To be exploited, an IDOR issue must be combined with an Access Control issue because it's the Access Control issue that "allow" the attacker to access to the object for which he have guessed the identifier through is enumeration attack.
So long as you have proper access controls in place, and return the same error for accounts that the current user doesn't have permission to access as for accounts which don't exist, there shouldn't be any problems.
Depending on what you're doing, you might be able to drop the querystring and deduce the record to display based on the currently logged-in user. Or you could replace the IDs with a Guid, which would be much harder to enumerate.
"These people looked deep within my soul and assigned me a number based on the order in which I joined." - Homer
Assuming your variables are well-named, you're doing a subtree search off of a full DN. You want a search scope of "Base". A user object has no subtree; it's not a container like an OU.
Another suggestion, your structure is highly coupled and can be easily jacked up by very minor changes to the directory. Assuming that you're using a SAM Name for login, you can completely skip the SQL server.
If you really need the SQL, though, you're doing it wrong. Use a parameterized query to leverage the DBMS rather than pulling the whole table and iterating it locally. So many wasted cycles!
"Never attribute to malice that which can be explained by stupidity."
- Hanlon's Razor
I am using ASP.NET MVC in one of my projects. I want to import an Excel file from the local computer and store it on the server and also want to export the Excel file. How do I do import and export of excel file in ASP.NET MVC?