System.DirectoryServices.AccountManagement.FindAll在從.net 4更新到4.5之後出現問題

Question

我們已將.NET 4（可以說myIIS.xx1.mydomain.com）從.NET 4更新到4.5 更新後，我們無法從我們的某個域獲取用戶（可以說是xx3.mydomain.com）。從其他人（讓我們說xx1.mydomain.com，xx2.mydomain.com，xx5.mydomain.com）我們仍然得到用戶。 但它的工作的所有域上的.NET 4

我們用下面的代碼來測試它

using System; 
using System.Collections.Generic; 
using System.Linq; 
using System.Text; 
using System.DirectoryServices.AccountManagement; 
using System.DirectoryServices; 
using System.Security.Principal; 

namespace ADTestApp 
{ 
    class Program 
    { 
     static void Main(string[] args) 
     { 
      bool exit = false; 
      do { 
       Console.WriteLine(".NET Version: " + (IsNet45OrNewer() ? "4.5" : "4")); 
       Console.WriteLine("enter search query"); 
       string searchQuery = Console.ReadLine(); 
       Console.WriteLine("querying global catalog..."); 
       string adServer = "mydomain.com:3268"; 
       string adContainer = "DC=mydomain,DC=com"; 
       string serviceAccountUserName = "xx5\\myusername"; 
       string serviceAccountPW = "mypassword"; 
       List<string> users = new List<string>(); 
       PrincipalContext principalContext = new PrincipalContext(
                 ContextType.Domain, 
                 adServer, 
                 adContainer, 
                 serviceAccountUserName, 
                 serviceAccountPW); 
       CustomUserPrincipal user = new CustomUserPrincipal(principalContext) { EmailAddress = searchQuery, Enabled = true }; 
       PrincipalSearcher searcher = new PrincipalSearcher() { QueryFilter = user }; 

       foreach (UserPrincipal p in searcher.FindAll()) 
       { 
        try 
        { 
         if (p.EmailAddress != null && p.Surname != null && p.GivenName != null) 
         { 
          users.Add(p.Surname + ", " + p.GivenName + " " + p.MiddleName + " - " + p.EmailAddress); 
         } 
        } 
        catch (Exception ex) 
        { 
         Console.WriteLine(ex); 
        } 
       } 

       if (users.Count > 0) 
       { 
        Console.WriteLine("Results:"); 
        foreach (string usr in users) 
        { 
         Console.WriteLine(usr); 
        } 
       } 
       else 
       { 
        Console.WriteLine("no results found"); 
       } 
      } 
      while(exit == false); 
     } 

     public static bool IsNet45OrNewer() 
     { 
      // Class "ReflectionContext" exists from .NET 4.5 onwards. 
      return Type.GetType("System.Reflection.ReflectionContext", false) != null; 
     } 
    } 
} 

的「xx3.mydomain.com」（一個不工作了）拋出以下異常：

在System.DirectoryServices.AccountManagement.UserPrincipal.get_EmailAddress（）

對於我來說，它看起來像就好像它是一個訪問問題。但是如果.NET 4安裝在客戶端上，我仍然可以訪問這個域。我已經在多個域中的多個客戶端和服務器上對它進行了測試，但在.NET 4.5的所有客戶端上，此特定域不起作用。

幫助受到高度讚賞。提前感謝任何反饋和建議。

Answer 1

我們無法找出爲什麼這不適用於這個特定的域。我們認爲它與那裏的AD設置有關。我們用以下方法解決了這個問題：

namespace ADTestApp 
{ 
    class Program 
    { 
     static void Main(string[] args) 
     { 
      bool exit = false; 
      do { 
       Console.WriteLine(".NET Version: " + (IsNet45OrNewer() ? "4.5" : "4")); 
       Console.WriteLine("enter search query"); 
       string searchQuery = Console.ReadLine(); 
       List<AdUser> adusers = Ldap1(searchQuery); 
       foreach (AdUser adUser in adusers) 
       { 
        Console.WriteLine(adUser.Mail + " : " + adUser.Surname + ", " + adUser.GivenName + " (" + adUser.MiddleName + ") : " + adUser.Phone + " : " + adUser.Description + " : " + adUser.Department); 
       } 
      } 
      while(exit == false); 
     } 

