我想在ActiveDirectory中获得用户的组成员身份,而不必在域中。当我在域中运行此命令时,一切都很好。
var context = new PrincipalContext(ContextType.Domain);
var principal = UserPrincipal.FindByIdentity(context, IdentityType.Name, "administrator");
foreach (var authorizationGroup in principal.GetAuthorizationGroups())
{
Console.WriteLine(authorizationGroup.Name);
}
但是,当我在域外运行时,必须指定PrincipalContext:
var context = new PrincipalContext(ContextType.Domain, "10.0.1.255", "DC=test,DC=ad,DC=be", "administrator", "password");
运行此代码时,执行
principal.GetAuthorizationGroups()时出现异常。我得到的异常(exception)是:System.DirectoryServices.AccountManagement.PrincipalOperationException: Information about the domain could not be retrieved (1355).
at System.DirectoryServices.AccountManagement.Utils.GetDcName(String computerName, String domainName, String siteName, Int32 flags)
at System.DirectoryServices.AccountManagement.ADStoreCtx.LoadDomainInfo()
at System.DirectoryServices.AccountManagement.ADStoreCtx.get_DnsDomainName()
at System.DirectoryServices.AccountManagement.ADStoreCtx.GetGroupsMemberOfAZ(Principal p)
at System.DirectoryServices.AccountManagement.UserPrincipal.GetAuthorizationGroupsHelper()
at System.DirectoryServices.AccountManagement.UserPrincipal.GetAuthorizationGroups()
最佳答案
看起来像DNS问题。
DC定位器通过对SRV记录进行DNS查询以在当前站点中找到适当的DC来工作。如果该内容不在DNS中,则DC定位器将失败,这将在堆栈跟踪中发生。
关于.net - 当调用者不在域中时,请求在AD中的用户角色,我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/511396/