0

我们已将 IIS(比如说 myIIS.xx1.mydomain.com)从 .NET 4 更新到 4.5 更新后,我们无法从我们的某个域(比如说 xx3.mydomain.com)获取用户。从其他人(比如说 xx1.mydomain.com、xx2.mydomain.com、xx5.mydomain.com)我们仍然可以得到用户。但它适用于 .NET 4 上的所有域

我们习惯于跟随代码来测试它

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.DirectoryServices.AccountManagement;
using System.DirectoryServices;
using System.Security.Principal;

namespace ADTestApp
{
    class Program
    {
        static void Main(string[] args)
        {
            bool exit = false;
            do {
                Console.WriteLine(".NET Version: " + (IsNet45OrNewer() ? "4.5" : "4"));
                Console.WriteLine("enter search query");
                string searchQuery = Console.ReadLine();
                Console.WriteLine("querying global catalog...");
                string adServer = "mydomain.com:3268";
                string adContainer = "DC=mydomain,DC=com";
                string serviceAccountUserName = "xx5\\myusername";
                string serviceAccountPW = "mypassword";
                List<string> users = new List<string>();
                PrincipalContext principalContext = new PrincipalContext(
                                                        ContextType.Domain,
                                                        adServer,
                                                        adContainer,
                                                        serviceAccountUserName,
                                                        serviceAccountPW);
                CustomUserPrincipal user = new CustomUserPrincipal(principalContext) { EmailAddress = searchQuery, Enabled = true };
                PrincipalSearcher searcher = new PrincipalSearcher() { QueryFilter = user };

                foreach (UserPrincipal p in searcher.FindAll())
                {
                    try
                    {
                        if (p.EmailAddress != null && p.Surname != null && p.GivenName != null)
                        {
                            users.Add(p.Surname + ", " + p.GivenName + " " + p.MiddleName + " - " + p.EmailAddress);
                        }
                    }
                    catch (Exception ex)
                    {
                        Console.WriteLine(ex);
                    }
                }

                if (users.Count > 0)
                {
                    Console.WriteLine("Results:");
                    foreach (string usr in users)
                    {
                        Console.WriteLine(usr);
                    }
                }
                else
                {
                    Console.WriteLine("no results found");
                }
            } 
            while(exit == false);
        }

        public static bool IsNet45OrNewer()
        {
            // Class "ReflectionContext" exists from .NET 4.5 onwards.
            return Type.GetType("System.Reflection.ReflectionContext", false) != null;
        }
    }
}

'xx3.mydomain.com'(不再起作用的那个)抛出以下异常:

在 System.DirectoryServices.AccountManagement.UserPrincipal.get_EmailAddress()

对我来说,这似乎是一个访问问题。但是如果客户端上安装了 .NET 4,我仍然可以访问该域。我已经在多个域中的多个客户端和服务器上对其进行了测试,但是在所有使用 .NET 4.5 的客户端上,这个特定域都不起作用。

高度赞赏帮助。提前感谢您的任何反馈和建议。

4

1 回答 1

1

我们无法找出为什么这不适用于此特定域。我们认为这与那里的 AD 设置有关。我们已经通过以下方式解决了这个问题:

namespace ADTestApp
{
    class Program
    {
        static void Main(string[] args)
        {
            bool exit = false;
            do {
                Console.WriteLine(".NET Version: " + (IsNet45OrNewer() ? "4.5" : "4"));
                Console.WriteLine("enter search query");
                string searchQuery = Console.ReadLine();
                List<AdUser> adusers = Ldap1(searchQuery);
                foreach (AdUser adUser in adusers)
                {
                    Console.WriteLine(adUser.Mail + " : " + adUser.Surname + ", " + adUser.GivenName + " (" + adUser.MiddleName + ") : " + adUser.Phone + " : " + adUser.Description + " : " + adUser.Department);
                }
            } 
            while(exit == false);
        }

        public static bool IsNet45OrNewer()
        {
            // Class "ReflectionContext" exists from .NET 4.5 onwards.
            return Type.GetType("System.Reflection.ReflectionContext", false) != null;
        }

        public static List<AdUser> Ldap1(string ldapSearch)
        {
            // configuration settings!!
            var ldapServer = "GC://mydomain.com";
            //anr = ambigous name resolution, will search for firstname, lastname, email and combination of it
            //userAccountControl:1.2.840.113556.1.4.803:=2 = only use enabled users
            string ldapFilter = (string.Format("(&(anr={0})(!userAccountControl:1.2.840.113556.1.4.803:=2))", ldapSearch));
            //string ldapAttributes = "cn,department,sn,givenName,surname,middlename,description,telephoneNumber,mail,distinguishedName,userPrincipalName,sAMAccountName,lastLogonTimestamp";

            PropertyInfo[] classProperties = typeof(AdUser).GetProperties(BindingFlags.Public);

            // return a list of users (might be an empty list)
            List<AdUser> dt = new List<AdUser>();

            // initiate searcher
            DirectoryEntry de = new DirectoryEntry(ldapServer);
            DirectorySearcher deSearch = new DirectorySearcher(de);
            try
            {
                // adjust search attributes
                deSearch.Filter = ldapFilter;
                deSearch.SearchScope = SearchScope.Subtree;
                deSearch.SizeLimit = 100;
                deSearch.ServerTimeLimit = new TimeSpan(30);

                // define attributes to be returned by a search
                foreach (PropertyInfo s in classProperties)
                {
                    deSearch.PropertiesToLoad.Add(s.Name.ToLower());
                }
                // do search
                SearchResultCollection results = deSearch.FindAll();
                // analyze data
                foreach (SearchResult result in results)
                {
                    var u = new AdUser();
                    var p = result.Properties;
                    if (p.PropertyNames != null)
                    {
                        foreach (string key in p.PropertyNames)
                        {
                            foreach (var values in p[key])
                            {
                                switch (key.ToLower())
                                {
                                    case "adspath": // always returned
                                        u.AdsPath = values.ToString();
                                        break;
                                    case "cn":
                                        u.CN = values.ToString();
                                        break;
                                    case "sn":
                                        u.Surname = values.ToString();
                                        u.SN = values.ToString();
                                        break;
                                    case "givenname":
                                        u.GivenName = values.ToString();
                                        break;
                                    case "surname":
                                        u.Surname = values.ToString();
                                        break;
                                    case "middlename":
                                        u.MiddleName = values.ToString();
                                        break;
                                    case "department":
                                        u.Department = values.ToString();
                                        break;
                                    case "description":
                                        u.Description = values.ToString();
                                        break;
                                    case "mail":
                                        u.Mail = values.ToString();
                                        break;
                                    case "distinguishedname":
                                        u.DistinguishedName = values.ToString();
                                        int idx = u.DistinguishedName.IndexOf("DC=");
                                        string x = u.DistinguishedName.Substring(idx + 3);
                                        idx = x.IndexOf(",");
                                        u.Domain = (idx > 0) ? x.Substring(0, idx) : x;
                                        break;
                                    case "telephonenumber":
                                        u.Phone = values.ToString();
                                        break;
                                    case "userprincipalname":
                                        u.UserPrincipalName = values.ToString();
                                        break;
                                    case "samaccountname":
                                        u.Account = values.ToString();
                                        break;
                                    default:
                                        // log entry??
                                        break;
                                } // end switch
                            } // foreach values
                        } // foreach key
                    }
                    dt.Add(u);
                }
                de.Close();
            }
            catch (Exception ex) { throw ex; }
            finally
            {
                deSearch.Dispose();
                de.Dispose();
            }
            return dt;
        }
    }
    public class AdUser
    {
        public string AdsPath { get; set; }
        public string CN { get; set; }
        public string GivenName { get; set; }
        public string Surname { get; set; }
        public string MiddleName { get; set; }
        public string Description { get; set; }
        public string SN { get; set; }
        public string DN { get; set; }
        public string Mail { get; set; }
        public string Phone { get; set; }
        public string Department { get; set; }
        public string DistinguishedName { get; set; }
        public string UserPrincipalName { get; set; }
        public string Account { get; set; }
        public string Domain { get; set; }
    }
}
于 2013-10-11T06:52:07.217 回答