Microsoft KB Archive/327436

= The value of the nTSecurityDescriptor property may be null when you try to retrieve the nTSecurityDescriptor property from the DirectorySearcher class =

Article ID: 327436

Article Last Modified on 10/11/2004

-

APPLIES TO


 * Microsoft Active Directory Service Interfaces 2.5
 * Microsoft Visual C# .NET 2003 Standard Edition
 * Microsoft Visual C# .NET 2002 Standard Edition

-



This article was previously published under Q327436





SYMPTOMS
When you try to retrieve the nTSecurityDescriptor property from the DirectorySearcher class, you may find that the value of the nTSecurityDescriptor property is null.



CAUSE
This behavior occurs if the account that is calling does not have sufficient user rights to access security information like the nTSecurityDescriptor property.



RESOLUTION
To retrieve the nTSecurityDescriptor property from the DirectorySearcher class, you must use an administrator account with Secure Authentication for Search Root Directory Entry user rights.

For the case that is in the &quot;Steps to reproduce the behavior&quot; section, uncomment the following line of code: // #define ADMINISTRATOR_ACCOUNT Then, press F5 to build and then run the project. At the Microsoft Visual Studio .NET Command Prompt, you may receive the following message:

nTSecurityDescriptor = System.Byte[]

- Properties prop. name = ntsecuritydescriptor prop. name = adspath



STATUS
This behavior is by design.



Steps to reproduce the behavior
 Start Visual Studio .NET. On the File menu, point to New, and then click Project. Under Project Types, click Visual C# Projects. Under Templates, click Console Application, and then name the project Q327436. In Solution Explorer, right-click References, and then click Add Reference.</li> On the .NET tab in the Add Reference dialog box, double-click System.DirectoryServices.dll under Component Name.</li> Make sure that System.DirectoryServices.dll appears under Selected Components, and then click OK.</li>  Replace the existing code in Class1.cs with the following code: // #define ADMINISTRATOR_ACCOUNT

using System; using System.Collections; using System.DirectoryServices;

public class Q327436 {   //TODO: Use your own Domain name, PASSWORD for domain administrator public const String strRemoteDomainPath = &quot;LDAP://www.company.com/CN=Users,DC=company,DC=com&quot;; public const String strUsername    = &quot;administrator&quot;; public const String strPassword    = &quot;PASSWORD&quot;; //TODO: Use your own Domain name, USERNAME, PASSWORD public const String strRemoteDomainPath = &quot;LDAP://www.company.com/CN=Users,DC=company,DC=com&quot;; public const String strUsername    = &quot;UserName&quot;; // Be sure that it is not an administrator account. public const String strPassword    = &quot;PASSWORD&quot;; public static void Main(String[] args) {       DirectoryEntry objDERoot= new DirectoryEntry(strRemoteDomainPath, strUsername, strPassword, AuthenticationTypes.Secure);
 * 1) if ADMINISTRATOR_ACCOUNT
 * 1) else
 * 1) endif

//TODO: Replace FULL NAME with the name you want to search. DirectoryEntry objDE = objDERoot.Children.Find( &quot;CN= FULL NAME&quot; ); DirectorySearcher objDS = new DirectorySearcher( objDE ); objDS.PropertiesToLoad.Add( &quot;nTSecurityDescriptor&quot; ); objDS.SearchScope = SearchScope.Base; SearchResult objSRE = objDS.FindOne; ResultPropertyCollection resProps = objSRE.Properties; if( resProps[&quot;nTSecurityDescriptor&quot;] == null ) Console.WriteLine(&quot;nTSecurityDescriptor = Null&quot;); else Console.WriteLine(&quot;nTSecurityDescriptor = &quot; + resProps[&quot;nTSecurityDescriptor&quot;][0].ToString ); Console.WriteLine(&quot;\n- Properties &quot;); foreach (string name in resProps.PropertyNames ) Console.WriteLine(&quot;prop. name = &quot; + name); Console.Read; } } </li> Search for the TODO text string in the sample code, and then modify the sample code for your environment.</li> Press F5 to build and then run the project.

You may receive the following message at the Visual Studio .NET Command Prompt:

<pre class="fixed_text">nTSecurityDescriptor = Null

- Properties prop. name = adspath

</li></ol>

Additional query words: nTSecurityDescriptor Active Directory

Keywords: kbprogramming kbsecurity kbprb kbpermissions KB327436

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.