Hi, I dunno whether this is the right place to post this query. I am basically trying to validate/search for a user against LDAP. The search filter which i pass to the Ldap is the user's email address. But most of the times i get the following exception "The (legacyexchangedn=) search filter is invalid." This happens most of the times when i search for a user in LDAP even after passing a valid email address as search filter. Now am i missing something in this context. I am unable to figure out why this is happening. Any help on this would be really appreciated. Thanks a lot

Can u put your code and filter here, what filter are u using? Without that we might not be able to help u. Regards,Laeeq Qazi|Team Lead(Exchange + Sharepoint + BES + DynamicsCRM) www.HostingController.com

On Mon, 26 Jul 2010 15:38:22 +0000, Usha_Rohit2009 wrote: > I dunno whether this is the right place to post this query. I am basically trying to validate/search for a user against LDAP. The search filter which i pass to the Ldap is the user's email address. > > But most of the times i get the following exception "The (legacyexchangedn=) search filter is invalid." This happens most of the times when i search for a user in LDAP even after passing a valid email address as search filter. Now am i missing something in this context. If you provided some context yourself it would be helpful. :-) >I am unable to figure out why this is happening. What do you consider to be a "valid email address"? The format of a legacyExchangeDN is something like "/o=blah/ou=foo/cn=bar". Most people think of an email address as user@domain.com. --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

Here's an example of using adfind.exe (from www.joeware.net) to search for a specific value that might be present in either the legacyExchangeDN attribute or as an X500 address entry within the proxyAddresses multi-valued attribute: adfind -default -f "(|(proxyaddresses=X500:/o=Contoso/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=karlap)(legacyexchangedn=/o=Contoso/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=karlap))" samaccountname The same filter will work in, e.g. LDP.EXE. Alexei

On Mon, 26 Jul 2010 23:52:30 +0000, Alexei Segundo wrote: > > >Here's an example of using adfind.exe (from www.joeware.net) to search for a specific value that might be present in either the legacyExchangeDN attribute or as an X500 address entry within the proxyAddresses multi-valued attribute: > >adfind -default -f "(|(proxyaddresses=X500:/o=Contoso/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=karlap)(legacyexchangedn=/o=Contoso/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=karlap))" samaccountname > >The same filter will work in, e.g. LDP.EXE. I'd expect the problem to be the presence of the parentheses within the data. Those should be escaped since "(FYDIBOHF23SPDLT)" is being interpreted as a condition in your query. Try putting a "\" in front of each of the parentheses and see if that makes a difference. --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

Hi Rich I was just showing an example of using legacyExchangeDN within an LDAP search filter - I'm not the original poster. The filter works fine for me without needing to escape the parentheses. Alexei

Hi All, Thanks for your reply. Basically i am passing the following string as filter: (legacyexchangedn=user@domain.com) I am creating an instance of DirectorySearcher class and setting the Filter property of this instance to the above string filter. Then i execute the FindOne() method of DirectorySearcher class and take the results in SearchResult class. So although i pass a valid email id eg: user@domain.com i get the exception mentioned above. Now this email id which i pass to the DirectorySearcher class as filter is obtained from a mail items To list in Microsoft Outlook. Let me know if you need more details. Thanks and Regards

If you are searching by SMTP email address then you should not be using the legacyExchangeDN attribute. Try this instead: "(mail=user@domain.com)" or, if Exchange is used within the forest: "(proxyaddresses=SMTP:user@domain.com)" You might also consider using a more efficient filter. For example, if you are searching for user objects you can use" "(&(objectCategory=Person)(ojbectClass=User)(proxyaddresses=SMTP:user@domain.com))" or "(&(sAMAccountType=805306368)(proxyaddresses=SMTP:user@domain.com))" Alexei

On Tue, 27 Jul 2010 03:53:04 +0000, Alexei Segundo wrote: >I was just showing an example of using legacyExchangeDN within an LDAP search filter - I'm not the original poster. Then why reply to my posting and not the person asking the question? >The filter works fine for me without needing to escape the parentheses. Then I guess there's som "behind-the-scenes" work going on. --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

On Tue, 27 Jul 2010 15:33:02 +0000, Usha_Rohit2009 wrote: > Thanks for your reply. Basically i am passing the following string as filter: > >(legacyexchangedn=user@domain.com) That's not the correct format for data in that property. >I am creating an instance of DirectorySearcher class and setting the Filter property of this instance to the above string filter. Then i execute the FindOne() method of DirectorySearcher class and take the results in SearchResult class. So although i pass a valid email id eg: user@domain.com i get the exception mentioned above. Change the filter to use "proxyaddresses=smtp:user@domain.com". >Now this email id which i pass to the DirectorySearcher class as filter is obtained from a mail items To list in Microsoft Outlook. > >Let me know if you need more details. Nothing more is needed. You'll never match the values in the legacyExchangeDN property to a SMTP address. --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

On Tue, 27 Jul 2010 21:38:28 +0000, Alexei Segundo wrote: > > >If you are searching by SMTP email address then you should not be using the legacyExchangeDN attribute. Try this instead: > >"(mail=user@domain.com)" > >or, if Exchange is used within the forest: > >"(proxyaddresses=SMTP:user@domain.com)" > >You might also consider using a more efficient filter. For example, if you are searching for user objects you can use" > >"(&(objectCategory=Person)(ojbectClass=User)(proxyaddresses=SMTP:user@domain.com))" > >or > >"(&(sAMAccountType=805306368)(proxyaddresses=SMTP:user@domain.com))" The proxyaddresses property is an indexed property. Qualifying it with anything else only serves to reduce the number of objects returned. But because each proxyaddress value is unique, and he's searching for a complete address, I don't think there's any benefit in adding criteria to the query string. --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

Good point Rich. I hadn't checked to see if proxyAddresses was indexed. Alexei

Hi All, I think you are right. The format for the filter string must be wrong in my case. I will change the filter format and try again. Thanks again. Regards

hi Usha_Rohit, Any update for your issue? Regards! Gavin