ske*_*ank 4 c# active-directory
背景:
我已经使用UserPrincipal.GetAuthorizationGroups了一段时间来检查2个不同应用程序的权限.他们已经好几年了.最近一些用户已经收到标题(System.DirectoryServices.AccountManagement.PrincipalOperationException)中提到的错误,而其他用户没有.我怀疑它可能与在Windows Server 2012上运行的新域控制器有关,因为问题在添加后的第二天就开始了.完整错误如下:
例外:
System.DirectoryServices.AccountManagement.PrincipalOperationException:枚举组时发生错误(1301).该组的SID无法解决.
在System.DirectoryServices.AccountManagement.SidList.TranslateSids(String target,IntPtr [] pSids)at System.DirectoryServices.AccountManagement.SidList..ctor(SID_AND_ATTR [] sidAndAttr)
at System.DirectoryServices.AccountManagement.AuthZSet..ctor(Byte [] userSid,NetCred credentials,ContextOptions contextOptions,String flatUserAuthority,StoreCtx userStoreCtx,Object userCtxBase)
在System.DirectoryServices.AccountManagement.ADStoreCtx.GetGroupsMemberOfAZ ... p)
在System.DirectoryServices.AccountManagement.UserPrincipal.GetAuthorizationGroups
题:
我该如何解决?
我找到了一个替代方案DirectorySearcher:
var allDomains = Forest.GetCurrentForest().Domains.Cast<Domain>();
var allSearcher = allDomains.Select(domain =>
{
DirectorySearcher searcher = new DirectorySearcher(
new DirectoryEntry("LDAP://" + domain.Name));
searcher.Filter = String.Format(
"(&(&(objectCategory=person)(objectClass=user)(userPrincipalName=*{0}*)))",
"Current User Login Name");
return searcher;
}
);
var directoryEntriesFound =
allSearcher.SelectMany(searcher =>
searcher.FindAll()
.Cast<SearchResult>()
.Select(result => result.GetDirectoryEntry()));
var memberOf = directoryEntriesFound.Select(entry =>
{
using (entry)
{
return new
{
Name = entry.Name,
GroupName = ((object[])entry.Properties["MemberOf"].Value)
.Select(obj => obj.ToString())
};
}
}
);
foreach (var user in memberOf)
{
foreach (var groupName in user.GroupName)
{
if (groupName.Contains("Group to Find"))
{
// Do something if the user is in that group
}
}
}
| 归档时间: |
|
| 查看次数: |
11889 次 |
| 最近记录: |