Search code examples
c#.netactive-directorydirectoryservicesdirectorysearcher

Cannot read all users from Active Directory - [DirectoryServicesCOMException] MoveNext()

My team is using a program written in C# to read all users from a specific OU. The program behaves very strange. Sometimes it is working for a couple of weeks and then without any big changes on our AD or any other related component, it throws an exception. Then it is not working for a couple of weeks and after some time it start to run normally again.

Code

    DirectoryEntry searchRoot = new DirectoryEntry("<LDAP string>")

    searchRoot.AuthenticationType = AuthenticationTypes.None;
    DirectorySearcher search = new DirectorySearcher(searchRoot);

    search.Filter = <our filter>;
    search.PropertiesToLoad.Add("<some property>");
    search.PageSize = 1;

    SearchResult result;
    SearchResultCollection resultCol = null;

    try
    {
      resultCol = search.FindAll();
    }
    catch (Exception ex)
    {
      Console.WriteLine(ex.ToString());
    }

    if (resultCol != null)
    {
      Console.WriteLine("Result Count: " + resultCol.Count); //.Count throws the Exception
    }

Exception

    Unhandled Exception: System.DirectoryServices.DirectoryServicesCOMException: An operations error occurred.

      at System.DirectoryServices.SearchResultCollection.ResultsEnumerator.MoveNext()
      at System.DirectoryServices.SearchResultCollection.get_InnerList()
      at System.DirectoryServices.SearchResultCollection.get_Count()

Data: System.Collections.ListDictionaryInternal
Error Code: -2147016672
Extended Error: 8431
Extended Error Message: 000020EF: SvcErr: DSID-020A07A7, problem 5012 (DIR_ERROR), data -1018
HResult: -2147016672
Message: An operations error occured.
Source: System.DirectoryServices
Stack Trace: at System.DirectoryServices.SearchResultCollection.ResultsEnumerator.MoveNext()
Target Site: Boolean MoveNext()

Additional Information

  • Target Framework: .Net Framework 4.6.1 (no additional libraries)
  • The program is executed on a domain controller

What I have tried

  • I have created a loop to use the MoveNext() function of the enumerator and found out that it loads results up to a specific element and then crashes
  • It is always the same element
  • After the first exception all retries fail as well
  • The user that starts it is a domain admin (but I have also tried it with an enterprise admin account, so it is probably not a permission issue)
  • I have deleted the user that should be read when the exception happens but dring the next run the exception was thrown for a previous user

I have come to a point, where I have no more ideas on solving this problem. I would appreciate all your support.

Solution

  • This answer just summarizes our conversation in comments.

    This thread partially matches the error you are getting: 

    problem 5012 (DIR_ERROR) data -1018

    And the answer from a Microsoft MVP is:

    That is a checksum error in the database, you have corruption in your database which is usually due to a failing disk or disk subsystem or possibly a system crash and data not being written from a write cache.

    So it sounds like you might have the same thing going on.

    But it may only be one DC that has the problem. So to help you narrow down which one, you can specify the DC in the LDAP path like so:

    LDAP://dc1.example.com/OU=Target,OU=My User Group,OU=My Users,DC=example,DC=com

    This can help you in two ways:

    1. It can identify the bad DC so you know which one you need to fix (and possibly take it offline until it is fixed), and
    2. You can specifically target a good DC so your script will keep working.