c#-4.0之GroupPrincipal 抛出 "System.Runtime.InteropServices.COMException (0x8007200A): The specified directory service attribute or value does not exist."

itcoder 阅读:19 2024-11-01 17:39:52 评论:0

我正在使用 System.DirectoryServices.AccountManagement查询用户,然后查找该用户的组。

var _principalContext = new PrincipalContext(ContextType.Domain, domainAddress, adContainer, adQueryAccount, adQueryAccountPassword); 
var user = UserPrincipal.FindByIdentity(_principalContext, IdentityType.SamAccountName, account); 
var userGroups = user.GetGroups();  
 
foreach (var group in userGroups.Cast<GroupPrincipal>()) 
{ 
    ////////////////////////////////////////////////////// 
    // getting the underlying DirectoryEntry shown 
    // to demonstrate that I can retrieve the underlying 
    // properties without the exception being thrown 
    DirectoryEntry directoryEntry = group.GetUnderlyingObject() as DirectoryEntry; 
 
    var displayName = directoryEntry.Properties["displayName"]; 
 
    if (displayName != null && displayName.Value != null) 
        Console.WriteLine(displayName.Value); 
    ////////////////////////////////////////////////////// 
 
    Console.WriteLine(group.DisplayName);// exception thrown here... 
} 

我可以抢底层 DirectoryEntry对象并转储其属性和值,但一旦 GroupPrincipal.DisplayName属性(或任何与此相关的属性)被访问,它会抛出以下异常:

"System.Runtime.InteropServices.COMException (0x8007200A): The specified directory service attribute or value does not exist.\r\n\r\n at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)\r\n at System.DirectoryServices.DirectoryEntry.Bind()\r\n at System.DirectoryServices.DirectoryEntry.get_SchemaEntry()\r\n at System.DirectoryServices.AccountManagement.ADStoreCtx.IsContainer(DirectoryEntry de)\r\n at System.DirectoryServices.AccountManagement.ADStoreCtx..ctor(DirectoryEntry ctxBase, Boolean ownCtxBase, String username, String password, ContextOptions options)\r\n at System.DirectoryServices.AccountManagement.PrincipalContext.CreateContextFromDirectoryEntry(DirectoryEntry entry)\r\n at System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInitNoContainer()\r\n at System.DirectoryServices.AccountManagement.PrincipalContext.DoDomainInit()\r\n at System.DirectoryServices.AccountManagement.PrincipalContext.Initialize()\r\n at System.DirectoryServices.Account Management.PrincipalContext.get_QueryCtx()\r\n at System.DirectoryServices.AccountManagement.Principal.HandleGet[T](T& currentValue, String name, LoadState& state)\r\n at System.DirectoryServices.AccountManagement.Principal.get_DisplayName()\r\n at ConsoleApplication9.Program.Main(String[] args)"



为什么我能够转储底层 DirectoryEntry 的原始属性但不能直接调用 GroupPrincipal 上的任何属性?什么会导致这个异常?请注意,这不会发生在“域用户”组上,而是发生在随后的组上,它确实......

请您参考如下方法:

我找到了解决方案。如果我将上下文传递给 GetGroups方法,它有效。

var user = UserPrincipal.FindByIdentity(_principalContext, IdentityType.SamAccountName, account); 
var userGroups = user.GetGroups(_principalContext); 

显然,这将检索到的组限制在与上下文关联的域中。虽然这并不直观,因为上下文首先用于检索用户!!!

这让我相信之前必须返回来自其他域的组,并且权限是为了防止访问该信息。


标签:C#
声明

1.本站遵循行业规范,任何转载的稿件都会明确标注作者和来源;2.本站的原创文章,请转载时务必注明文章作者和来源,不尊重原创的行为我们将追究责任;3.作者投稿可能会经我们编辑修改或补充。

关注我们

一个IT知识分享的公众号