MichaelGrafnetter
commented
1 year ago Hello @sanzhar-saduakhas , the replication API provided by AD cannot target a specific OU. So you can either replicate everything and then perform client-side filtering, or you could fetch a list of OU members through the LDAP protocol and then replicate them one-by-one. As a matter of fact, Azure AD Connect also uses the second option for both initial and incremental password replications.
Hello, I am using DSInternals.Replication Nuget package in order to get accounts from AD remotely using these lines in code:
NetworkCredential credential = new NetworkCredential(logInf, password); string serverName = "DC01"; DirectoryReplicationClient directoryReplication = new DirectoryReplicationClient(serverName, RpcProtocol.TCP, credential); accountsList = directoryReplication.GetAccounts(distinguishedNameDomain);
If I pass "CN=CSdepartment,DC=test,DC=local" as a distinguishedNameDomain to GetAccounts(), the error pops up due to the unknown context. However, if I pass "DC=test,DC=local", everything works correctly. Now I am wondering whether it is possible to pass a distinguished name of a certain OU or CN to the function GetAccounts() in order to filter out the scope of searching for accounts in a database (e.g. if my AD database contains 10000+ users, the performance decreases accordingly because I get all users from main domain object).