我有一些代码可以查看用户是否属于AD组。除非来自外部域的用户属于该组并且已被删除,否则此代码有效。发生这种情况时,代码将抛出PrincipalOperationException。
枚举组时发生错误(1301)。该组的SID无法解决。
public static bool IsGroupMember(string userName, string domain, string groupName)
{
using (var pc = new PrincipalContext(ContextType.Domain, domain))
{
// Find a user
UserPrincipal user = UserPrincipal.FindByIdentity(pc, userName);
if (user == null)
throw new InvalidUserException("User '" + userName + "' does not exist.");
// Create MyDomain domain context
using (var ctx = new PrincipalContext(ContextType.Domain, "MyDomain"))
{
// Find the group in question
GroupPrincipal group = GroupPrincipal.FindByIdentity(ctx, groupName);
if (group == null)
throw new InvalidGroupException("Group '" + groupName + "' does not exist.");
// Check if user is member of that group
if (group.GetMembers(true).Contains(user))
return true;
else
return false;
}
}
}
我有什么选择。我希望在执行包含之前过滤GetMembers以删除已删除的对象但尚未成功。我是否需要退出AccountManagement并做一些更手动的事情?