0

I'm using the same userID, LDAP connection string to bind to an LDAP server and fetch information.

  • Tool #1 exposes the msExchMailboxGuid consistently and reliably.

  • Tool #2 (.NET) doesn't expose the msExchMailboxGuid. There are occasions where it's null, and other instances where it isn't.

(Note: I'm not looking for code /developer support)

       DirectoryEntry de = new DirectoryEntry();

        de.Path = "LDAP://ldap.exchange.serverdata.net:636/DC=exchange,DC=serverpod,DC=net";
        de.Password = "PASSWORD";
        de.Username = "LDAP@copmany.com";
        de.AuthenticationType = AuthenticationTypes.Secure;

        DirectorySearcher ds = new DirectorySearcher();
        ds.PropertiesToLoad.Add("cn");
        ds.PropertiesToLoad.Add("mail");
        ds.PropertiesToLoad.Add("samAccountName");
        ds.PropertiesToLoad.Add("msExchMailboxGuid");
        ds.PropertiesToLoad.Add("proxyAddresses");
        ds.PropertiesToLoad.Add("targetAddress");

        ds.PageSize = 800;
        ds.Filter = "(&(objectCategory=person)(mail=user1@company.com))"; 

        SearchResultCollection results = ds.FindAll();

This code is very simple, but when I substitute user1@company.com with user2@company.com, the attribute is gone. (but is visible in other tools)

Is there any logical AD reason why an attribute would be missing under certain circumstances? What are those circumstances?

How can I debug this kind of LDAP query?

makerofthings7
  • 8,821
  • 28
  • 115
  • 196
  • In your question text, you reference `MSExchangeGUID`, but in your code sample, you call the attribute `msExchMailboxGuid`. Which is correct? – Ryan Bolger Nov 15 '16 at 19:22
  • According to ADSIEdit - msExchMailboxGuid @RyanBolger – makerofthings7 Nov 15 '16 at 19:26
  • Does the attribute actually contain a value in both cases? Some tools filter results and only show non-empty attributes. – Massimo Nov 15 '16 at 19:35
  • @Massimo Yes, the problem user has a value in all tools (Intermedia host pilot, LDAP Soft LDAP Browser, but not this simple LDAP script) – makerofthings7 Nov 15 '16 at 19:39
  • Is it possible the tools are connecting to different servers that actually have different values for the attribute in question? – HopelessN00b Nov 15 '16 at 21:25
  • @HopelessN00b Not sure ... intermedia is the ISP and I'm not sure what they do. All they did was expose that host to me. (ldap.exchange.serverdata.net) – makerofthings7 Nov 15 '16 at 21:52
  • How did you do the authentication? Could it be that you do an anonymous authentication and an authenticated one, so the anonymous user do not have rights to see the attribute? – BastianW Nov 16 '16 at 18:35

0 Answers0