.net 请求用户';当调用方不在域中时,在AD中的s角色
我想在ActiveDirectory中获得用户的组成员身份,而不在域中。当我在域内运行这个时,一切都很好.net 请求用户';当调用方不在域中时,在AD中的s角色,.net,security,active-directory,directoryservices,.net,Security,Active Directory,Directoryservices,我想在ActiveDirectory中获得用户的组成员身份,而不在域中。当我在域内运行这个时,一切都很好 var context = new PrincipalContext(ContextType.Domain); var principal = UserPrincipal.FindByIdentity(context, IdentityType.Name, "administrator"); foreach (var authorizationGroup in principal.GetA
var context = new PrincipalContext(ContextType.Domain);
var principal = UserPrincipal.FindByIdentity(context, IdentityType.Name, "administrator");
foreach (var authorizationGroup in principal.GetAuthorizationGroups())
{
Console.WriteLine(authorizationGroup.Name);
}
var context = new PrincipalContext(ContextType.Domain, "10.0.1.255", "DC=test,DC=ad,DC=be", "administrator", "password");
principal.GetAuthorizationGroups()System.DirectoryServices.AccountManagement.PrincipalOperationException: Information about the domain could not be retrieved (1355).
at System.DirectoryServices.AccountManagement.Utils.GetDcName(String computerName, String domainName, String siteName, Int32 flags)
at System.DirectoryServices.AccountManagement.ADStoreCtx.LoadDomainInfo()
at System.DirectoryServices.AccountManagement.ADStoreCtx.get_DnsDomainName()
at System.DirectoryServices.AccountManagement.ADStoreCtx.GetGroupsMemberOfAZ(Principal p)
at System.DirectoryServices.AccountManagement.UserPrincipal.GetAuthorizationGroupsHelper()
at System.DirectoryServices.AccountManagement.UserPrincipal.GetAuthorizationGroups()
看起来像是DNS问题
DC定位器的工作原理是对SRV记录进行DNS查询,以在当前站点中找到合适的DC。如果这些东西不在DNS中,DC定位器将失败,这将发生在堆栈跟踪中。可能是这样,我现在无法验证它 我尝试了以下方法:我使用sysinternals优秀的Active DirectoryExplorer。使用相同凭据登录时:
10.0.1.255,“管理员”、“密码”["memberOf"] = "CN=TestGroup,CN=Users,DC=test,DC=ad,DC=be"
我只是不得不处理同样的问题。我希望这对其他人有帮助
/*Argument*/
string username;
/*Global settings*/
string ADHost = "dc.a.b.c"; /*Or ip address*/
string ADUsername = "username";
string ADPassword = "password";
string ADDomain = "a.b.c";
string ADContainer = "DC=A,DC=B,DC=C"; /*I have a function to do the translation*/
/*Global settings*/
var list = new List<string>();
var path = "LDAP://" + ADHost + "/" + ADContainer;
var deDomain = new DirectoryEntry(path, ADUsername, ADPassword);
var ds = new DirectorySearcher(deDomain, "(&(objectClass=User)(sAMAccountName=" + username + "))");
ds.SearchScope = SearchScope.Subtree; /*Cascade*/
ds.ReferralChasing = ReferralChasingOption.All; /*Follow redirection*/
var usr = ds.FindOne();
if (null != usr)
{
var deUsr = new DirectoryEntry(usr.Path, ADUsername, ADPassword);
foreach (string groupDN in deUsr.Properties["memberOf"])
{
string[] parts = groupDN.Replace("CN=", "").Split(',');
list.Add(parts[0]);
}
}
/*参数*/
字符串用户名;
/*全局设置*/
string ADHost=“dc.a.b.c”/*或ip地址*/
字符串ADUsername=“用户名”;
字符串ADPassword=“密码”;
字符串ADDomain=“a.b.c”;
string ADContainer=“DC=A,DC=B,DC=C”/*我有一个翻译的功能*/
/*全局设置*/
var list=新列表();
var path=“LDAP://”+ADHost+“/”+ADContainer;
var deDomain=新目录条目(路径、ADUsername、ADPassword);
var ds=newdirectorysearcher(deDomain,(&(objectClass=User)(sAMAccountName=“+username+”));
ds.SearchScope=SearchScope.Subtree/*级联*/
ds.ReferralChasing=ReferralChasingOption.All/*跟随重定向*/
var usr=ds.FindOne();
如果(null!=usr)
{
var deUsr=新目录条目(usr.Path、ADUsername、ADPassword);
foreach(deUsr.Properties[“memberOf”]中的字符串groupDN)
{
string[]parts=groupDN.Replace(“CN=”,”).Split(“,”);
列表。添加(零件[0]);
}
}