UserPrincipal.GetGroups失败,出现未知错误
UserPrincipal.GetGroups失败,出现未知错误
提问于 2010-12-23 19:49:02
我正在尝试使用以下代码获取用户的所有Active Directory组:
private static IEnumerable<string> GetGroupNames(string userName)
{
using (var context = new PrincipalContext(ContextType.Domain))
{
using (var userPrincipal = UserPrincipal.FindByIdentity(context, userName))
{
var groupSearch = userPrincipal.GetGroups(context);
var result = new List<string>();
foreach (var principal in groupSearch)
{
Log.LogDebug("User {0} is member of group {0}", userPrincipal.DisplayName, principal.DisplayName);
result.Add(principal.SamAccountName);
}
return result;
}
}
}此代码正确地找到了用户主体,但在使用PrincipalOperationException: Unknown错误(0x80005000)调用GetGroups时失败。
根异常:
at System.DirectoryServices.AccountManagement.ADStoreCtx.GetGroupsMemberOf(Principal foreignPrincipal, StoreCtx foreignContext)
at System.DirectoryServices.AccountManagement.Principal.GetGroupsHelper(PrincipalContext contextToQuery)
at System.DirectoryServices.AccountManagement.Principal.GetGroups(PrincipalContext contextToQuery)
at [line of the GetGroup call]内部异常(COMException):
at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_AdsObject()
at System.DirectoryServices.PropertyValueCollection.PopulateList()
at System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry entry, String propertyName)
at System.DirectoryServices.PropertyCollection.get_Item(String propertyName)
at System.DirectoryServices.AccountManagement.ADUtils.RetriveWkDn(DirectoryEntry deBase, String defaultNamingContext, String serverNAnother report with this problem。
有什么线索吗?
回答 2
Stack Overflow用户
回答已采纳
发布于 2010-12-27 17:09:17
将Environment.UserDomainName作为名称参数添加到PrincipalContext有助于:
using (var context = new PrincipalContext(ContextType.Domain, Environment.UserDomainName))我仍然不明白为什么PrincipalContext(ContextType.Domain)只适用于查找UserPrincipal,而不适用于用户组。COM错误消息"unknown error“帮助不大,并且在MSDN中几乎没有记录只包含ContextType的PrincipalContext构造函数重载。正如Harvey Kwok指出的那样,这看起来像是.NET框架的问题。
Stack Overflow用户
发布于 2019-02-21 23:15:30
正如问题注释中所提到的,调用GetGroups时可能发生此特定错误的另一个原因是由于a documented bug in .NET and .NET Core。当尝试获取其AD可分辨名称中包含斜杠('/')的用户主体的组时,会发生此问题。
解决方法是编写您自己的GetGroups方法,至少在bug修复之前是这样。以下是一个仅返回组名称(还包括通讯组列表)的工作示例:
public static List<string> GetGroups(UserPrincipal user)
{
List<string> groupNames = new List<string>();
using (DirectoryEntry directoryEntryUser = (DirectoryEntry)user.GetUnderlyingObject())
{
object[] groups = GetAdPropertyValueObjectArray(directoryEntryUser, "memberOf");
const int prefixLength = 3;
const string prefix = "CN="; // CN = Common Name
if (groups != null)
{
foreach (string group in groups)
{
if (group.StartsWith(prefix, StringComparison.OrdinalIgnoreCase))
{
int commaIndex = group.IndexOf(",", prefixLength);
string groupName;
if (commaIndex >= 0)
groupName = group.Substring(prefixLength, commaIndex - prefixLength);
else
groupName = group.Substring(prefixLength);
if (groupName.Length > 0)
groupNames.Add(groupName);
}
}
}
}
return groupNames;
}
private static object[] GetAdPropertyValueObjectArray(DirectoryEntry userAccount, string adPropertyKey)
{
object[] result = null;
PropertyValueCollection property = userAccount.Properties[adPropertyKey];
if (property != null)
{
object propertyValue = property.Value;
if (propertyValue != null)
{
if (propertyValue is string)
{
result = new object[1];
result[0] = propertyValue;
}
else
{
result = (object[])propertyValue;
}
}
}
return result;
}页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/4518472
复制相关文章
相似问题
腾讯云开发者
