Hi,
based on .NET framework 4.5 (System.DirectoryServices.Protocols) I tried to retrieve all members of a group
by executing a so-called "attribute scope query" on group attribute "member". The search filter was:
"(&(samaccounttype=805306368)(userAccountControl:1.2.840.113556.1.4.803:=2))".
However, the only thing I got was an exception with message "An unknown error occurred".
I'd posted my problem (incl. source code) here: <<will add original link as soon as my account has been verified; this one is without http://
"social.msdn.microsoft.com/Forums/en-US/vbgeneral/thread/80217168-c586-4cb0-a686-02a9fe2c6a39/#087a78a3-eb72-4fb3-9498-1ac078d8789e">>
The moderator of that forum tested my program in his environment and it worked!
So he assumed my problem related to some AD environment settings and recommended to post
again in this forum.
Some hints:
- Without the bit based filter "(!userAccountControl:1.2.840.113556.1.4.803:=2)" my attribute scope query works fine
- groups under consideration are security ones
- all groups are in the same sub domain
- using a "normal", i.e. non attribute scope query, with filter "(&(samaccounttype=805306368)(!userAccountControl:1.2.840.113556.1.4.803:=2)(memberof=CN=DL-xxx,OU=OF,OU=Services,OU=yyyy,DC=ccc,DC=bbb,DC=NET))" works, too
Any idea what is causing my "scope-query-with-bit-filter-problem"?
Best regards
Bernd