问题描述
PrincipalContext context = new PrincipalContext(ContextType.Domain, "ipofmachine", "DC=xyz,DC=org", "username", "Password"); UserPrincipal userPrinciple = UserPrincipal.FindByIdentity(context, "User0"); var groups = userPrinciple.GetAuthorizationGroups(); if (userPrinciple != null) { foreach (GroupPrincipal gp in groups) { //some thing } }
我需要给予任何许可吗?在一些博客中,我了解到如果没有设置为包含 SID 历史记录的用户,那么这将正常工作(但我认为您无法编辑组的 sid 值)
Is there any permission that I need to give? In some of the blogs I learned that if there are no users which are set to include the SID history then this will work fine (but i think you can not edit the sid values of the groups)
推荐答案
我发现将域用户添加到本地组时存在问题,但后来该域用户从 Active Directory 中删除.该本地组的状态是使用 SID 而不是显示为成员的域用户名.
I've found there's an issue when you add a domain user to a local group, but later that domain user is deleted out of Active Directory. The state of that local group is that instead of a domain username showing up as a member, the SID is used instead.
但是!
该 SID 不再存在于 Active Directory 中,这导致事情变得繁荣起来.
That SID doesn't exist in Active Directory anymore causing things to go boom.
当然,弹出 NoMatchingPrincipalException 的原因可能有很多,因此此代码提供了一种解决方法.它来自 MSDN 上的一篇很棒的帖子.下面的代码是在这里找到的修改版本:
Of course there could be many other reasons for an NoMatchingPrincipalException to pop up, so this code provides a workaround for that. It comes from a terrific post on MSDN. The code below is a modified version found here:
http://social.msdn.microsoft.com/Forums/vstudio/en-US/9dd81553-3539-4281-addd-3eb75e6e4d5d/getauthorizationgroups-fails-with-nomatchingprincipalexception
public static IEnumerable<Principal> getAuthorizationGroups(UserPrincipal user) { PrincipalSearchResult<Principal> groups = user.GetAuthorizationGroups(); List<Principal> ret = new List<Principal>(); var iterGroup = groups.GetEnumerator(); using (iterGroup) { while (iterGroup.MoveNext()) { try { Principal p = iterGroup.Current; Console.WriteLine(p.Name); ret.Add(p); } catch (NoMatchingPrincipalException pex) { continue; } } } return ret; }