Active Directory 跨域 - 使用PrincipalContext 的组成员
我试图通过使用 C# 中的 DirectoryServices.AccouneManagement 命名空间类来获取给定活动目录组的成员。
如果我为特定域指定了主要上下文对象构造函数,那么每当我访问来自其他域的组中的成员时,我都会遇到以下错误: “服务器返回了推荐”。
场景是:我在根域下有不同的子域 例如:emea.mycorp.com、asia.mycorp.com、asiapacific.mycorp.com、xyz.mycorp.com
如果我从域 xyz.mycorp.com 运行以下代码,对于 asiapacific 中的一个组 如果我指定我可以访问该组的主体上下文对象中的 servername 。
private PrincipalContext context =
new PrincipalContext(ContextType.Domain, "asiapacific domain server name");
如果我的组有来自其他域(如 emea\abcd)的用户,则以下代码在 UserPrincipal 处失败:
GroupPrincipal SearchGroup = GroupPrincipal.FindByIdentity(context, "Dev Team");
GroupName = new List<string>();
foreach (UserPrincipal p in SearchGroup.GetMembers())
{
GroupName.Add(p.SamAccountName + " " + p.DistinguishedName + " " + p.Name);
}
那么,有没有一种方法可以传递根域的上下文,以便代码无论在哪个域都可以工作用户所属。我在下面尝试过,但没有运气:
private PrincipalContext context =
new PrincipalContext(ContextType.Domain, "mycorp.com");
或者
private PrincipalContext context =
new PrincipalContext(ContextType.Domain, "DC=mycorp,DC=com");
I am trying to fetch the members of a given active directory group by using DirectoryServices.AccouneManagement namespaces classes in c#.
If I have my principal context object constructor specified for a specific domain, then whenever I access the member from the the group which is from the other domains I am running into the below error:
"A referral was returned from the server".
Scenario is : I have different sub domains under root domain
Eg: emea.mycorp.com, asia.mycorp.com, asiapacific.mycorp.com, xyz.mycorp.com
If i am running the below code from the domain xyz.mycorp.com, for a group in asiapacific If I specify the servername in the principal context object I could access the group.
private PrincipalContext context =
new PrincipalContext(ContextType.Domain, "asiapacific domain server name");
If my group has the users from other domains like emea\abcd, the below code fails at UserPrincipal:
GroupPrincipal SearchGroup = GroupPrincipal.FindByIdentity(context, "Dev Team");
GroupName = new List<string>();
foreach (UserPrincipal p in SearchGroup.GetMembers())
{
GroupName.Add(p.SamAccountName + " " + p.DistinguishedName + " " + p.Name);
}
So, Is there a way that I can pass the context for the root domain, so that the code will work irrespective of the domain to which the user belongs to. I tried below and with none of it with luck:
private PrincipalContext context =
new PrincipalContext(ContextType.Domain, "mycorp.com");
or
private PrincipalContext context =
new PrincipalContext(ContextType.Domain, "DC=mycorp,DC=com");
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
试试这个:
这将使用本地域控制器上的全局编录服务创建PrincipalContext(当然,这假设您的本地DC也是GC)。这将允许搜索整个森林。
Try this:
This will create the PrincipalContext using the global catalog service on your local domain controller (of course, this assumes that your local DC is a GC as well). This will allow searches of the entire forest.