“从服务器返回了推荐”从C#访问AD时出现异常
DirectoryEntry oDE = new DirectoryEntry("LDAP://DC=Test1,DC=Test2,DC=gov,DC=lk");
using (DirectorySearcher ds = new DirectorySearcher(oDE))
{
ds.PropertiesToLoad.Add("name");
ds.PropertiesToLoad.Add("userPrincipalName");
ds.Filter = "(&(objectClass=user))";
SearchResultCollection results = ds.FindAll();
foreach (SearchResult result in results)
{
Console.WriteLine("{0} - {1}",
result.Properties["name"][0].ToString(),
result.Properties["userPrincipalName"][0].ToString());
}
}
在 SearchResultCollection results = ds.FindAll(); 行我得到一个异常:
从服务器返回引用
为什么我会收到该异常?这意味着什么?
DirectoryEntry oDE = new DirectoryEntry("LDAP://DC=Test1,DC=Test2,DC=gov,DC=lk");
using (DirectorySearcher ds = new DirectorySearcher(oDE))
{
ds.PropertiesToLoad.Add("name");
ds.PropertiesToLoad.Add("userPrincipalName");
ds.Filter = "(&(objectClass=user))";
SearchResultCollection results = ds.FindAll();
foreach (SearchResult result in results)
{
Console.WriteLine("{0} - {1}",
result.Properties["name"][0].ToString(),
result.Properties["userPrincipalName"][0].ToString());
}
}
On the SearchResultCollection results = ds.FindAll(); line I get an exception:
A referral was returned from the server
Why do I get that exception and what does it mean?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(9)
可能您提供的路径不正确。检查一下。
我会推荐这篇文章 Howto:(几乎)通过 C# 实现 Active Directory 中的所有内容,这在过去处理 AD 方面确实对我有帮助。
Probably the path you supplied was not correct. Check that.
I would recomment the article Howto: (Almost) Everything In Active Directory via C# which really helped me in the past in dealing with AD.
当 AD 服务器本身没有所请求的信息,但知道另一台服务器有该信息时,就会发送引用。它通常出现在信任环境中,其中DC可以引用受信任域中的DC。
在您的情况下,您仅指定一个域,依赖于自动查找要使用的域控制器。我认为您应该尝试找出用于查询的域控制器,并查看该域控制器是否确实包含所请求的信息。
如果您提供有关 AD 设置的更多信息,包括域控制器的任何信任/子域、全局目录和 DNS 资源记录,它将更容易为您提供帮助。
A referral is sent by an AD server when it doesn't have the information requested itself, but know that another server have the info. It usually appears in trust environment where a DC can refer to a DC in trusted domain.
In your case you are only specifying a domain, relying on automatic lookup of what domain controller to use. I think that you should try to find out what domain controller is used for the query and look if that one really holds the requested information.
If you provide more information on your AD setup, including any trusts/subdomains, global catalogues and the DNS resource records for the domain controllers it will be easier to help you.
这就是问题的答案。原因是我的 LDAP 字符串错误。
This is the answer for the question.Reason for the cause is my LDAP string was wrong.
您可能还需要在 DirectorySearcher 上启用 ReferralChasing - http://msdn.microsoft.com/en-us/library/ms180884(VS.80).aspx" rel="nofollow">http:// /msdn.microsoft.com/en-us/library/ms180884(VS.80).aspx。
You may also need to enable ReferralChasing on the DirectorySearcher - http://msdn.microsoft.com/en-us/library/ms180884(VS.80).aspx.
遇到了同样的问题并设法解决了它。
就我而言,我在当前登录域中有一个 AD 组,其中包含来自子域的成员(用户)。我运行代码的服务器无法访问子域的域控制器(该服务器以前从未需要访问子域)。
我挣扎了一段时间,因为我的台式电脑可以访问域,所以 MMC 插件(Active Directory 用户和计算机)中的一切看起来都正常。
希望对其他人有帮助。
Had the same issue and managed to resolve it.
In my case, I had an AD group in the current logon domain with members (users) from a sub domain. The server that I was running the code on could not access the domain controller of the sub domain (the server had never needed to access the sub domain before).
I struggled for a while as my desktop PC could access the domain so everything looked OK in the MMC plugin (Active Directory Users & Computers).
Hope that helps someone else.
我知道这可能听起来很愚蠢,但我最近自己也遇到过这个问题,请确保域控制器不是只读的。
I know this might sound silly, but I recently came across this myself, Make sure the domain controller is not read-only.
就我而言,当我使用受信任域中的帐户通过 SSO 访问 AD 时,我看到了推荐。当我使用本地域中的显式凭据连接时,问题就消失了。
即我替换
为
,问题就消失了。
In my case I was seeing referrals when I was accessing AD via SSO with an account in a trusted domain. The problem went away when I connected with explicit credentials in the local domain.
i.e. I replaced
with
and the problem went away.
从服务器错误返回引用通常意味着 IP 地址不是由连接字符串上提供的域托管的。有关更多详细信息,请参阅此链接:
推荐已返回 AD 提供商
为了说明问题,我们定义了托管在不同域上的两个 IP 地址:
IP 地址 DC 名称注释
172.1.1.10 ozkary.com 生产域
172.1.30.50 ozkaryDev.com 开发域
如果我们使用以下格式定义 LDAP 连接字符串:
LDAP://172.1.1.10:389/OU=USERS,DC=OZKARYDEV,DC=COM
这将生成错误,因为 IP 实际上位于 OZKARY 上DC 不是 OZKARYDEV DC。要解决此问题,我们需要使用与域关联的 IP 地址。
A referral was returned from the server error usually means that the IP address is not hosted by the domain that is provided on the connection string. For more detail, see this link:
Referral was returned AD Provider
To illustrate the problem, we define two IP addresses hosted on different domains:
IP Address DC Name Notes
172.1.1.10 ozkary.com Production domain
172.1.30.50 ozkaryDev.com Development domain
If we defined a LDAP connection string with this format:
LDAP://172.1.1.10:389/OU=USERS,DC=OZKARYDEV,DC=COM
This will generate the error because the IP is actually on the OZKARY DC not the OZKARYDEV DC. To correct the problem, we would need to use the IP address that is associated to the domain.
我也遇到了同样的问题,这是一个愚蠢的错误,错误地拼写了其中一个 DC 字符串。
I had the same problem and it was a silly mistake of misspelling one of the DC strings.