Category Archives: Microsoft .net

How to diagnose .net memory issues

Recently I had the quite interesting task to debug some memory issues in a windows service.

I was quite surprised how good the various tools have become and after some reading I was quite quickly able to pinpoint where the probmelm, in this case a memory leak, was to be found.

I found to articles to be very helpful:

In my case I had to upgrade to VS 2015 enterprise to being able to debug the managed memory.


In combination the two articles describe how to get started and I recommend reading especially the first one. But if You are in a hurry this list of things to do might be helpful.

  1. First of all we need to create the actual memory dump
  2. Download ProcDump from and save/unzip it to a folder on the machine where your application is installed.
  3. Open a command prompt and switch to the folder where you saved/unzipped ProcDump.exe
  4. Run the command “ProcDump.exe –ma NameOfYourService.exe NameOfDumpFile
  5. This will create a memorydump in the same folder as where ProcDump is located.
  6. As described in the article on msdn, it could be a good idea to create a baseline/initial dump and afterwards create another dump to see how memory consumption evolves.
  7. Having created the dump file, we need to switch to Visual studio – in my case VS 2015 Enterprise
  8. From the files menu select “open file” and browse to select your dump file. You will see something like this
  9. If you do not see the “Debug Managed Memory” action, then your version of VS doesn’t support this and You will need to upgrade to a “bigger” version.
  10. In my scenario it was quite obvious in which area the problem were to be found – please note the “Size (Bytes)” column.
  11. Having the information above I could go back to my code at analyze where the objects were used and ensure proper release of the memory used by these objects.
    If you know what to look for, things get a hole lot easier:-)

Fetch users from AD using a security group as point of entry

In my organisation I have been coding a small application that fetches users from our corporate AD. _Until now I have been using a colection of OU’s to get users from different locations in our AD. However now our IT department has organized the users in security groups. It is common practice for security administrators to create hierarchies of security groups, which allows for easier membership management.

The requirement I faced was that whatever privileges were granted to members of a security group, those privileges apply to any members of security groups found downstream in the hierarchy. This is also a commonly used concept. It was necessary for me to find the security group in AD (represented as a single directory entry) and then drill down into each level of the group hierarchy and find all user members of all associated security groups. I will try to boil it all down to an “easy to go through” article.

My point of entry was this MSDN blogpost – thanks for the inspiration. However I quickly noticed that the code samples lacked a lot of code in order for me to produce a working proof of concept application.

Googling the parts that were missing I actually managed to combine all into a working sample – feel free to download it from here.

Here is how it works:

  1. Looking at the “Tester” project You’ll notice that it contains a simple main method
             static  void  Main(string [] args)
                 ADUserFromSecGroupsPOC.GetAllUsers  users = new  ADUserFromSecGroupsPOC.GetAllUsers();
                 List<ADUser> searchresult = new  List<ADUser>();
                 searchresult = users.GetADSecurityGroupUsers("USR_ERP_RMSsubscription");
                 foreach  (ADUser u in searchresult)
                     Console.WriteLine("----------------------------------------------------------------" );

  2. The magic happens in the “ADUserFromSecGroupsPOC” class when calling the method “GetADSecurityGroupUsers” method parsing the security group used as single point of entry.
    /// <summary>
    /// This method takes security group alias and fetches list of user alias that are member of this SG   
    /// </summary>
    /// <param name="sgAlias">Security group alias</param>
    /// <returns>List of String</returns>
    public  List <ADUser> GetADSecurityGroupUsers(String  sgAlias)
        string  path = "LDAP://OU=Security groups,DC=deverp,DC=local" ;
        string  filter;
        string  filterFormat = "(cn={0})" ;
        filter = String .Format(filterFormat, sgAlias);
        //Get all the AD directory entries of this security group.   
        PropertyCollection  properties = CISFLDAP.GetADPropertiesForSingleEntry(path, filter);
        List <ADUser> groupMembers = new  List <ADUser>();
        if  (properties != null)
             //Used to limit AD search of members to only security groups and users.   
             //The filter is built here but only really needed in the recursive method called below.   
             //Was placed here for performance reasons.  Has no affect on AD call in this method.   
             Collection <int> sAMAccountTypes = new  Collection <int>();
             sAMAccountTypes.Add((int)AuthZGlobals .sAMAccountType.SecurityGroup);
             sAMAccountTypes.Add((int)AuthZGlobals .sAMAccountType.User);
             sAMAccountTypes.Add((int)AuthZGlobals .sAMAccountType.DomainLocalGroup);
             //Builds the filter based on the sAMAccountTypes in the collection.   
             string  sAMAccountFilter = CISFLDAP .MakesAMAccountTypeQueryString(sAMAccountTypes);
             //Look up all the members of this directory entry and look for person data   
             //to add to the collection.   
             groupMembers = GetUsersInGroup(properties, groupMembers, sAMAccountFilter);//GetUsersInGroup do not return anything.    
        return  groupMembers;



