IIS 7/.NET 4 System.DirectoryServices: The (empty) search filter is invalid

This is a silly error, but it has caught me a couple of times.  Surprisingly, there doesn’t seem to be a blog anywhere that talks about this specific issue.

Situation: you have an ASP.Net 4+ application running on IIS 7.  You navigate to the page and get a server error:


Specifically, “The (&(objectCategory=user)(objectClass=user)(|(userPrincipalName=)(distinguishedName=)(name=))) search filter is invalid.”  Note, that if you don’t have the pdb deployed, your source error will not show the actual error line, but rather “An unhanded exception was generated during the execution of the current web request.  Information regarding the origin and location of the exception can be identified using the exception stack trace below.”

This can be particularly vexing if application works on your development machine, but not in production.

Cause: The LDAP lookup is failing because your directory requires authentication, and you’re running an anonymous session with a local computer account.

Fix: In IIS, turn off Anonymous Authentication and turn on Windows Authentication instead.



  1. Santhosh Kesavan
    Posted October 27, 2016 at 8:23 pm | Permalink | Reply

    Awesome! thanks

  2. Matt
    Posted February 12, 2018 at 3:54 pm | Permalink | Reply

    Helped me out – thanks!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: