I was wondering why ReferralChasing and PageSize cannot be used together with System.DirectoryServices.DirectorySearcher?
This code, without PageSize, will chase referrals and show me all accounts:
[System.DirectoryServices.DirectoryEntry] $objRoot = New-Object [System.DirectoryServices.DirectoryEntry("GC://DC=comapny,DC=com")
[System.DirectoryServices.DirectorySearcher] $objSearcher = New-Object System.DirectoryServices.DirectorySearcher($objRoot)
$objSearcher.SearchScope = "Subtree"
$objSearcher.ReferralChasing = "All"
$objSearcher.PropertiesToLoad.AddRange("name,distinguishedName".split(","))
$objSearcher.Filter = "(&(objectCategory=person)(objectClass=user)(memberOf=CN=one,OU=two,OU=three,DC=dingo,DC=company,DC=com))"
$objSearcher.FindAll()
But this code, with PageSize will not show me all accounts.
[System.DirectoryServices.DirectoryEntry] $objRoot = New-Object [System.DirectoryServices.DirectoryEntry("GC://DC=comapny,DC=com")
[System.DirectoryServices.DirectorySearcher] $objSearcher = New-Object System.DirectoryServices.DirectorySearcher($objRoot)
$objSearcher.SearchScope = "Subtree"
$objSearcher.ReferralChasing = "All"
$objSearcher.PageSize = 1000
$objSearcher.PropertiesToLoad.AddRange("name,distinguishedName".split(","))
$objSearcher.Filter = "(&(objectCategory=person)(objectClass=user)(memberOf=CN=one,OU=two,OU=three,DC=dingo,DC=company,DC=com))"
$objSearcher.FindAll()
For the sake of this question, the account it will not show me is "CN=user,OU=some,OU=folder,DC=bingo,DC=company,DC=com". Notice how the account is in a different DC.
I had cross posted this on the MSDN forums and got an answer. To quote the answer from their:
According to documentation for ReferralChasing, “All” includes “Subordinate”, and “the ADSI LDAP provider always turns off this flag for paged searches” for some reasons [https://learn.microsoft.com/en-us/dotnet/api/system.directoryservices.referralchasingoption?view=netframework-4.7.1].