I'm using DirectoryServices to query for DirectoryEntries for a person or group like so:
var propsToLoad = new string {"sAMAccountName","objectClass", "memberOf", "distinguishedName", "manager","mail","name","objectCategory"};
DirectoryEntry dEntry = new DirectoryEntry("LDAP://<MyDomainController>/DC=foo,FC=com","user","pass");
DirectorySearcher dSearch = new DirectorySearcher(dEntry, "(&(|(objectClass=person)(objectClass=group))
(samAccountName=jsmith))", propsToLoad);
var searchResult = s.FindOne();
var searchResultDirEntry = result.GetDirectoryEntry();
The issue I'm having is that the above call for getting the DirectoryEntry for the SearchResult is fetching more properties than what I'm querying for.
If I hover over the searchResult while debugging, it contains just the 8 properties I queried for but calling "GetDirectoryEntry()" on the searchResult queries for a ton more
properties(approx 77 - 80 more property values).
The real problem is that it is also querying for properties whose "confidential bit" is set such as 'UnixUserPassword' causing audit failures on the DC.
Is there any way to specify NOT to query for any properties having the confidential bit set OR have the result.GetDirectoryEntry(); respect
my "propsToLoad" and only fetch property values for properties that I've specified on the DirectorySearcher.
No, not really. Your propsToLoad array is passed in to the LDAP search. When you call the GetDirectoryEntry() API, it's a totally different codepath. If you want this level of control you're going to need to go against LDAP directly with S.DS.Protocols.