Question

我写了一个小应用程序来检查AD组成员。当我在我的电脑上执行以下代码时，它运行良好，SearchResult包含＆＃34;成员＆＃34;属性，但是当我在服务器或另一台计算机上运行相同的exe时，＆＃34;成员＆＃34;财产缺失。改变和改造也会有所不同。我在每台电脑上用同一个用户运行exe。是什么导致这种情况？

...
using (DirectorySearcher searcher = new DirectorySearcher())
{
    searcher.CacheResults = false;
    searcher.Filter = "(&(objectClass=group)(cn=" + ADName + "))";
    searcher.SizeLimit = int.MaxValue;
    searcher.PageSize = int.MaxValue;
    if (!DirectoryEntry.Exists(ADPath))
    {
        return null;
    }
    searcher.SearchRoot = new DirectoryEntry(ADPath);
    using (SearchResultCollection collection = searcher.FindAll())
    {
        if (collection.Count == 1)
        {
            return collection[0];
        }
    }
}
...

Answer 1

The group membership data is not replicated to the global catalog. The query might work sometimes, if you happen to connect to the domain controller with the actual membership data. On other machines, you probably connect to other domain controllers, of different domains, where the information is not available.

You might want to connect to a domain controller in the actual domain, not to the global catalog.

与DirectorySearcher

1 个答案: