0

我有以下代码:

        DirectoryEntry directoryEntry = default(DirectoryEntry);
        // Binding object. 
        DirectoryEntry objGroupEntry = default(DirectoryEntry);
        // Group Results. 
        DirectorySearcher objSearchADAM = default(DirectorySearcher);
        // Search object. 
        SearchResultCollection objSearchResults = default(SearchResultCollection);
        // Binding path. 
        ActiveDirectory result = new ActiveDirectory();
        ActiveDirectoryItem treeNode;

    string adServer = ADTestProject.Properties.Settings.Default.Server;
    string adDomain = ADTestProject.Properties.Settings.Default.Domain;
    string adUsername = ADTestProject.Properties.Settings.Default.AdiminUsername;
    string password = ADTestProject.Properties.Settings.Default.Password;

    string[] dc = adDomain.Split('.');

    string dcAdDomain = string.Empty;

    foreach (string item in dc)
    {
        if (dc[dc.Length - 1].Equals(item))
            dcAdDomain = dcAdDomain + "DC=" + item;
        else
            dcAdDomain = dcAdDomain + "DC=" + item + ",";
    }

    // Get the AD LDS object. 

        if (pathToAD.Length > 0)
            directoryEntry = new DirectoryEntry("LDAP://" + adServer + "/CN=Users," + dcAdDomain, adUsername, password);
        else
            directoryEntry = new DirectoryEntry();

        DirectorySearcher ds = new DirectorySearcher(directoryEntry);
        ds.SearchScope = SearchScope.Subtree;
        ds.Filter = "(&(objectClass=group))";

        objSearchResults = ds.FindAll();

然后这个:

if (objSearchResults.Count != 0)
{
    foreach (SearchResult objResult in objSearchResults)
    {
        objGroupEntry = objResult.GetDirectoryEntry();
        result.ActiveDirectoryTree.Add(new ActiveDirectoryItem() 
        { Id = objGroupEntry.Guid, 
            ParentId = objGroupEntry.Parent.Guid, 
            AccountName = objGroupEntry.Name, 
            Type = ActiveDirectoryType.Group, 
            PickableNode = false 
        });

        foreach (object child in objGroupEntry.Properties["member"])
        {
            treeNode = new ActiveDirectoryItem();
            var path = child.ToString().Replace;
            using (var memberEntry = new DirectoryEntry(path))
            {

                if (memberEntry.Username != null && memberEntry.SchemaEntry.Name.CompareTo("group") != 0 
                    && memberEntry.Properties.Contains("sAMAccountName") && memberEntry.Properties.Contains("objectSid"))
                {
                    treeNode.Id = Guid.NewGuid();
                    treeNode.ParentId = objGroupEntry.Guid;
                    treeNode.AccountName = memberEntry.Properties["sAMAccountName"][0].ToString();
                    treeNode.Type = ActiveDirectoryType.User;
                    treeNode.PickableNode = true;
                    treeNode.FullName = memberEntry.Properties["Name"][0].ToString();

                    byte[] sidBytes = (byte[])memberEntry.Properties["objectSid"][0];
                    treeNode.ObjectSid = new System.Security.Principal.SecurityIdentifier(sidBytes, 0).ToString();

                    result.ActiveDirectoryTree.Add(treeNode);
                }
            }
        }
    }
}

Child.ToString 可能如下所示:

CN=S-1-5-18,CN=ForeignSecurityPrincipals,DC=MyDomain,DC=local

问题是 memberEntry 的属性有很多异常吗?为什么?

例外是:

“memberEntry.Name”引发了“System.Runtime.InteropServices.COMException”字符串 {System.Runtime.InteropServices.COMException} 类型的异常 - 未指定的错误 -2147467259

堆栈跟踪:在 System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
在 System.DirectoryServices.DirectoryEntry.Bind() 在 System.DirectoryServices.DirectoryEntry.get_Name()

4

2 回答 2

4

在与 OP 交谈后,我们确定问题出在path正在使用的变量中,DirectoryEntry并且在 OP 的环境中需要显式身份验证。

相关的变化是:

using (var memberEntry = new DirectoryEntry(path))

using (var memberEntry = new DirectoryEntry("LDAP://" + adServer + "/" + path, adUsername, password))

详情:完整成绩单

于 2012-06-12T12:25:58.357 回答
0

这可能是从 AD 获取用户列表的副本

但是,尽管如此,有一篇文章描述了CodeProject 上关于 AD 的许多有用查询:Querying MS AD using dot Net

于 2012-06-12T10:17:47.187 回答