";
const string MEMBER_PATH = "LDAP://PATHTOUSERGOESHERE";
const string MEMBER_DISTINGUISHED_NAME = "USERDISTINGUISHEDNAMEGOESHERE";
public static bool IsMember2()
{
using (DirectoryEntry DE = new DirectoryEntry(GROUP_PATH))
{
if (DE.Properties["member"].Contains(MEMBER_DISTINGUISHED_NAME))
return true;
else
return false;
}
}
}
}
Use the code below to check if a members is in a large group
using System;
using System.Collections;
using System.Collections.Generic;
using System.Text;
using System.DirectoryServices;
using ActiveDs;
namespace DirectoryServices
{
static class ADGroup
{
const string GROUP_PATH = "LDAP://PATHTOGROUPGOESHERE";
const string MEMBER_PATH = "LDAP://PATHTOUSERGOESHERE";
const string MEMBER_DISTINGUISHED_NAME = "USERDISTINGUISHEDNAMEGOESHERE";
public static bool IsMember()
{
using (DirectoryEntry DE = new DirectoryEntry(GROUP_PATH))
{
return (bool)DE.Invoke("IsMember", MEMBER_PATH);
}
}
}
}
by Administrator
24. May 2010 23:36
You need to be careful if you are removing members from large groups (i.e. over 1500 members). The standard approach in the first code sample doesn't work as the DE.Properties["member"] property will only return 1500 members
The solution is shown in the 2nd code snippet using the ADSI Edit Invoke statement
using System;
using System.Collections;
using System.Collections.Generic;
using System.Text;
using System.DirectoryServices;
using ActiveDs;
namespace DirectoryServices
{
static class ADGroup
{
const string GROUP_PATH = "LDAP://PATHTOGROUPGOESHERE";
const string MEMBER_PATH = "LDAP://PATHTOUSERGOESHERE";
const string MEMBER_DISTINGUISHED_NAME = "USERDISTINGUISHEDNAMEGOESHERE";
public static void RemoveMember()
{
using (DirectoryEntry DE = new DirectoryEntry(GROUP_PATH))
{
DE.Properties["member"].Remove(MEMBER_DISTINGUISHED_NAME);
DE.CommitChanges();
}
}
}
}
Use the code below to add members to large groups
using System;
using System.Collections;
using System.Collections.Generic;
using System.Text;
using System.DirectoryServices;
using ActiveDs;
namespace DirectoryServices
{
static class ADGroup
{
const string GROUP_PATH = "LDAP://PATHTOGROUPGOESHERE";
const string MEMBER_PATH = "LDAP://PATHTOUSERGOESHERE";
const string MEMBER_DISTINGUISHED_NAME = "USERDISTINGUISHEDNAMEGOESHERE";
public static void RemoveMember()
{
using (DirectoryEntry DE = new DirectoryEntry(GROUP_PATH))
{
DE.Invoke("Remove", new Object[] { MEMBER_PATH });
}
}
}
}
by Administrator
24. May 2010 23:26
You need to be careful if you are adding members to large groups (i.e. over 1500 members). The standard approach in the first code sample doesn't work as the DE.Properties["member"] property will only return 1500 members - and you can't add any more to this
The solution is shown in the 2nd code snippet using the ADSI Edit Invoke statement
using System;
using System.Collections;
using System.Collections.Generic;
using System.Text;
using System.DirectoryServices;
using ActiveDs;
namespace DirectoryServices
{
static class ADGroup
{
const string GROUP_PATH = "LDAP://PATHTOGROUPGOESHERE";
const string MEMBER_PATH = "LDAP://PATHTOUSERGOESHERE";
const string MEMBER_DISTINGUISHED_NAME = "USERDISTINGUISHEDNAMEGOESHERE";
public static void AddMember()
{
using (DirectoryEntry DE = new DirectoryEntry(GROUP_PATH))
{
DE.Properties["member"].Add(MEMBER_DISTINGUISHED_NAME);
DE.CommitChanges();
}
}
}
}
Use the code below to add members to large groups
using System;
using System.Collections;
using System.Collections.Generic;
using System.Text;
using System.DirectoryServices;
using ActiveDs;
namespace DirectoryServices
{
static class ADGroup
{
const string GROUP_PATH = "LDAP://PATHTOGROUPGOESHERE";
const string MEMBER_PATH = "LDAP://PATHTOUSERGOESHERE";
const string MEMBER_DISTINGUISHED_NAME = "USERDISTINGUISHEDNAMEGOESHERE";
public static void AddMember ()
{
using (DirectoryEntry DE = new DirectoryEntry(GROUP_PATH))
{
DE.Invoke("Add", new Object[] { MEMBER_PATH });
}
}
}
}
by Administrator
22. May 2010 00:04
If you're putting heavy load on your AD server using DirectoryServices you may find you get intermittent errors such as 'The directory service is unavailable' or 'The server is not operational'
If you don't keep an LDAP connection in scope then a new connection gets created for each object and the AD server runs out of wild-card TCP ports (or so I've read online 
)
Anyway, the simple solution is to keep a connected DirectoryEntry object in scope while you perform the other operations. This will ensure all operations use the same LDAP connection (as long as they have the same connection string and credentials)
The code below illustrates the problem. This falls over at iteration 62000 approx on my test system
using System;
using System.Collections.Generic;
using System.Text;
using System.DirectoryServices;
namespace DirectoryServices
{
class Program
{
static void Main(string[] args)
{
try
{
for (int i = 0; i < 100000; i++)
{
string LDAPPath = "LDAP://PathGoesHere";
using (DirectoryEntry DE = new DirectoryEntry(LDAPPath))
{
string name = DE.Properties["distinguishedName"].Value.ToString();
}
}
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
Console.WriteLine(ex.StackTrace);
}
}
}
}
To remedy it, you can just add the following code at the top of the method - or you could use a static variable to keep the LDAP connection in scope
using System;
using System.Collections.Generic;
using System.Text;
using System.DirectoryServices;
namespace DirectoryServices
{
class Program
{
static void Main(string[] args)
{
/* create a object to hold the connection open */
string LDAPPathConn = "LDAP://";
DirectoryEntry DEConn = new DirectoryEntry(LDAPPathConn);
DEConn.RefreshCache();
int i = 0;
try
{
for (i = 0; i < 100000; i++)
{
string LDAPPath = "LDAP://PATHGOESHERE";
using (DirectoryEntry DE = new DirectoryEntry(LDAPPath))
{
string name = DE.Properties["distinguishedName"].Value.ToString();
}
}
}
catch (Exception ex)
{
Console.WriteLine("ERROR IN LOOP: i=" + i.ToString() );
Console.WriteLine(ex.Message);
Console.WriteLine(ex.StackTrace);
}
}
}
}