System.DirectoryServices.AccountManagement 函数无法探测某些计算机(但不能探测其他计算机)
工作目标和失败目标都是同一域中的计算机。代码在下面。当我对域中的某些计算机使用它时,我收到 System.DirectoryServices.AccountManagement.PrincipalOperationException 并显示一条消息:“尝试检索授权组时,发生错误 (1332)。”该错误是由 GetAuthorizationGroups() 引发的。
注意:在这两种情况下,我用于连接的用户名都是计算机的本地管理员。
PrincipalContext ctx = new PrincipalContext(ContextType.Machine, machineName, domainname + "\\" + adminusername, pass);
List<Principal> retList = new List<Principal>();
using (var user = UserPrincipal.FindByIdentity(ctx, probedusername))
{
if (user != null)
{
PrincipalSearchResult<Principal> groups = user.GetAuthorizationGroups();
foreach (Principal group in groups)
{
retList.Add(group);
}
}
}
Both the working and failing targets are machines in the same domain. Code is down below. When I use it against some machines in my domain, I get a System.DirectoryServices.AccountManagement.PrincipalOperationException with a message: "While trying to retrieve the authorization groups, an error (1332) occurred." The error is thrown by GetAuthorizationGroups().
Note: The username I use to connect is a local admin to the machine in both cases.
PrincipalContext ctx = new PrincipalContext(ContextType.Machine, machineName, domainname + "\\" + adminusername, pass);
List<Principal> retList = new List<Principal>();
using (var user = UserPrincipal.FindByIdentity(ctx, probedusername))
{
if (user != null)
{
PrincipalSearchResult<Principal> groups = user.GetAuthorizationGroups();
foreach (Principal group in groups)
{
retList.Add(group);
}
}
}
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我不知道您是否仍然遇到这个问题...我遇到了几乎相同的问题,但我们很长时间都无法解决。最后,我们从 PrimaryContext 实例化中删除了用户名/密码,它在所有机器上都有效......确实很奇怪,但它让我们很高兴。
如果没有用户名/密码,它会在当前帐户下运行,并且通常所有经过身份验证的用户都可以从同一域(至少在我们的域中)的远程计算机上读取组信息。通过指定的用户名/密码,我们会得到非常奇怪的结果,有时只有域组会返回,有时根本没有组,有时访问被拒绝消息......无论如何,这对我们有用。
I don't know if you are still having issues with this... I was having an almost identical issue and we couldn't figure it out either for the longest time. Finally we removed the username/password from the PrincipalContext instantiation and it worked on all machines... really weird but it made us happy.
Without a username/password it runs under the current account, and in general all authenticated users can read the group information off of a remote machine on the same domain (at least in our domain). With the username/password specified we would get REALLY weird results where sometimes only domain groups would come back, sometimes no groups at all, sometimes access denied messages... Anyways this worked for us.