none
AD LDS search bug on Windows Server 2012

    Question

  • Steps to reproduce:

    1. Install an AD LDS instance on Windows Server 2012.
    2. Create a partition, e.g. CN=MyPartition.
    3. Install one of the following updates: KB3156416 or KB3160352.
    4. Create 20 containers in the root of your partition.
    5. Run the following PowerShell script:
    $port = 389
    $computerName = "computer.domain.com"
    
    $strFilter = "(&(objectCategory=Container)(|(showInAdvancedViewOnly=FALSE)(showInAdvancedViewOnly=TRUE)))"
    
    $searchRoot = New-Object System.DirectoryServices.DirectoryEntry "LDAP://$computerName`:$port/CN=MyPartition"
    
    $objSearcher = New-Object System.DirectoryServices.DirectorySearcher
    $objSearcher.SearchRoot = $searchRoot
    $objSearcher.Filter = $strFilter
    $objSearcher.SearchScope = "Subtree"
    
    try
    {
        $results = $objSearcher.FindAll()
    
        foreach ($objResult in $results)
        {
            $objResult.Path
        }
    }
    finally
    {
        if ($objSearcher) { $objSearcher.Dispose() }
    }

    RESULT: None, i.e. the search will not return any results (though it should). Also, you will get the following exception:

    System.DirectoryServices.Protocols.DirectoryOperationException: An operation error occurred.

    If there are less than 20 containers or if you specify a page size for the DirectorySearcher interface, the script will return your containers.

    Uninstalling KBs mentioned on step 3 will fix the issue. Also, the same KBs do not cause the  issue on other operating systems (we've checked on Windows Server 2012r2, 2008r2, 7, 8, 8.1 and 10).




    Friday, November 25, 2016 2:47 PM

All replies

  • If you specify a page size, it turns on paging. If paging is not enabled, the query can be restricted to retrieving a limited number of rows. I don't recall a KB ever altering the behavior before. And the limits in the past have been at least 1000 rows, so 20 is a small number. Perhaps in this case the overall size of the resultset causes the error, rather than the number of rows.

    Richard Mueller - MVP Enterprise Mobility (Identity and Access)

    Friday, November 25, 2016 4:33 PM
  • Hi,

    Are there any updates?

    If the reply above has resolved your problem, please mark it as answer as it would be helpful to anyone who encounters the similar issue.

    Thank you.

    Best Regards,

    Jay


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, November 29, 2016 8:53 AM
    Moderator