如何检查计算机的域帐户是否无效(信任被破坏)? [英] How can I check whether the domain account of a computer got invalid (the trust is broken)?

问题描述

我必须识别 域帐户 不再有效的笔记本.

I must recognize notebooks whose domain accounts are no longer valid.

无效的域帐户可能由于几个问题而发生.大多数情况下，客户端从备份中恢复，然后域帐户不再有效

Invalid domain accounts may happen due to several problems. Mostly the client got restored from a backup and afterwards the domain account is not valid any more

在这种情况下，行为是:

Int this case the behavour is:

• 用户的登录通过缓存凭据
• 用户有权访问共享和服务器(NTLM)上的文件
• 通过Kerberos 无法访问

• The user's logon works through cached credentials
• The user has access to shares and files on the server (NTLM)
• Access via Kerberos does not work

是否有可能检查计算机帐户的有效性?

推荐答案

使用此代码我可以找到无效的计算机域帐户:

With this code I can find invalid computer domain accounts:

try
{
    string sMyComputer = "MyComputer"
    Domain computerDomain = Domain.GetComputerDomain(); // may! throw ActiveDirectoryObjectNotFoundException if computer account is invalid 
    string sComputerDomain = computerDomain.Name;
    NTAccount acc_machine = new NTAccount(sComputerDomain, sMyComputer + "$"); 
    SecurityIdentifier sid = (SecurityIdentifier)acc_machine.Translate(typeof(SecurityIdentifier)); // always throws an SystemException if computer account is invalid
}
catch    
{ 
   // something is wrong with the account    
}

• sMyComputer + "$" 是帐户名称在活动目录中的存储方式
• 我的经验是，第一个异常大多不会抛出，返回值是计算机曾经是工作计算机帐户的域的正确名称
• 如果 computeraccount 现在无效，则始终抛出第二个异常 (SystemException).错误代码是 80004005.(我原以为会有 IdentityNotMappedException)


更正代码中的错误


corrected error in code

这篇关于如何检查计算机的域帐户是否无效(信任被破坏)?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！