4

你好,

我在运行此代码的 IIS 中有一个托管服务:

DirectoryEntry objADAM = default(DirectoryEntry);
            // Binding object. 
            DirectoryEntry objGroupEntry = default(DirectoryEntry);
            // Group Results. 
            DirectorySearcher objSearchADAM = default(DirectorySearcher);
            // Search object. 
            SearchResultCollection objSearchResults = default(SearchResultCollection);
            // Binding path. 
            ActiveDirectory result = new ActiveDirectory();
            ActiveDirectoryItem treeNode;

            // Get the AD LDS object. 
            try
            {
                if (pathToAD.Length > 0)
                    objADAM = new DirectoryEntry(pathToAD);
                else
                    objADAM = new DirectoryEntry();
                objADAM.RefreshCache();
            }
            catch (Exception e)
            {
                throw e;
            }

            // Get search object, specify filter and scope, 
            // perform search. 
            try
            {
                objSearchADAM = new DirectorySearcher(objADAM);
                objSearchADAM.Filter = "(&(objectClass=group))";
                objSearchADAM.SearchScope = SearchScope.Subtree;
                objSearchResults = objSearchADAM.FindAll();
            }
            catch (Exception e)
            {
                throw e;
            }

            // Enumerate groups 
            try
            {
                if (objSearchResults.Count != 0)
                {
                    //SearchResult objResult = default(SearchResult);
                    foreach (SearchResult objResult in objSearchResults)
                    {
                        objGroupEntry = objResult.GetDirectoryEntry();
                        result.ActiveDirectoryTree.Add(new ActiveDirectoryItem() { Id = objGroupEntry.Guid, ParentId = objGroupEntry.Parent.Guid, AccountName = objGroupEntry.Name, Type = ActiveDirectoryType.Group, PickableNode = false });

                        foreach (object child in objGroupEntry.Properties["member"])
                        {
                            treeNode = new ActiveDirectoryItem();
                            var path = "LDAP://" + child.ToString().Replace("/", "\\/");
                            using (var memberEntry = new DirectoryEntry(path))
                            {

                                if (memberEntry.SchemaEntry.Name.CompareTo("group") != 0 && memberEntry.Properties.Contains("sAMAccountName") && memberEntry.Properties.Contains("objectSid"))
                                {
                                    treeNode.Id = Guid.NewGuid();
                                    treeNode.ParentId = objGroupEntry.Guid;
                                    treeNode.AccountName = memberEntry.Properties["sAMAccountName"][0].ToString();
                                    treeNode.Type = ActiveDirectoryType.User;
                                    treeNode.PickableNode = true;
                                    treeNode.FullName = memberEntry.Properties["Name"][0].ToString();

                                    byte[] sidBytes = (byte[])memberEntry.Properties["objectSid"][0];
                                    treeNode.ObjectSid = new System.Security.Principal.SecurityIdentifier(sidBytes, 0).ToString();

                                    result.ActiveDirectoryTree.Add(treeNode);
                                }
                            }
                        }
                    }
                }
                else
                {
                    throw new Exception("No groups found");
                }
            }
            catch (Exception e)
            {
                throw new Exception(e.Message);
            }

            return result;

这在我的开发环境中运行良好,但在客户中我们得到了这个异常:

指定的目录服务属性或值不存在

我想这可能与 Active Directory 的权限有关?

什么帐户需要 ActiveDirectory 以及需要什么级别的权限?

4

1 回答 1

0

运行线程的帐户需要对 AD 具有读取权限。所有域帐户都具有此权限。

长话短说,验证 的值HttpContext.Current.User.Identity.Name是域帐户。

如果 Web 应用程序配置为具有匿名访问权限,那么很可能不会。

于 2012-05-05T06:54:51.277 回答