活动目录跨域 - 使用PrincipalContext组成员 [英] Active directory cross domain - group members using PrincipalContext

问题描述

我想用DirectoryServices.AccouneManagement名字空间类在C＃中获取给定的Active Directory组的成员。

如果我有我的主体上下文对象的构造函数指定一个特定的域，然后每当我从它是我遇到下面的错误其他域的组访问该成员： 转介是从服务器返回。

情况是：我在根域不同的子域 例如：emea.mycorp.com，asia.mycorp.com，asiapacific.mycorp.com，xyz.mycorp.com

如果我运行从域xyz.mycorp.com以下code，一组在亚太如果我在校长上下文对象指定的服务器名，我可以访问组。

 私人PrincipalContext背景=
    新PrincipalContext（ContextType.Domain，亚太域服务器名）;
 

如果我的团队有来自其他领域一样EMEA \ ABCD的用户，下面的code未能在UserPrincipal：

  GroupPrincipal SearchGroup = GroupPrincipal.FindByIdentity（背景下，开发团队）;
    组名=新的名单，其中，串＆GT;（）;
    的foreach（在SearchGroup.GetMembers UserPrincipalρ（））
    {
        GroupName.Add（p.SamAccountName ++ p.DistinguishedName ++ p.Name）;
    }
 

那么，有没有办法，我可以通过上下文根域，从而使code将致力于用户所属域无关的方式。我想下面并没有它的运气：

 私人PrincipalContext背景=
    新PrincipalContext（ContextType.Domainmycorp.com）;
 

或

 私人PrincipalContext背景=
    新PrincipalContext（ContextType.Domain，DC = MyCorp的，DC = COM）;
 

解决方案

试试这个：

 新PrincipalContext（ContextType.Domain，xyz.mycorp.com:3268，DC = MyCorp的，DC = COM）;
 

这将使用全局编录服务在您的本地域控制器上创建的PrincipalContext（当然，这是假定你的本地DC是一个GC以及）。这将使整个森林的搜索。

I am trying to fetch the members of a given active directory group by using DirectoryServices.AccouneManagement namespaces classes in c#.

If I have my principal context object constructor specified for a specific domain, then whenever I access the member from the the group which is from the other domains I am running into the below error: "A referral was returned from the server".

Scenario is : I have different sub domains under root domain Eg: emea.mycorp.com, asia.mycorp.com, asiapacific.mycorp.com, xyz.mycorp.com

If i am running the below code from the domain xyz.mycorp.com, for a group in asiapacific If I specify the servername in the principal context object I could access the group.

private PrincipalContext context = 
    new PrincipalContext(ContextType.Domain, "asiapacific domain server name");

If my group has the users from other domains like emea\abcd, the below code fails at UserPrincipal:

GroupPrincipal SearchGroup = GroupPrincipal.FindByIdentity(context, "Dev Team"); 
    GroupName = new List<string>();
    foreach (UserPrincipal p in SearchGroup.GetMembers())      
    {        
        GroupName.Add(p.SamAccountName + " " + p.DistinguishedName + " " + p.Name);  
    }

So, Is there a way that I can pass the context for the root domain, so that the code will work irrespective of the domain to which the user belongs to. I tried below and with none of it with luck:

private PrincipalContext context = 
    new PrincipalContext(ContextType.Domain, "mycorp.com");

or

private PrincipalContext context = 
    new PrincipalContext(ContextType.Domain, "DC=mycorp,DC=com");

解决方案

Try this:

new PrincipalContext(ContextType.Domain, "xyz.mycorp.com:3268", "DC=mycorp,DC=com");

This will create the PrincipalContext using the global catalog service on your local domain controller (of course, this assumes that your local DC is a GC as well). This will allow searches of the entire forest.

这篇关于活动目录跨域 - 使用PrincipalContext组成员的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！