  3. From this security group we will drilldown adding ONLY user accounts from all nested levels. If the type of the member is a security group, the method will recurse and get the members for this new security group:
    /// <summary>

    /// Recurses through the's member records and collects all the users.   
    /// </summary>
    /// <param name="properties">The collection of the directory's properties.</param>
    /// <param name="groupMembers">List of users found. </param>
    /// <param name="filter">sAMAccountTypes to filter the AD search on.</param>
    public  List <ADUser > GetUsersInGroup(PropertyCollection  properties, List <ADUser > groupMembers, string  filter)
        string  pathFormat = "LDAP://{0}" ;
        string  memberIdx = "member" ;
        string  sAMAccountNameIdx = "sAMAccountName" ;
        string  sAMAccountTypeIdx = "sAMAccountType" ;
        DateTime  accountExpires = DateTime .MinValue;
        bool  hasExpired = false ;
        //string personnelNumberIdx = "extensionAttribute4";
        if  (properties[memberIdx] != null )
            foreach  (object  property in  properties[memberIdx])
                string  distinguishedName = property.ToString();
                string  path = String .Format(pathFormat, distinguishedName);
                //Get the directory entry for this member record.  Filters for only the sAMAccountTypes  
                //security group and user.   
                PropertyCollection  childProperties = CISFLDAP .GetADPropertiesForSingleEntry(path, filter);
                if  (childProperties != null )
                     //If the's sAMAccountType is User.   
                     if  ((int )childProperties[sAMAccountTypeIdx].Value == (int )AuthZGlobals .sAMAccountType .User)
                        //If member is a user then add, else member is a Service Account with no    
                        //personnel number.   
                        //if (childProperties[personnelNumberIdx].Value != null)
                        if  (childProperties[sAMAccountNameIdx].Value != null )
                            ADUser  userObj = new  ADUser ();
                            userObj.PrimarySMTPAddress = GetPrimarySMTPAdress(childProperties["proxyaddresses" ]);
                            userObj.SAMAccountName = childProperties["SAMAccountName" ].Value.ToString();
                            userObj.SID = GetSidString((byte []) childProperties["objectSid" ][0]);
                            if  (childProperties["accountExpires" ].Count > 0)
                                LargeInteger  oaccountExpires = (LargeInteger )childProperties["accountExpires" ].Value;
                                accountExpires = ConvertAccountExpiresToDate(oaccountExpires);
                                //find out whether the account has expired
                                hasExpired = IsAccountExpired(accountExpires);
                                userObj.AccountExpires = accountExpires.ToShortDateString();
                            userObj.UserAccountControl = childProperties["userAccountControl"][0].ToString();
                             //You'll need to decide if you want to capture the Service Acount info.
                        //RECURSE - Look up all the members of the security group just found. 
                        GetUsersInGroup(childProperties, groupMembers, filter); // entry is not declared anywhere  
        return  groupMembers;

UAC troubles

Working with UAC (User Access control) in relation to win vista, win7 and win server 2008 can be quite troublesome.
Yesterday we found that one our helper apps, which has a feature to start and stop services both local and remotely, didn’t work as expected. When running the application in elevated mode, everything worked fine.
Since we can’t expect all users to remember to run the application in elevated mode, we needed to find a more permanent solution.
I have previously been working with UAC problems relating to processes not running in elevated mode, but i didn’t know how to force the entire application ro run in elevated mode. Google turned out to be my friend again and I found tons of articles telling me “just” to add a manifest file changing the existing:
<requestedExecutionLevellevel=asInvokeruiAccess=false />


<requestedExecutionLevellevel=requireAdministratoruiAccess=false />

Simple one would think – and it was, so You might figure my level of frustration, when this turned out not  to be enough.

