从 .net 4 更新到 4.5 后 System.DirectoryServices.AccountManagement.FindAll 的问题

【问题标题】:Issues with System.DirectoryServices.AccountManagement.FindAll after update from .net 4 to 4.5从 .net 4 更新到 4.5 后 System.DirectoryServices.AccountManagement.FindAll 的问题
【发布时间】:2013-10-08 12:58:42
【问题描述】:

我们已将 IIS(比如说 myIIS.xx1.mydomain.com)从 .NET 4 更新到 4.5 更新后,我们无法从我们的某个域(比如说 xx3.mydomain.com)获取用户。从其他人(比如说 xx1.mydomain.com、xx2.mydomain.com、xx5.mydomain.com)我们仍然可以得到用户。 但它适用于 .NET 4 上的所有域

我们已经习惯了跟随代码来测试它

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.DirectoryServices.AccountManagement;
using System.DirectoryServices;
using System.Security.Principal;

namespace ADTestApp
{
    class Program
    {
        static void Main(string[] args)
        {
            bool exit = false;
            do {
                Console.WriteLine(".NET Version: " + (IsNet45OrNewer() ? "4.5" : "4"));
                Console.WriteLine("enter search query");
                string searchQuery = Console.ReadLine();
                Console.WriteLine("querying global catalog...");
                string adServer = "mydomain.com:3268";
                string adContainer = "DC=mydomain,DC=com";
                string serviceAccountUserName = "xx5\\myusername";
                string serviceAccountPW = "mypassword";
                List<string> users = new List<string>();
                PrincipalContext principalContext = new PrincipalContext(
                                                        ContextType.Domain,
                                                        adServer,
                                                        adContainer,
                                                        serviceAccountUserName,
                                                        serviceAccountPW);
                CustomUserPrincipal user = new CustomUserPrincipal(principalContext) { EmailAddress = searchQuery, Enabled = true };
                PrincipalSearcher searcher = new PrincipalSearcher() { QueryFilter = user };

                foreach (UserPrincipal p in searcher.FindAll())
                {
                    try
                    {
                        if (p.EmailAddress != null && p.Surname != null && p.GivenName != null)
                        {
                            users.Add(p.Surname + ", " + p.GivenName + " " + p.MiddleName + " - " + p.EmailAddress);
                        }
                    }
                    catch (Exception ex)
                    {
                        Console.WriteLine(ex);
                    }
                }

                if (users.Count > 0)
                {
                    Console.WriteLine("Results:");
                    foreach (string usr in users)
                    {
                        Console.WriteLine(usr);
                    }
                }
                else
                {
                    Console.WriteLine("no results found");
                }
            } 
            while(exit == false);
        }

        public static bool IsNet45OrNewer()
        {
            // Class "ReflectionContext" exists from .NET 4.5 onwards.
            return Type.GetType("System.Reflection.ReflectionContext", false) != null;
        }
    }
}

“xx3.mydomain.com”(不再工作的那个)抛出以下异常:

在 System.DirectoryServices.AccountManagement.UserPrincipal.get_EmailAddress()

对我来说,这似乎是一个访问问题。但是,如果客户端上安装了 .NET 4,我仍然可以访问该域。我已经在多个域中的多个客户端和服务器上对其进行了测试,但在所有使用 .NET 4.5 的客户端上,此特定域不起作用。

非常感谢您的帮助。提前感谢您的任何反馈和建议。

【问题讨论】:

    标签: c# .net active-directory account-management


    【解决方案1】:

    我们无法找出为什么这不适用于此特定域。我们认为这与那里的 AD 设置有关。我们已经通过以下方式解决了这个问题:

    namespace ADTestApp
{
    class Program
    {
        static void Main(string[] args)
        {
            bool exit = false;
            do {
                Console.WriteLine(".NET Version: " + (IsNet45OrNewer() ? "4.5" : "4"));
                Console.WriteLine("enter search query");
                string searchQuery = Console.ReadLine();
                List<AdUser> adusers = Ldap1(searchQuery);
                foreach (AdUser adUser in adusers)
                {
                    Console.WriteLine(adUser.Mail + " : " + adUser.Surname + ", " + adUser.GivenName + " (" + adUser.MiddleName + ") : " + adUser.Phone + " : " + adUser.Description + " : " + adUser.Department);
                }
            } 
            while(exit == false);
        }

        public static bool IsNet45OrNewer()
        {
            // Class "ReflectionContext" exists from .NET 4.5 onwards.
            return Type.GetType("System.Reflection.ReflectionContext", false) != null;
        }

