From 214ecf6212f508fea587788a26a1ac1183c5b181 Mon Sep 17 00:00:00 2001
From: Gary Sharp <discoict@outlook.com>
Date: Tue, 3 Dec 2013 09:37:21 +1100
Subject: [PATCH] Bug Fix #31: Restrict AD User Search to Users

Added "objectClass=user" LDAP filter which excludes AD Contacts.
---
 Disco.BI/BI/Interop/ActiveDirectory/ActiveDirectory.cs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Disco.BI/BI/Interop/ActiveDirectory/ActiveDirectory.cs b/Disco.BI/BI/Interop/ActiveDirectory/ActiveDirectory.cs
index d9cccfec..8251529e 100644
--- a/Disco.BI/BI/Interop/ActiveDirectory/ActiveDirectory.cs
+++ b/Disco.BI/BI/Interop/ActiveDirectory/ActiveDirectory.cs
@@ -235,7 +235,7 @@ namespace Disco.BI.Interop.ActiveDirectory
             term = ActiveDirectoryHelpers.EscapeLdapQuery(term);
             using (DirectoryEntry entry = new DirectoryEntry(string.Format("LDAP://{0}", defaultQualifiedDomainName)))
             {
-                using (DirectorySearcher searcher = new DirectorySearcher(entry, string.Format("(&(objectCategory=Person)(objectCategory=Person)(|(sAMAccountName=*{0}*)(displayName=*{0}*)))", term), UserLoadProperties, SearchScope.Subtree))
+                using (DirectorySearcher searcher = new DirectorySearcher(entry, string.Format("(&(objectCategory=Person)(objectClass=user)(|(sAMAccountName=*{0}*)(displayName=*{0}*)))", term), UserLoadProperties, SearchScope.Subtree))
                 {
                     searcher.SizeLimit = 30;
                     SearchResultCollection results = searcher.FindAll();