System.DirectoryServices.AccountManagement functions fail to probe some machines (but not others)
Both the working and failing targets are machines in the same domain. Code is down below. When I use it against some machines in my domain, I get a System.DirectoryServices.AccountManagement.PrincipalOperationException with a message: "While trying to retrieve the authorization groups, an开发者_JAVA技巧 error (1332) occurred." The error is thrown by GetAuthorizationGroups().
Note: The username I use to connect is a local admin to the machine in both cases.
PrincipalContext ctx = new PrincipalContext(ContextType.Machine, machineName, domainname + "\\" + adminusername, pass);
List<Principal> retList = new List<Principal>();
using (var user = UserPrincipal.FindByIdentity(ctx, probedusername))
{
if (user != null)
{
PrincipalSearchResult<Principal> groups = user.GetAuthorizationGroups();
foreach (Principal group in groups)
{
retList.Add(group);
}
}
}
I don't know if you are still having issues with this... I was having an almost identical issue and we couldn't figure it out either for the longest time. Finally we removed the username/password from the PrincipalContext instantiation and it worked on all machines... really weird but it made us happy.
Without a username/password it runs under the current account, and in general all authenticated users can read the group information off of a remote machine on the same domain (at least in our domain). With the username/password specified we would get REALLY weird results where sometimes only domain groups would come back, sometimes no groups at all, sometimes access denied messages... Anyways this worked for us.
精彩评论