        public static List<AdUser> Ldap1(string ldapSearch)
        {
            // configuration settings!!
            var ldapServer = "GC://mydomain.com";
            //anr = ambigous name resolution, will search for firstname, lastname, email and combination of it
            //userAccountControl:1.2.840.113556.1.4.803:=2 = only use enabled users
            string ldapFilter = (string.Format("(&(anr={0})(!userAccountControl:1.2.840.113556.1.4.803:=2))", ldapSearch));
            //string ldapAttributes = "cn,department,sn,givenName,surname,middlename,description,telephoneNumber,mail,distinguishedName,userPrincipalName,sAMAccountName,lastLogonTimestamp";

            PropertyInfo[] classProperties = typeof(AdUser).GetProperties(BindingFlags.Public);

            // return a list of users (might be an empty list)
            List<AdUser> dt = new List<AdUser>();

            // initiate searcher
            DirectoryEntry de = new DirectoryEntry(ldapServer);
            DirectorySearcher deSearch = new DirectorySearcher(de);
            try
            {
                // adjust search attributes
                deSearch.Filter = ldapFilter;
                deSearch.SearchScope = SearchScope.Subtree;
                deSearch.SizeLimit = 100;
                deSearch.ServerTimeLimit = new TimeSpan(30);

                // define attributes to be returned by a search
                foreach (PropertyInfo s in classProperties)
                {
                    deSearch.PropertiesToLoad.Add(s.Name.ToLower());
                }
                // do search
                SearchResultCollection results = deSearch.FindAll();
                // analyze data
                foreach (SearchResult result in results)
                {
                    var u = new AdUser();
                    var p = result.Properties;
                    if (p.PropertyNames != null)
                    {
                        foreach (string key in p.PropertyNames)
                        {
                            foreach (var values in p[key])
                            {
                                switch (key.ToLower())
                                {
                                    case "adspath": // always returned
                                        u.AdsPath = values.ToString();
                                        break;
                                    case "cn":
                                        u.CN = values.ToString();
                                        break;
                                    case "sn":
                                        u.Surname = values.ToString();
                                        u.SN = values.ToString();
                                        break;
                                    case "givenname":
                                        u.GivenName = values.ToString();
                                        break;
                                    case "surname":
                                        u.Surname = values.ToString();
                                        break;
                                    case "middlename":
                                        u.MiddleName = values.ToString();
                                        break;
                                    case "department":
                                        u.Department = values.ToString();
                                        break;
                                    case "description":
                                        u.Description = values.ToString();
                                        break;
                                    case "mail":
                                        u.Mail = values.ToString();
                                        break;
                                    case "distinguishedname":
                                        u.DistinguishedName = values.ToString();
                                        int idx = u.DistinguishedName.IndexOf("DC=");
                                        string x = u.DistinguishedName.Substring(idx + 3);
                                        idx = x.IndexOf(",");
                                        u.Domain = (idx > 0) ? x.Substring(0, idx) : x;
                                        break;
                                    case "telephonenumber":
                                        u.Phone = values.ToString();
                                        break;
                                    case "userprincipalname":
                                        u.UserPrincipalName = values.ToString();
                                        break;
                                    case "samaccountname":
                                        u.Account = values.ToString();
                                        break;
                                    default:
                                        // log entry??
                                        break;
                                } // end switch
                            } // foreach values
                        } // foreach key
                    }
                    dt.Add(u);
                }
                de.Close();
            }
            catch (Exception ex) { throw ex; }
            finally
            {
                deSearch.Dispose();
                de.Dispose();
            }
            return dt;
        }
    }
    public class AdUser
    {
        public string AdsPath { get; set; }
        public string CN { get; set; }
        public string GivenName { get; set; }
        public string Surname { get; set; }
        public string MiddleName { get; set; }
        public string Description { get; set; }
        public string SN { get; set; }
        public string DN { get; set; }
        public string Mail { get; set; }
        public string Phone { get; set; }
        public string Department { get; set; }
        public string DistinguishedName { get; set; }
        public string UserPrincipalName { get; set; }
        public string Account { get; set; }
        public string Domain { get; set; }
    }
}

    【讨论】:

      猜你喜欢
      • 1970-01-01
      • 1970-01-01
      • 2023-03-13
      • 2013-04-18
      • 1970-01-01
      • 1970-01-01
      • 2013-02-19
      • 1970-01-01
      • 1970-01-01
      相关资源
      最近更新 更多
      热门标签
      Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode