Hi, Took me 2 days to identify my canonicalName issue. I did not find any referenc to that on the web. Any clue? Details: I'm using DirectorySearcher to query Active Directory and set the results into SrerchResultCollection object. For each result, I create DirectoryEntry and extracts the properties i need (sAmAccountName, SID, LastLogon etc'). But 'canonicalName' is not in the DirectoryEntry object's properties collection. Instead it can be fount in the SearchResult object itself. Here is my problem. canonicalName has values only if the DirectorySrarcher.PropertyNamesOnly=false. If i set it to true for better performance (get only assigned properties), canonicalName is NULL???? I need DirectorySrarcher.PropertyNamesOnly=true to save process time. Thanks. Oren Nitzan. Programmer

The canonicalName attribute is operational (also called constructed). Active Directory does not actually save the value, but calculates it on demand. This is probably the issue. In ADSI we use the GetInfoEx method to prompt AD to add the attribute to the cache. In PowerShell we use the RefreshCache method. There must be something similar in DirectorySearcher. Richard Mueller - MVP Directory Services

The canonicalName attribute is operational (also called constructed). Active Directory does not actually save the value, but calculates it on demand. This is probably the issue. In ADSI we use the GetInfoEx method to prompt AD to add the attribute to the cache. In PowerShell we use the RefreshCache method. There must be something similar in DirectorySearcher. Richard Mueller - MVP Directory Services

Thanks for your replay. I'm still trying to figure it out. I don't know these methods in C# and i suspect the problem is somewhere in thw way these object combined I will try to grt deeper into this. I guess i'll have further questions. Thanks for now.Programmer

I mentioned the PowerShell method because much of PowerShell is based on C#. Here is documentation on the RefreshCache method: http://msdn.microsoft.com/en-us/library/system.directoryservices.directoryentry.refreshcache.aspx No mention of operational attributes in the article, but I've used the method to retrieve the canonicalName attribute in PowerShell. For example: $User = [ADSI]"LDAP://cn=Jim Smith,ou=West,dc=MyDomain,dc=com" "User: " + $User.distinguishedName # Retrieve canonicalName attribute, which is operational (constructed). $User.psbase.RefreshCache("canonicalName") $CanName = $User.Properties.Item("canonicalName") "Canonical Name: $CanName" ----- Richard Mueller - MVP Directory Services

Thanks again. Things might be clearing a bit. I would like to share my knowledge and ask further question. First, as mentioned in the source post, canonicalName can be found in the 'SearchResult' object. I also know now that is is a collection and can be retrieved with the following code: result.Properties["canonicalName"][0].ToString(). Second, I needed also 'createTimeStamp'. I found it, eventually, also in the 'SearchResult' object. And, it is also a collection. Maybe collections are stored in 'SearchResult' and not in 'DirectoryEntry'? Does anybody understand this?Programmer