GetAuthorizationGroups()引发异常 [英] GetAuthorizationGroups() is throwing exception
问题描述
PrincipalContext context = new PrincipalContext(ContextType.Domain, "ipofmachine", "DC=xyz,DC=org", "username", "Password");
UserPrincipal userPrinciple = UserPrincipal.FindByIdentity(context, "User0");
var groups = userPrinciple.GetAuthorizationGroups();
if (userPrinciple != null)
{
foreach (GroupPrincipal gp in groups)
{
//some thing
}
}
我需要授予任何许可吗?在一些博客中,我了解到,如果没有用户设置为包含SID历史记录,则可以正常工作(但我认为您无法编辑组的sid值)
Is there any permission that I need to give? In some of the blogs I learned that if there are no users which are set to include the SID history then this will work fine (but i think you can not edit the sid values of the groups)
推荐答案
我发现将域用户添加到本地组时出现问题,但是后来将该域用户从Active Directory中删除了。该本地组的状态是使用SID代替域用户名显示为成员。
I've found there's an issue when you add a domain user to a local group, but later that domain user is deleted out of Active Directory. The state of that local group is that instead of a domain username showing up as a member, the SID is used instead.
BUT!
该Active Directory中不再存在该SID,导致事情发展。
That SID doesn't exist in Active Directory anymore causing things to go boom.
当然,NoMatchingPrincipalException可能有许多其他原因弹出,因此此代码为此提供了一种解决方法。它来自MSDN上的精彩文章。下面的代码是在此处找到的修改后的版本:
Of course there could be many other reasons for an NoMatchingPrincipalException to pop up, so this code provides a workaround for that. It comes from a terrific post on MSDN. The code below is a modified version found here:
public static IEnumerable<Principal> getAuthorizationGroups(UserPrincipal user)
{
PrincipalSearchResult<Principal> groups = user.GetAuthorizationGroups();
List<Principal> ret = new List<Principal>();
var iterGroup = groups.GetEnumerator();
using (iterGroup)
{
while (iterGroup.MoveNext())
{
try
{
Principal p = iterGroup.Current;
Console.WriteLine(p.Name);
ret.Add(p);
}
catch (NoMatchingPrincipalException pex)
{
continue;
}
}
}
return ret;
}
这篇关于GetAuthorizationGroups()引发异常的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!