DirectoryEntry oDE = new DirectoryEntry("LDAP://DC=Test1,DC=Test2,DC=gov,DC=lk");
using (DirectorySearcher ds = new DirectorySearcher(oDE))
{
ds.PropertiesToLoad.Add("name");
ds.PropertiesToLoad.Add("userPrincipalName");
ds.Filter = "(&(objectClass=user))";
SearchResultCollection results = ds.FindAll();
foreach (SearchResult result in results)
{
Console.WriteLine("{0} - {1}",
result.Properties["name"][0].ToString(),
result.Properties["userPrincipalName"][0].ToString());
}
}
On the SearchResultCollection results = ds.FindAll(); line I get an exception:
A referral was returned from the server
Why do I get that exception and what does it mean?
This question is related to
c#
active-directory
I know this might sound silly, but I recently came across this myself, Make sure the domain controller is not read-only.
A referral is sent by an AD server when it doesn't have the information requested itself, but know that another server have the info. It usually appears in trust environment where a DC can refer to a DC in trusted domain.
In your case you are only specifying a domain, relying on automatic lookup of what domain controller to use. I think that you should try to find out what domain controller is used for the query and look if that one really holds the requested information.
If you provide more information on your AD setup, including any trusts/subdomains, global catalogues and the DNS resource records for the domain controllers it will be easier to help you.
A referral was returned from the server error usually means that the IP address is not hosted by the domain that is provided on the connection string. For more detail, see this link:
Referral was returned AD Provider
To illustrate the problem, we define two IP addresses hosted on different domains:
IP Address DC Name Notes
172.1.1.10 ozkary.com Production domain
172.1.30.50 ozkaryDev.com Development domain
If we defined a LDAP connection string with this format:
LDAP://172.1.1.10:389/OU=USERS,DC=OZKARYDEV,DC=COM
This will generate the error because the IP is actually on the OZKARY DC not the OZKARYDEV DC. To correct the problem, we would need to use the IP address that is associated to the domain.
Had the same issue and managed to resolve it.
In my case, I had an AD group in the current logon domain with members (users) from a sub domain. The server that I was running the code on could not access the domain controller of the sub domain (the server had never needed to access the sub domain before).
I struggled for a while as my desktop PC could access the domain so everything looked OK in the MMC plugin (Active Directory Users & Computers).
Hope that helps someone else.
In my case I was seeing referrals when I was accessing AD via SSO with an account in a trusted domain. The problem went away when I connected with explicit credentials in the local domain.
i.e. I replaced
DirectoryEntry de = new DirectoryEntry("blah.com");
with
DirectoryEntry de = new DirectoryEntry("blah.com", "[email protected]", "supersecret");
and the problem went away.
You may also need to enable ReferralChasing on the DirectorySearcher - http://msdn.microsoft.com/en-us/library/ms180884(VS.80).aspx.
Probably the path you supplied was not correct. Check that.
I would recomment the article Howto: (Almost) Everything In Active Directory via C# which really helped me in the past in dealing with AD.
Source: Stackoverflow.com