c#-4.0之GroupPrincipal 抛出 "System.Runtime.InteropServices.COMException (0x8007200A): The specified directory service attribute or value does not exist."
我正在使用 System.DirectoryServices.AccountManagement
查询用户,然后查找该用户的组。
var _principalContext = new PrincipalContext(ContextType.Domain, domainAddress, adContainer, adQueryAccount, adQueryAccountPassword);
var user = UserPrincipal.FindByIdentity(_principalContext, IdentityType.SamAccountName, account);
var userGroups = user.GetGroups();
foreach (var group in userGroups.Cast<GroupPrincipal>())
{
//////////////////////////////////////////////////////
// getting the underlying DirectoryEntry shown
// to demonstrate that I can retrieve the underlying
// properties without the exception being thrown
DirectoryEntry directoryEntry = group.GetUnderlyingObject() as DirectoryEntry;
var displayName = directoryEntry.Properties["displayName"];
if (displayName != null && displayName.Value != null)
Console.WriteLine(displayName.Value);
//////////////////////////////////////////////////////
Console.WriteLine(group.DisplayName);// exception thrown here...
}
我可以抢底层
DirectoryEntry
对象并转储其属性和值,但一旦
GroupPrincipal.DisplayName
属性(或任何与此相关的属性)被访问,它会抛出以下异常:
"System.Runtime.InteropServices.COMException (0x8007200A): The specified directory service attribute or value does not exist.\r\n\r\n at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)\r\n at System.DirectoryServices.DirectoryEntry.Bind()\r\n at System.DirectoryServices.DirectoryEntry.get_SchemaEntry()\r\n at System.DirectoryServices.AccountManagement.ADStoreCtx.IsContainer(DirectoryEntry de)\r\n at System.DirectoryServices.AccountManagement.ADStoreCtx..ctor(DirectoryEntry ctxBase, Boolean ownCtxBase, String username, String password, ContextOptions options)\r\n at System.DirectoryServices.AccountManagement.PrincipalContext.CreateContextFromDirectoryEntry(DirectoryEntry entry)\r\n at System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInitNoContainer()\r\n at System.DirectoryServices.AccountManagement.PrincipalContext.DoDomainInit()\r\n at System.DirectoryServices.AccountManagement.PrincipalContext.Initialize()\r\n at System.DirectoryServices.Account Management.PrincipalContext.get_QueryCtx()\r\n at System.DirectoryServices.AccountManagement.Principal.HandleGet[T](T& currentValue, String name, LoadState& state)\r\n at System.DirectoryServices.AccountManagement.Principal.get_DisplayName()\r\n at ConsoleApplication9.Program.Main(String[] args)"
为什么我能够转储底层
DirectoryEntry
的原始属性但不能直接调用
GroupPrincipal
上的任何属性?什么会导致这个异常?请注意,这不会发生在“域用户”组上,而是发生在随后的组上,它确实......
请您参考如下方法:
我找到了解决方案。如果我将上下文传递给 GetGroups
方法,它有效。
var user = UserPrincipal.FindByIdentity(_principalContext, IdentityType.SamAccountName, account);
var userGroups = user.GetGroups(_principalContext);
显然,这将检索到的组限制在与上下文关联的域中。虽然这并不直观,因为上下文首先用于检索用户!!!
这让我相信之前必须返回来自其他域的组,并且权限是为了防止访问该信息。
1.本站遵循行业规范,任何转载的稿件都会明确标注作者和来源;2.本站的原创文章,请转载时务必注明文章作者和来源,不尊重原创的行为我们将追究责任;3.作者投稿可能会经我们编辑修改或补充。