我整个上午都试图解决这个问题,但是他们似乎都没有工作。
我一直在为我们的课程管理员修改AD的用户管理界面,这个想法只是显示他们需要的东西,而解决方案在开发服务器上工作正常,我在prod上得到了上述错误。
我已经尝试了我能找到的所有东西,比如HostingEnvironment.Impersonate,将服务帐户推广到域管理员,但注意到有效。
public static List<GroupPrincipal> GetGroups(string client) { List<GroupPrincipal> List = new List<GroupPrincipal>(); DirectoryEntry ou = null; GroupPrincipal group = null; PrincipalContext context = null; if (domain.Path.ToLower().Contains(DevDN.ToLower())) { context = new PrincipalContext(ContextType.Domain, DevDom, DevDN, DevService, DevServicePass); } else { context = new PrincipalContext( ContextType.Domain, LiveDom, LiveDN, LiveService, LiveServicePass); } DirectorySearcher searcher = new DirectorySearcher(domain, "(&(ou=" + client + ")(objectClass=organizationalUnit))"); try { ou = new DirectoryEntry(searcher.FindOne().Path); } catch (System.Exception ex) { Log.WriteError("SUGM.ADLink.GetGroups", "Unable to locate client: " + ex.Message); List = null; return List; } try { foreach (DirectoryEntry groups in ou.Children) { if (groups.SchemaClassName == "group") { string name = groups.Name.Replace("CN=", ""); group = GroupPrincipal.FindByIdentity(context, name); List.Add(group); } } } catch (System.Exception ex) { Log.WriteError("SUGM.ADLink.GetGroups", "Unable to add groups to list: " + ex.Message); List = null; return List; } return List; }在调试时我已经检查并且正在传递所有正确的值,但它总是在foreach块上失败。
任何人都可以指出我做错了什么。
干杯
I've been going through previous post trying to resolve this issue all morning, but none of them seem to work.
I have been righting a user management interface for AD for our course admins, the idea being to only display exactly what they need, while the solution works fine on the dev servers, i get the above error on prod.
I have tried every thing i can find, like HostingEnvironment.Impersonate, promoting the service account to a domain admin, but noting works.
public static List<GroupPrincipal> GetGroups(string client) { List<GroupPrincipal> List = new List<GroupPrincipal>(); DirectoryEntry ou = null; GroupPrincipal group = null; PrincipalContext context = null; if (domain.Path.ToLower().Contains(DevDN.ToLower())) { context = new PrincipalContext(ContextType.Domain, DevDom, DevDN, DevService, DevServicePass); } else { context = new PrincipalContext( ContextType.Domain, LiveDom, LiveDN, LiveService, LiveServicePass); } DirectorySearcher searcher = new DirectorySearcher(domain, "(&(ou=" + client + ")(objectClass=organizationalUnit))"); try { ou = new DirectoryEntry(searcher.FindOne().Path); } catch (System.Exception ex) { Log.WriteError("SUGM.ADLink.GetGroups", "Unable to locate client: " + ex.Message); List = null; return List; } try { foreach (DirectoryEntry groups in ou.Children) { if (groups.SchemaClassName == "group") { string name = groups.Name.Replace("CN=", ""); group = GroupPrincipal.FindByIdentity(context, name); List.Add(group); } } } catch (System.Exception ex) { Log.WriteError("SUGM.ADLink.GetGroups", "Unable to add groups to list: " + ex.Message); List = null; return List; } return List; }While debugging I have check and all the correct values are being passed, but it alway fails on the foreach block.
Can anyone point out what I'm doing wrong.
Cheers
最满意答案
您应该避免混合System.DirectoryServices和System.DirectoryServices.AccountManagement命名空间 - 这不是一个非常好的策略!
你也可以在S.DS.AM(.NET 3.5)中做你想做的一切! 而且也更容易。
您可以使用PrincipalSearcher和“按示例查询”主体进行搜索:
// create your domain context and specify the initial container to work from PrincipalContext ctx = new PrincipalContext(ContextType.Domain, "YOURDOMAIN", "OU=YourStartingPoint,DC=YourCompany,DC=com"); // define a "query-by-example" principal - here, we search for a GroupPrincipal GroupPrincipal qbeGroup = new GroupPrincipal(ctx); // create your principal searcher passing in the QBE principal PrincipalSearcher srch = new PrincipalSearcher(qbeGroup); // find all matches foreach(var found in srch.FindAll()) { // do whatever here - "found" is of type "Principal" - it could be user, group, computer..... }如果您还没有 - 绝对阅读MSDN文章.NET Framework 3.5中的管理目录安全主体,它很好地展示了如何充分利用System.DirectoryServices.AccountManagement中的新功能。 或者,请参阅System.DirectoryServices.AccountManagement命名空间上的MSDN文档 。
You should avoid mixing the System.DirectoryServices and System.DirectoryServices.AccountManagement namespaces - that's not a very good strategy!
You can do all you want in S.DS.AM (.NET 3.5), too! And much easier, too.
You can use a PrincipalSearcher and a "query-by-example" principal to do your searching:
// create your domain context and specify the initial container to work from PrincipalContext ctx = new PrincipalContext(ContextType.Domain, "YOURDOMAIN", "OU=YourStartingPoint,DC=YourCompany,DC=com"); // define a "query-by-example" principal - here, we search for a GroupPrincipal GroupPrincipal qbeGroup = new GroupPrincipal(ctx); // create your principal searcher passing in the QBE principal PrincipalSearcher srch = new PrincipalSearcher(qbeGroup); // find all matches foreach(var found in srch.FindAll()) { // do whatever here - "found" is of type "Principal" - it could be user, group, computer..... }If you haven't already - absolutely read the MSDN article Managing Directory Security Principals in the .NET Framework 3.5 which shows nicely how to make the best use of the new features in System.DirectoryServices.AccountManagement. Or see the MSDN documentation on the System.DirectoryServices.AccountManagement namespace.
更多推荐
发布评论