Question

我有以下代码：

        DirectoryEntry directoryEntry = default(DirectoryEntry);
        // Binding object. 
        DirectoryEntry objGroupEntry = default(DirectoryEntry);
        // Group Results. 
        DirectorySearcher objSearchADAM = default(DirectorySearcher);
        // Search object. 
        SearchResultCollection objSearchResults = default(SearchResultCollection);
        // Binding path. 
        ActiveDirectory result = new ActiveDirectory();
        ActiveDirectoryItem treeNode;

    string adServer = ADTestProject.Properties.Settings.Default.Server;
    string adDomain = ADTestProject.Properties.Settings.Default.Domain;
    string adUsername = ADTestProject.Properties.Settings.Default.AdiminUsername;
    string password = ADTestProject.Properties.Settings.Default.Password;

    string[] dc = adDomain.Split('.');

    string dcAdDomain = string.Empty;

    foreach (string item in dc)
    {
        if (dc[dc.Length - 1].Equals(item))
            dcAdDomain = dcAdDomain + "DC=" + item;
        else
            dcAdDomain = dcAdDomain + "DC=" + item + ",";
    }

    // Get the AD LDS object. 

        if (pathToAD.Length > 0)
            directoryEntry = new DirectoryEntry("LDAP://" + adServer + "/CN=Users," + dcAdDomain, adUsername, password);
        else
            directoryEntry = new DirectoryEntry();

        DirectorySearcher ds = new DirectorySearcher(directoryEntry);
        ds.SearchScope = SearchScope.Subtree;
        ds.Filter = "(&(objectClass=group))";

        objSearchResults = ds.FindAll();

然后这个：

if (objSearchResults.Count != 0)
{
    foreach (SearchResult objResult in objSearchResults)
    {
        objGroupEntry = objResult.GetDirectoryEntry();
        result.ActiveDirectoryTree.Add(new ActiveDirectoryItem() 
        { Id = objGroupEntry.Guid, 
            ParentId = objGroupEntry.Parent.Guid, 
            AccountName = objGroupEntry.Name, 
            Type = ActiveDirectoryType.Group, 
            PickableNode = false 
        });

        foreach (object child in objGroupEntry.Properties["member"])
        {
            treeNode = new ActiveDirectoryItem();
            var path = child.ToString().Replace;
            using (var memberEntry = new DirectoryEntry(path))
            {

                if (memberEntry.Username != null && memberEntry.SchemaEntry.Name.CompareTo("group") != 0 
                    && memberEntry.Properties.Contains("sAMAccountName") && memberEntry.Properties.Contains("objectSid"))
                {
                    treeNode.Id = Guid.NewGuid();
                    treeNode.ParentId = objGroupEntry.Guid;
                    treeNode.AccountName = memberEntry.Properties["sAMAccountName"][0].ToString();
                    treeNode.Type = ActiveDirectoryType.User;
                    treeNode.PickableNode = true;
                    treeNode.FullName = memberEntry.Properties["Name"][0].ToString();

                    byte[] sidBytes = (byte[])memberEntry.Properties["objectSid"][0];
                    treeNode.ObjectSid = new System.Security.Principal.SecurityIdentifier(sidBytes, 0).ToString();

                    result.ActiveDirectoryTree.Add(treeNode);
                }
            }
        }
    }
}

Child.ToString可能如下所示：

CN=S-1-5-18,CN=ForeignSecurityPrincipals,DC=MyDomain,DC=local

问题是memberEntry在其属性上获得了很多异常？为什么呢？

例外是：

'memberEntry.Name'引发了类型异常   'System.Runtime.InteropServices.COMException'字符串   {System.Runtime.InteropServices.COMException} - 未指定错误   -2147467259

Stacktrace：at   System.DirectoryServices.DirectoryEntry.Bind（Boolean throwIfFail）
  在System.DirectoryServices.DirectoryEntry.Bind（）at   System.DirectoryServices.DirectoryEntry.get_Name（）

Answer 1

与OP聊天后，我们确定问题出现在path中使用的DirectoryEntry变量中，以及OP环境中需要的显式身份验证。

从Active Directory获取所有用户？

2 个答案: