Searching with DirectorySearcher

Searching with DirectorySearcher

We've shown how easy it is to read individual objects from Active Directory with the DirectoryEntry class, so let's now look at how to search Active Directory with the DirectorySearcher class. The DirectorySearcher class works like many other LDAP-based search APIs. Figure contains all of the DirectorySearcher properties.

DirectorySearcher properties

Property name



Gets or sets the flag that determines whether results are cached on the client


Gets or sets the time period the client is willing to wait for the server to answer the search


Gets or sets the search filter string


Gets or sets the page size for paged searching


Gets or sets the attributes to return from a search


Gets or sets the flag indicating to only return attribute names from a search


Gets or sets whether referrals are chased


Gets or sets the base from which the search should start


Gets or sets the scope of the search


Gets or sets the time the server will wait for an individual page to return from a search


Gets or sets the time the server will wait for a search to complete


Gets or sets the maximum number of objects that can be returned by a search


Gets or sets the attribute that is used when returning sorted search results

Many of the properties, such as SearchScope, should look familiar. The following code shows how to search for all user objects in the domain.

Dim objSearch As New DirectorySearcher(  )
objSearch.SearchRoot = New DirectoryEntry("LDAP://dc=mycorp,dc=com")
objSearch.Filter = "(&(objectclass=user)(objectcategory=person))"
objSearch.SearchScope = SearchScope.Subtree
Dim colQueryResults As SearchResultCollection
colQueryResults = objSearch.FindAll(  )
Dim objResult As SearchResult
For Each objResult In colQueryResults

After a new DirectorySearcher class was instantiated, we set four properties before executing the search. The SearchRoot accepts a DirectoryEntry object representing the search base; the Filter property is the LDAP filter string; SearchScope is one of the values contained in the System.DirectoryServices.SearchScope enumeration; and PropertiesToLoad.Add( ) builds the attribute list to return from the query. You can specify multiple attributes in a single statement by using PropertiesToLoad.AddRange:

objSearch.PropertiesToLoad.AddRange(New String(  ) {"cn", "sn", "givenname"})

After all of the search parameters have been set, we can use the FindAll( ) method to invoke the search. A System.DirectoryServices.SearchResultsCollection is returned by the FindAll( ) method, and you can iterate over each entry using a For Each loop. The SearchResultsCollection contains System.DirectoryServices.SearchResult objects, which are very similar to DirectoryEntry objects.

If you want to retrieve only the first object in the search results, you can use the FindOne( ) method, which returns a single SearchResult object.

If you use a .NET Framework prior to 2.0, there is a resource cleanup issue with the FindOne( ) method. Microsoft has not acknowledged this in any support articles, but Max Vaughn of Microsoft Developer Support posted the issue in the microsoft.public.adsi.general newsgroup. Use FindAll( ) with a SizeLimit( ) of 1 as an alternative.

 Python   SQL   Java   php   Perl 
 game development   web development   internet   *nix   graphics   hardware 
 telecommunications   C++ 
 Flash   Active Directory   Windows