LDAP: why doesn't the following use of DirectoryEntry return members for a large global security group?

Question

LDAP: why doesn't the following use of DirectoryEntry return members for a large global security group?

The following code works for 90 +% of the global security groups, but for one very large global security group, it returns an enumerator but is not group member objects, even though the group has many thousands.

DirectoryEntry group = groupResult.GetDirectoryEntry();
filter = "member;range=0-20";
group.RefreshCache(new[] { filter });
PropertyValueCollection groupMembers = group.Properties["member"];
IEnumerator iEnum = groupMembers.GetEnumerator();
//On one large global security group, this returns a valid iEnum, 
//but no member entries.  The group has thousands.
//This code works for every other group I've encountered.

0

c # active-directory exchange-server ldap

Jon Ediger 25 nov. '08 at 1:24

source to share

2 answers

Is it possible that the LDAP server has a limit on how large a set amount or the amount of time it can spend in one response?

As always, check with a third party LDAP browser and see if you can get one. This checks for an authentication and rights issue and whether the server is limiting the size or response time.

0

geoffc Dec 22. '08 at 19:08

source to share

Bevan · Accepted Answer · 2008-11-25T09:45:15+0000

The problem may not be with your code, but with the access protection in your directory - you may not have rights to list the members of this group.

LDAP: why doesn't the following use of DirectoryEntry return members for a large global security group?

More articles: