我正在尝试使用以下代码获取用户的所有Active Directory组:
private static IEnumerable<string> GetGroupNames(string userName)
{
using (var context = new PrincipalContext(ContextType.Domain))
{
using (var userPrincipal = UserPrincipal.FindByIdentity(context, userName))
{
var groupSearch = userPrincipal.GetGroups(context);
var result = new List<string>();
foreach (var principal in groupSearch)
{
Log.LogDebug("User {0} is member of group {0}", userPrincipal.DisplayName, principal.DisplayName);
result.Add(principal.SamAccountName);
}
return result;
}
}
}
此代码正确找到用户主体,但是在使用PrincipalOperationException调用GetGroups时失败:未知错误(0x80005000)。
根异常:
at System.DirectoryServices.AccountManagement.ADStoreCtx.GetGroupsMemberOf(Principal foreignPrincipal, StoreCtx foreignContext)
at System.DirectoryServices.AccountManagement.Principal.GetGroupsHelper(PrincipalContext contextToQuery)
at System.DirectoryServices.AccountManagement.Principal.GetGroups(PrincipalContext contextToQuery)
at [line of the GetGroup call]
内部异常(COMException):
at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_AdsObject()
at System.DirectoryServices.PropertyValueCollection.PopulateList()
at System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry entry, String propertyName)
at System.DirectoryServices.PropertyCollection.get_Item(String propertyName)
at System.DirectoryServices.AccountManagement.ADUtils.RetriveWkDn(DirectoryEntry deBase, String defaultNamingContext, String serverN
Another report with this problem。
有什么线索吗?
最佳答案
将Environment.UserDomainName添加为PrincipalContext的名称参数有助于:
using (var context = new PrincipalContext(ContextType.Domain, Environment.UserDomainName))
我仍然不知道为什么PrincipalContext(ContextType.Domain)仅用于查找UserPrincipal而不是用户组。 COM错误消息“未知错误”不是很有用,MSDN上实际上没有记录仅ContextType的PrincipalContext构造函数重载。正如Harvey Kwok指出的那样,它闻起来像.NET框架的问题。
关于.net - UserPrincipal.GetGroups失败,出现未知错误,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/4518472/