我想通过SSL和端口696进行Active Directory操作并使用此测试代码:
var domain = "server:636";
var domainPath = "DC=x,DC=y,DC=c";
var username = @"abc";
var userSearch = @"abc2";
var password = @"password";
using (var context = new PrincipalContext(ContextType.Domain, domain, domainPath, ContextOptions.Negotiate | ContextOptions.SecureSocketLayer,username,password))
{
UserPrincipal p = UserPrincipal.FindByIdentity(context, IdentityType.SamAccountName, userSearch);
var groups = p.GetGroups(context);
foreach (GroupPrincipal g in groups)
{
Console.WriteLine(g.ToString());
}
}
我在p.GetGroups(context)获得了例外:
Ein Ausnahmefehler des Typs “System.Runtime.InteropServices.COMException”ist in System.DirectoryServices.dll aufgetreten。
ZusätzlicheInformationen:Der Server istnichtfunkktionstüchtig。
在防火墙检查后,我们意识到,第一部分是通过LDAPS和SSL处理的,而getGroups调用是在没有SSL的情况下通过LDAP处理的,并且被防火墙阻止。
我也试过
var groups = p.GetGroups();
以及许多其他变体。但我没有遇到问题。
编辑20160614 - 解决方法:
var entry = (DirectoryEntry)user.GetUnderlyingObject();
int propertyCount = entry.Properties["memberOf"].Count;
for (int propertyCounter = 0; propertyCounter < propertyCount; propertyCounter++)
{
var dn = (String)entry.Properties["memberOf"][propertyCounter];
var equalsIndex = dn.IndexOf("=", 1, StringComparison.Ordinal);
var commaIndex = dn.IndexOf(",", 1, StringComparison.Ordinal);
if (-1 == equalsIndex)
{
break;
}
var groupName = (dn.Substring((equalsIndex + 1), (commaIndex - equalsIndex) - 1));
var groupPrincipal = GroupPrincipal.FindByIdentity(principalContext, groupName.Replace("\\",""));
// Do something with your groupPricipal
}