gro*_*ans 6 .net security directoryservices active-directory
我希望在ActiveDirectory中获得用户的组成员资格,而不在域中.当我在域内运行时,一切都很好.
var context = new PrincipalContext(ContextType.Domain);
var principal = UserPrincipal.FindByIdentity(context, IdentityType.Name, "administrator");
foreach (var authorizationGroup in principal.GetAuthorizationGroups())
{
Console.WriteLine(authorizationGroup.Name);
}
但是,当我在域外运行时,我必须指定PrincipalContext:
var context = new PrincipalContext(ContextType.Domain, "10.0.1.255", "DC=test,DC=ad,DC=be", "administrator", "password");
当我运行此代码时,执行时会出现异常principal.GetAuthorizationGroups().我得到的例外是:
System.DirectoryServices.AccountManagement.PrincipalOperationException: Information about the domain could not be retrieved (1355).
at System.DirectoryServices.AccountManagement.Utils.GetDcName(String computerName, String domainName, String siteName, Int32 flags)
at System.DirectoryServices.AccountManagement.ADStoreCtx.LoadDomainInfo()
at System.DirectoryServices.AccountManagement.ADStoreCtx.get_DnsDomainName()
at System.DirectoryServices.AccountManagement.ADStoreCtx.GetGroupsMemberOfAZ(Principal p)
at System.DirectoryServices.AccountManagement.UserPrincipal.GetAuthorizationGroupsHelper()
at System.DirectoryServices.AccountManagement.UserPrincipal.GetAuthorizationGroups()
看起来像是 DNS 问题。
DC 定位器的工作原理是对 SRV 记录进行 DNS 查询,以在当前站点中查找适当的 DC。如果这些东西不在 DNS 中,DC 定位器将失败,这发生在堆栈跟踪中。
| 归档时间: |
|
| 查看次数: |
5038 次 |
| 最近记录: |