LDAP Query Search Depth Problem

1
votes

I am trying to make a phone directory by pulling OU names and phone numbers from AD. When searching to see if the phone field is filled out in the current OU, and that OU has children OU that also contain a telephone field, those user accounts are being returned as well. For example:

USA

---Texas

---Florida

---New York

I'm trying to find all users that have the phone field filled out in the USA OU but it's returning users from Texas, Florida, and New York. Is there a way to limit the depth of an LDAP search?

I am using c# and my current filter to find users is just

(&(objectClass=user)(objectCategory=person))

Any help would be greatly appreciated!

1
c#active-directoryldap
so you just want the users in the "root" OU "USA"?curtisk
You can filter by phone number present using (telephoneNumber=*), or change telephoneNumber to another attribute depending on the field you need. We have Cisco IP phones here so we use (ipPhone=*).Peter

1 Answers

4
votes

I am assuming you use DirectorySearcher to do the LDAP query. You can limit your search on the USA OU level by setting DirectorySearcher.SearchScope to SearchScope.OneLevel.

Here is a sample that it may look like

IEnumerable<DirectoryEntry> FindUsers(DirectoryEntry root)
{
    using (DirectorySearcher searcher = new DirectorySearcher(root))
    {
        searcher.Filter = "(&(objectClass=user)(objectCategory=person))";
        searcher.SearchScope = SearchScope.OneLevel;
        searcher.PageSize = 1000;
        foreach (SearchResult result in searcher.FindAll())
        {
            yield return result.GetDirectoryEntry();
        }
    }
}