28.5 Searching with DirectorySearcher

We've shown how easy it is to read individual objects from Active Directory with the DirectoryEntry class, so let's now look at how to search Active Directory with the DirectorySearcher class. The DirectorySearcher class works like many other LDAP-based search APIs. Table 28-4 contains all of the DirectorySearcher properties.

Table 28-4. DirectorySearcher properties

Property name



Gets or sets the flag that determines whether results are cached on the client.


Gets or sets the time period the client is willing to wait for the server to answer the search.


Gets or sets the search filter string.


Gets or sets the page size for paged searching.


Gets or sets the attributes to return from a search.


Gets or sets the flag indicating to only return attribute names from a search.


Gets or sets whether referrals are chased.


Gets or sets the base from which the search should start.


Gets or sets the scope of the search.


Gets or sets the time the server will wait for an individual page to return from a search.


Gets or sets the time the server will wait for a search to complete.


Gets or sets the maximum number of objects that can be returned by a search.


Gets or sets the attribute that is used when returning sorted search results.

Many of the properties, such as SearchScope, should look familiar. The following code shows how to search for all user objects in the mycorp.com domain.

Dim objSearch As New DirectorySearcher(  )
objSearch.SearchRoot = New DirectoryEntry("LDAP://dc=mycorp,dc=com")
objSearch.Filter = "(&(objectclass=user)(objectcategory=person))"
objSearch.SearchScope = SearchScope.Subtree
Dim colQueryResults As SearchResultCollection
colQueryResults = objSearch.FindAll(  )
Dim objResult As SearchResult
For Each objResult In colQueryResults

After a new DirectorySearcher class was instantiated, we set four properties before executing the search. The SearchRoot accepts a DirectoryEntry object representing the search base; the Filter property is the LDAP filter string; SearchScope is one of the values contained in the System.DirectoryServices.SearchScope enumeration; and PropertiesToLoad.Add( ) builds the attribute list to return from the query. You can specify multiple attributes in a single statement by using PropertiesToLoad.AddRange:

objSearch.PropertiesToLoad.AddRange(New String(  ) {"cn", "sn", "givenname"})

After all of the search parameters have been set, we can use the FindAll( ) method to invoke the search. A System.DirectoryServices.SearchResultsCollection is returned by the FindAll( ) method, and you can iterate over each entry using a For Each loop. The SearchResultsCollection contains System.DirectoryServices.SearchResult objects, which are very similar to DirectoryEntry objects.

If you want to retrieve only the first object in the search results, you can use the FindOne( ) method, which returns a single SearchResult object.

    Part II: Designing an Active Directory Infrastructure
    Part III: Scripting Active Directory with ADSI, ADO, and WMI