LDAP: why doesn't the following use of DirectoryEntry return members for a large global security group?
The following code works for 90 +% of the global security groups, but for one very large global security group, it returns an enumerator but is not group member objects, even though the group has many thousands.
DirectoryEntry group = groupResult.GetDirectoryEntry();
filter = "member;range=0-20";
group.RefreshCache(new[] { filter });
PropertyValueCollection groupMembers = group.Properties["member"];
IEnumerator iEnum = groupMembers.GetEnumerator();
//On one large global security group, this returns a valid iEnum,
//but no member entries. The group has thousands.
//This code works for every other group I've encountered.
0
source to share
2 answers
Is it possible that the LDAP server has a limit on how large a set amount or the amount of time it can spend in one response?
As always, check with a third party LDAP browser and see if you can get one. This checks for an authentication and rights issue and whether the server is limiting the size or response time.
0
source to share