     public static bool IsNet45OrNewer() 
     { 
      // Class "ReflectionContext" exists from .NET 4.5 onwards. 
      return Type.GetType("System.Reflection.ReflectionContext", false) != null; 
     } 

     public static List<AdUser> Ldap1(string ldapSearch) 
     { 
      // configuration settings!! 
      var ldapServer = "GC://mydomain.com"; 
      //anr = ambigous name resolution, will search for firstname, lastname, email and combination of it 
      //userAccountControl:1.2.840.113556.1.4.803:=2 = only use enabled users 
      string ldapFilter = (string.Format("(&(anr={0})(!userAccountControl:1.2.840.113556.1.4.803:=2))", ldapSearch)); 
      //string ldapAttributes = "cn,department,sn,givenName,surname,middlename,description,telephoneNumber,mail,distinguishedName,userPrincipalName,sAMAccountName,lastLogonTimestamp"; 

      PropertyInfo[] classProperties = typeof(AdUser).GetProperties(BindingFlags.Public); 

      // return a list of users (might be an empty list) 
      List<AdUser> dt = new List<AdUser>(); 

      // initiate searcher 
      DirectoryEntry de = new DirectoryEntry(ldapServer); 
      DirectorySearcher deSearch = new DirectorySearcher(de); 
      try 
      { 
       // adjust search attributes 
       deSearch.Filter = ldapFilter; 
       deSearch.SearchScope = SearchScope.Subtree; 
       deSearch.SizeLimit = 100; 
       deSearch.ServerTimeLimit = new TimeSpan(30); 

       // define attributes to be returned by a search 
       foreach (PropertyInfo s in classProperties) 
       { 
        deSearch.PropertiesToLoad.Add(s.Name.ToLower()); 
       } 
       // do search 
       SearchResultCollection results = deSearch.FindAll(); 
       // analyze data 
       foreach (SearchResult result in results) 
       { 
        var u = new AdUser(); 
        var p = result.Properties; 
        if (p.PropertyNames != null) 
        { 
         foreach (string key in p.PropertyNames) 
         { 
          foreach (var values in p[key]) 
          { 
           switch (key.ToLower()) 
           { 
            case "adspath": // always returned 
             u.AdsPath = values.ToString(); 
             break; 
            case "cn": 
             u.CN = values.ToString(); 
             break; 
            case "sn": 
             u.Surname = values.ToString(); 
             u.SN = values.ToString(); 
             break; 
            case "givenname": 
             u.GivenName = values.ToString(); 
             break; 
            case "surname": 
             u.Surname = values.ToString(); 
             break; 
            case "middlename": 
             u.MiddleName = values.ToString(); 
             break; 
            case "department": 
             u.Department = values.ToString(); 
             break; 
            case "description": 
             u.Description = values.ToString(); 
             break; 
            case "mail": 
             u.Mail = values.ToString(); 
             break; 
            case "distinguishedname": 
             u.DistinguishedName = values.ToString(); 
             int idx = u.DistinguishedName.IndexOf("DC="); 
             string x = u.DistinguishedName.Substring(idx + 3); 
             idx = x.IndexOf(","); 
             u.Domain = (idx > 0) ? x.Substring(0, idx) : x; 
             break; 
            case "telephonenumber": 
             u.Phone = values.ToString(); 
             break; 
            case "userprincipalname": 
             u.UserPrincipalName = values.ToString(); 
             break; 
            case "samaccountname": 
             u.Account = values.ToString(); 
             break; 
            default: 
             // log entry?? 
             break; 
           } // end switch 
          } // foreach values 
         } // foreach key 
        } 
        dt.Add(u); 
       } 
       de.Close(); 
      } 
      catch (Exception ex) { throw ex; } 
      finally 
      { 
       deSearch.Dispose(); 
       de.Dispose(); 
      } 
      return dt; 
     } 
    } 
    public class AdUser 
    { 
     public string AdsPath { get; set; } 
     public string CN { get; set; } 
     public string GivenName { get; set; } 
     public string Surname { get; set; } 
     public string MiddleName { get; set; } 
     public string Description { get; set; } 
     public string SN { get; set; } 
     public string DN { get; set; } 
     public string Mail { get; set; } 
     public string Phone { get; set; } 
     public string Department { get; set; } 
     public string DistinguishedName { get; set; } 
     public string UserPrincipalName { get; set; } 
     public string Account { get; set; } 
     public string Domain { get; set; } 
    } 
}