Menu
Can anybody explain the difference between using LdapConnection/SearchRequest and DirectoryEntry/DirectorySearcher for Searching users in ActiveDirectory.
Which one is best suited for interacting with AD?
843
DirectoryEntry can be used to access regular entries and some, but not all, information from schema entries. The Active Directory Domain Services hierarchy contains up to several thousand nodes. Each node represents an object, such as a network printer or a user in a domain.
Use a DirectorySearcher object to search and perform queries against an Active Directory Domain Services hierarchy using Lightweight Directory Access Protocol (LDAP). LDAP is the only system-supplied Active Directory Service Interfaces (ADSI) provider that supports directory searching.
In most cases, you should use DirectoryEntry/DirectorySearcher (System.DirectoryServices or S.DS) to interact with AD. It allows you to get things done more easily with fewer code. But for LdapConnection/SearchRequest (System.DirectoryServices.Protocols or S.DS.P), it provides more control as it offers lower level LDAP access. For LDAP compliant directories other than AD, it's good to use S.DS.P.
With S.DS.P, in general you will need to write more code to achieve the same thing when compared to S.DS.
For example, for a paged search in S.DS.P, you need to handle the request and response for EACH PAGE of results. But in S.DS, you only need to set the DirectorySearcher.PageSize and then you get all the results in all pages from DirectorySearcher.FindAll().
There are things that you must use S.DS.P, like the phantom root search or you want to handle the "more data is available" manually. But those situation are not common, at least not needed in my years of S.DS coding.
110
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
