当调用者不在域中时请求用户在 AD 中的角色
我想在 ActiveDirectory 中获取用户的组成员身份,而不是在域中。 当我在域内运行它时,一切都很好。
var context = new PrincipalContext(ContextType.Domain);
var principal = UserPrincipal.FindByIdentity(context, IdentityType.Name, "administrator");
foreach (var authorizationGroup in principal.GetAuthorizationGroups())
{
Console.WriteLine(authorizationGroup.Name);
}
但是,当我在域外运行时,我必须指定PrincipalContext:
var context = new PrincipalContext(ContextType.Domain, "10.0.1.255", "DC=test,DC=ad,DC=be", "administrator", "password");
当我运行此代码时,在执行principal.GetAuthorizationGroups()时出现异常。 我得到的例外是:
System.DirectoryServices.AccountManagement.PrincipalOperationException: Information about the domain could not be retrieved (1355).
at System.DirectoryServices.AccountManagement.Utils.GetDcName(String computerName, String domainName, String siteName, Int32 flags)
at System.DirectoryServices.AccountManagement.ADStoreCtx.LoadDomainInfo()
at System.DirectoryServices.AccountManagement.ADStoreCtx.get_DnsDomainName()
at System.DirectoryServices.AccountManagement.ADStoreCtx.GetGroupsMemberOfAZ(Principal p)
at System.DirectoryServices.AccountManagement.UserPrincipal.GetAuthorizationGroupsHelper()
at System.DirectoryServices.AccountManagement.UserPrincipal.GetAuthorizationGroups()
I would like to get a user's group memberships in an ActiveDirectory, without being in the domain. When I run this inside the domain, all is well.
var context = new PrincipalContext(ContextType.Domain);
var principal = UserPrincipal.FindByIdentity(context, IdentityType.Name, "administrator");
foreach (var authorizationGroup in principal.GetAuthorizationGroups())
{
Console.WriteLine(authorizationGroup.Name);
}
However, when I run outside the domain, I have to specify the PrincipalContext lie this:
var context = new PrincipalContext(ContextType.Domain, "10.0.1.255", "DC=test,DC=ad,DC=be", "administrator", "password");
When I run this code, I get an exception when I execute principal.GetAuthorizationGroups(). The exception I get is:
System.DirectoryServices.AccountManagement.PrincipalOperationException: Information about the domain could not be retrieved (1355).
at System.DirectoryServices.AccountManagement.Utils.GetDcName(String computerName, String domainName, String siteName, Int32 flags)
at System.DirectoryServices.AccountManagement.ADStoreCtx.LoadDomainInfo()
at System.DirectoryServices.AccountManagement.ADStoreCtx.get_DnsDomainName()
at System.DirectoryServices.AccountManagement.ADStoreCtx.GetGroupsMemberOfAZ(Principal p)
at System.DirectoryServices.AccountManagement.UserPrincipal.GetAuthorizationGroupsHelper()
at System.DirectoryServices.AccountManagement.UserPrincipal.GetAuthorizationGroups()
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
看起来像是 DNS 问题。
DC 定位器的工作原理是对 SRV 记录进行 DNS 查询,以在当前站点中查找适当的 DC。 如果这些东西不在 DNS 中,DC 定位器将失败,这发生在堆栈跟踪中。
Looks like a DNS problem.
DC locator works by doing DNS queries for SRV records to find the appropriate DC in your current site. If that stuff isn't in DNS, DC locator will fail, which is happening in your stack trace.
我只需要处理同样的问题。 我希望这对其他人有帮助。
I just had to deal with same problem. I hope this help someone else.
可能是这样,我现在无法验证。
我尝试了以下方法:我使用 sysinternals 优秀的 Active DirectoryExplorer。 使用相同凭据登录时:
10.0.1.255, "administrator", "password"现在我可以看到用户的组没有问题,如下所示
It might be that, I can't verify it right now.
I tried the following: I use sysinternals' excellent Active DirectoryExplorer. When logging in with the same credentials:
10.0.1.255, "administrator", "password"Now I can see the user's groups without problems as