Due to some changes on AD-level I have to change a lookup in AD in my application. The search must now be executed in 2 different OU instead of 1.

At this moment I run a second search if the first one returns nothing.

Is it possible to combine the 2 paths into 1 so have to search only once?

Thx.

using (var de = new DirectoryEntry())
{
    de.Path = "LDAP://OU=ou1,OU=Users,OU=BE,DC=dc,DC=sys";
    de.AuthenticationType = AuthenticationTypes.Secure;

    var deSearch = new DirectorySearcher
    {
        SearchRoot = de,
        Filter = "(&(objectClass=user) (sAMAccountName=" + userId + "))"
    };

    var result = deSearch.FindOne();

    if (result == null)
    {
        //User not found in ou1
        de.Path = "LDAP://OU=ou2,OU=Users,OU=BE,DC=dc,DC=sys";
        de.AuthenticationType = AuthenticationTypes.Secure;

        deSearch = new DirectorySearcher
        {
            SearchRoot = de,
            Filter = "(&(objectClass=user) (sAMAccountName=" + userId + "))"
        };

        result = deSearch.FindOne();

        if (result==null) return null;
    }

    using (var deUser = new DirectoryEntry(result.Path))
    {
        //Do something
    }
}

Change the base object to OU=Users,OU=BE,DC=dc,DC=sys, use the same filter, use a scope of sub or one (depending on where the data is located under the organizational units). For more information about searching a directory, see "LDAP: Using ldapsearch" and "LDAP: Programming Practices".