Actually there was nothing wrong with the suggested solution, but all post that I read, failed to explain how to tell Visual Studio to use the added manifest file – I had to figure that out myself. A complete solution on how to force Your application to always run in elevated mode wil be listed here:

  • In Visual Studio 2010 (I guess the same applies to VS2008, but I haven’t tested it) right click Your project and select “add new item”
  • Add a application manifest file – the default name will be app.manifest.
  • Inside the manifest file, change the existing configuration from
    <requestedExecutionLevellevel=”asInvoker”uiAccess=”false” />
    <requestedExecutionLevellevel=”requireAdministrator”uiAccess=”false” />
  • Save and close the manifest file.
  • Please note that Your manifest file won’t show up anywhere in your solution. In order to fix that, in solution explorer, click the “show all files” button.
  • Important: Right click the manifest file and add it to the project – we need that in order to tell VS to use the manifest file when compiling our application.
  • Right click Your project and select “properties”.
  • On the application tab, the bottom section, select the manifest file:

    manifest file selection

    manifest file selection

  • Compile and run the application. If Your UAC settings are enabled, You will be prompted to allow the application to start in elevated mode.

Sometimes it can come in handy to check whether Your application is actually running in elevated mode or not. Maybe You will find this codesnippet usefull:

 WindowsPrincipal myPrincipal = new WindowsPrincipal (WindowsIdentity .GetCurrent());

 if (myPrincipal.IsInRole(WindowsBuiltInRole .Administrator) == false )
  //show messagebox - displaying a messange to the user that rights are missing
  MessageBox .Show("You need to run the application using the \\"run as administrator\\" option" , "administrator right required" , MessageBoxButtons .OK, MessageBoxIcon .Exclamation); 
  MessageBox .Show("You are good to go - application running in elevated mode" , "Good job" , MessageBoxButtons .OK, MessageBoxIcon .Information);

You may also find these references helpfull:

WSDL validation

When consuming webservice from other vendors it often can come in handy to have their wsdl validated – just to rule out errors related to failure in validation.

I have found these validation sites to be very usefull:

Manually compile C# project using command line

For various reasons I sometimes have to build projects outside my Visual Studio environment. One approach is to use the sommand line tool csc.exe (for c# projects) or vbc.exe (for projects). It can be quite exhausting to build the command – especially if your are using external libraries, ressources, settings and other quite common stuff. It would be nice if one could just fetch the command that Visual Studio uses to compile the project – well you can:-)

If you want to have a look at the command that Visual studio uses to compile you project, all you need to do is to launch a command similar to this in a visual studio command prompt:

E:\VSS\Grene\AxXMLService\AxXMLService>msbuild AxXMLService.csproj /t:rebuild /clp:showcommandline >> log.txt

This command will produce a log file containing the output – this will look something like this:

csc command output

csc command output

Please note the highlighted section – here you will find the command you need to build your project outside visual studio. the only requirement is ofcouse that the relevant framework version is installed on the machine performing the build.

Reading extended properties using EWS managed API

Having been working with Exchange 2007 Web Services (EWS) for a couple af years a recent bug led me to testing various scenarios regarding appointment items using the EWS Managed API instead of the proxy classes that I have grown used to working with.

One of my struggles was to read the extended properties that we use. Having gotten it all to work I though that I’d create this post. Below you will find my code sample:

This first snippet set up the service connection using autodiscover.

        private ExchangeService GetService()


            ExchangeService service = new ExchangeService(ExchangeVersion.Exchange2007_SP1);

            service.Credentials = new NetworkCredential(Settings.Default.ConnectingUser, Settings.Default.ConnectingUserPassword, Settings.Default.ConnectingUserDomain);

            service.ImpersonatedUserId = new ImpersonatedUserId(ConnectingIdType.SID, Settings.Default.ImpersonatedUserSID);

            service.Url = new Uri(Settings.Default.EWSURL);

            return service;


This second snippet defines and fetches the standard properties as well as the extended properties.

        private void btnGetItem_Click(object sender, EventArgs e)


            string itemId = txtItemId.Text;

            ExchangeService service = GetService();

            AlternateId sourceId = new AlternateId(IdFormat.EwsLegacyId, itemId, Settings.Default.ImpersonatedUserMailbox);

            AlternateId destinationId = service.ConvertId(sourceId, IdFormat.EwsId) as AlternateId;


