Active Directory中，列举了用户群体，COM异常 [英] Active Directory, enumerating user's groups, COM exception

问题描述

同时，通过AD .NET API枚举当前用户的群体我有时会收到

while enumerating current user's groups through AD .NET API I sometimes get

COMException: Unknown error (0x80005000)

下面是我的code：

        var userName = Environment.UserName;

        var context = new PrincipalContext(ContextType.Domain);
        var user = UserPrincipal.FindByIdentity(context, userName);

        foreach (var userGroup in user.GetGroups())
        {
            Console.WriteLine(userGroup.Name);
        }

这是什么问题？我想每一个用户都可以检索他的组列表这似乎是奇怪的行为，有时它可以复制这样的：在用户A的PC上运行时，它会崩溃，但它成功地列举其他用户B组（在'用户A'）！

What's the problem? I thought every user can retrieve list of HIS groups?It seems to be strange behavior, sometimes It can be reproduced like this : when running on 'userA' PC, It crashes, but it is enumerating OTHER 'userB' groups successfully (under 'userA')!

推荐答案

尝试使用

var context = new PrincipalContext(ContextType.Domain, "yourcompany.com", "DC=yourcompany,DC=com", ContextOptions.Negotiate);

使用的ContextOption设为Negotioate客户端通过使用Kerberos或NTLM所以即使不设置的用户名和密码的帐户管理的API通过使用调用线程的安全上下文绑定到对象进行验证。

With the ContextOption set to Negotioate the client is authenticated by using either Kerberos or NTLM so even if the user name and password are not provided the account management API binds to the object by using the security context of the calling thread.

这篇关于Active Directory中，列举了用户群体，COM异常的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！