The value of the nTSecurityDescriptor property may be null when you try to retrieve the nTSecurityDescriptor property from the DirectorySearcher class (327436)

RESOLUTION

To retrieve the nTSecurityDescriptor property from the DirectorySearcher class, you must use an administrator account with Secure Authentication for Search Root Directory Entry user rights.

For the case that is in the "Steps to reproduce the behavior" section, uncomment the following line of code:

// #define ADMINISTRATOR_ACCOUNT

Then, press F5 to build and then run the project. At the Microsoft Visual Studio .NET Command Prompt, you may receive the following message:

nTSecurityDescriptor = System.Byte[]

----- Properties ----
prop. name = ntsecuritydescriptor
prop. name = adspath

MORE INFORMATION

Steps to reproduce the behavior

Start Visual Studio .NET.
On the File menu, point to New, and then click Project.
Under Project Types, click Visual C# Projects. Under Templates, click Console Application , and then name the project Q327436.
In Solution Explorer, right-click References, and then click Add Reference.
On the .NET tab in the Add Reference dialog box, double-click System.DirectoryServices.dll under Component Name.
Make sure that System.DirectoryServices.dll appears under Selected Components, and then click OK.

Replace the existing code in Class1.cs with the following code:

// #define ADMINISTRATOR_ACCOUNT

using System;
using System.Collections;
using System.DirectoryServices;

public class Q327436 
{
 #if ADMINISTRATOR_ACCOUNT
    //TODO: Use your own Domain name, PASSWORD for domain administrator
    public const String strRemoteDomainPath = "LDAP://www.company.com/CN=Users,DC=company,DC=com";
    public const String strUsername     = "administrator";
    public const String strPassword     = "PASSWORD";
#else
    //TODO: Use your own Domain name, USERNAME, PASSWORD  
    public const String strRemoteDomainPath = "LDAP://www.company.com/CN=Users,DC=company,DC=com";
    public const String strUsername     = "UserName"; // Be sure that it is not an administrator account.
    public const String strPassword     = "PASSWORD";  
#endif
    public static void Main(String[] args) 
	{
    
		DirectoryEntry objDERoot= new 
		DirectoryEntry(strRemoteDomainPath, strUsername, strPassword, AuthenticationTypes.Secure);

		//TODO: Replace FULL NAME with the name you want to search.
		DirectoryEntry objDE = objDERoot.Children.Find( "CN= FULL NAME" );
        
		DirectorySearcher objDS = new DirectorySearcher( objDE );
		objDS.PropertiesToLoad.Add( "nTSecurityDescriptor" );
		objDS.SearchScope = SearchScope.Base;
		
		SearchResult objSRE = objDS.FindOne();
		ResultPropertyCollection resProps = objSRE.Properties;
		if( resProps["nTSecurityDescriptor"] == null ) 
			Console.WriteLine("nTSecurityDescriptor = Null");                
		else
			Console.WriteLine("nTSecurityDescriptor = " + resProps["nTSecurityDescriptor"][0].ToString() );                
    
	  	Console.WriteLine("\n----- Properties ---- ");                
		foreach (string name in  resProps.PropertyNames )    
			Console.WriteLine("prop. name = " + name);
		Console.Read();                
	}
}

Search for the TODO text string in the sample code, and then modify the sample code for your environment.
Press F5 to build and then run the project.

You may receive the following message at the Visual Studio .NET Command Prompt:
```
nTSecurityDescriptor = Null

----- Properties ----
prop. name = adspath 
```

The value of the nTSecurityDescriptor property may be null when you try to retrieve the nTSecurityDescriptor property from the DirectorySearcher class (327436)

SYMPTOMS

CAUSE

RESOLUTION

STATUS

MORE INFORMATION

Steps to reproduce the behavior