I have a .NET 3.5 web application that uses the System.DirectoryServices.AccountManagement classes. When I search for some users, I get a PrincipalOperationException: the referral was returned from the server. If I did this in the old school with my own LDAP code, I could allow the pursuit of referrals. Do I need to rewrite the code?
My code is as follows:
using (var principalContext = new PrincipalContext(ContextType.Domain, null, adPath)) { // Find the principal object for which you wish to enumerate group // membership. using (var userPrincipal = UserPrincipal.FindByIdentity(principalContext, identity)) { if (userPrincipal != null) { Name = userPrincipal.DisplayName; DistinguishedName = userPrincipal.DistinguishedName; EmailAddress = userPrincipal.EmailAddress; Sid = userPrincipal.Sid.Value; } } }
My adPath can be one of two values. One of the values is the domain that was recently joined, and can be accessed using various tools. I believe this is a problem with the way this .NET library calls LDAP calls.
, .
Microsoft, , - , . RODC ", LDAP, chase LDAP- RODC, , RODC. , .".
, , LDAP Microsoft , ADSI. .
:
/* Retreiving a principal context */ PrincipalContext domainContext = new PrincipalContext(ContextType.Domain, "YourGCServer:3268", "dc=dom,dc=fr", "User", "Password");
. , .
( ):
var principalContext = new PrincipalContext(ContextType.Domain, "office.local", "OU=Users, DC=office, DC=local" ))
, adPath .
adPath