            //define the extended properties that should be fetched

            ExtendedPropertyDefinition rmsIsRms = new ExtendedPropertyDefinition(DefaultExtendedPropertySet.PublicStrings, “RMS-IsRMS”, MapiPropertyType.Boolean);

            ExtendedPropertyDefinition rmsCustomerProp = new ExtendedPropertyDefinition(DefaultExtendedPropertySet.PublicStrings, “RMS-CustomerProp”, MapiPropertyType.String);

            ExtendedPropertyDefinition rmsInternalProp = new ExtendedPropertyDefinition(DefaultExtendedPropertySet.PublicStrings, “RMS-InternalProp”, MapiPropertyType.Boolean);

            ExtendedPropertyDefinition rmsProjectProp = new ExtendedPropertyDefinition(DefaultExtendedPropertySet.PublicStrings, “RMS-ProjectProp”, MapiPropertyType.String);

            ExtendedPropertyDefinition rmsActivityProp = new ExtendedPropertyDefinition(DefaultExtendedPropertySet.PublicStrings, “RMS-ActivityProp”, MapiPropertyType.String);

            ExtendedPropertyDefinition[] userFields = new ExtendedPropertyDefinition[] { rmsIsRms, rmsActivityProp, rmsCustomerProp, rmsInternalProp, rmsProjectProp };

            //get the item and it’s extended properties

            PropertySet extendedPropertySet = new PropertySet(BasePropertySet.FirstClassProperties, userFields);

            Appointment item = (Appointment)Item.Bind(service, new ItemId(destinationId.UniqueId), extendedPropertySet);

            //having the item – get the extended properties

            object isRMS;

            object customerProp;

            object isInternalProp;

            object projectProp;

            object activityProp;

            //Print properties

            rtItemProps.AppendText(“ItemClass: “ + item.ItemClass + “\n”);

            rtItemProps.AppendText(“Subject: “ + item.Subject + “\n”);

            rtItemProps.AppendText(“CalendarItemType: “ + item.AppointmentType.ToString() + “\n”);

            rtItemProps.AppendText(“Organizer: “ + item.Organizer.Name + “\n”);

            rtItemProps.AppendText(“OrganizerEmail: “ + item.Organizer.Address + “\n”);

            rtItemProps.AppendText(“Start: “ + item.Start + “\n”);

            rtItemProps.AppendText(“End: “ + item.End + “\n”);

            rtItemProps.AppendText(“Location: “ + item.Location + “\n”);

            rtItemProps.AppendText(“Free/busy: “ + item.LegacyFreeBusyStatus.ToString() + “\n”);

            rtItemProps.AppendText(“—————RMS INFO————–\n”);

            //extended properties are printed only if they exist

            if (item.TryGetProperty(rmsIsRms, out isRMS) && isRMS != null)


                rtItemProps.AppendText(“IsRMS: “ + isRMS.ToString() + “\n”);


            if (item.TryGetProperty(rmsCustomerProp, out customerProp) && customerProp != null)


                rtItemProps.AppendText(“Customer: “ + customerProp.ToString() + “\n”);


            if (item.TryGetProperty(rmsProjectProp, out projectProp) && projectProp != null)


                rtItemProps.AppendText(“Project: “ + projectProp.ToString() + “\n”);


            if (item.TryGetProperty(rmsActivityProp, out activityProp) && activityProp != null)


                rtItemProps.AppendText(“Activity: “ + activityProp.ToString() + “\n”);


            if (item.TryGetProperty(rmsInternalProp, out isInternalProp) && isInternalProp != null)


                rtItemProps.AppendText(“IsInternal: “ + isInternalProp.ToString() + “\n”);



Manually sign any file using a pfx file

A colleegue of mine recently build a MSI installer using some third party tool unknown to me. He kindly asked me, what he needed to do, to sign the installer using our corporate codesigning certificate.

I am used to build my installers using Visual Studio, but I remembered that I once or twice had used the SignTool.exe command line tool, to sign some files. I looked up the documentation for the tool And quickly I was able to create a command meeting my needs:

E:\VSS\USMT\MSIProject>signtool sign /f E:\VSS\CodeSigningCert\Trustzone\eg_codesigning.pfx /p mypassword /d USMTApp USMTApp.msi

Note: To me it seems rather important to remember the d options – adding a description to the installer. This will show when the user runs the isntallation package.