Request a user's roles in AD when caller is not in domain
Posted
by grootjans
on Stack Overflow
See other posts from Stack Overflow
or by grootjans
Published on 2009-02-04T13:39:57Z
Indexed on
2010/03/08
7:06 UTC
Read the original article
Hit count: 761
I would like to get a user's group memberships in an ActiveDirectory, without being in the domain. When I run this inside the domain, all is well.
var context = new PrincipalContext(ContextType.Domain);
var principal = UserPrincipal.FindByIdentity(context, IdentityType.Name, "administrator");
foreach (var authorizationGroup in principal.GetAuthorizationGroups())
{
Console.WriteLine(authorizationGroup.Name);
}
However, when I run outside the domain, I have to specify the PrincipalContext lie this:
var context = new PrincipalContext(ContextType.Domain, "10.0.1.255", "DC=test,DC=ad,DC=be", "administrator", "password");
When I run this code, I get an exception when I execute principal.GetAuthorizationGroups(). The exception I get is:
System.DirectoryServices.AccountManagement.PrincipalOperationException: Information about the domain could not be retrieved (1355).
at System.DirectoryServices.AccountManagement.Utils.GetDcName(String computerName, String domainName, String siteName, Int32 flags)
at System.DirectoryServices.AccountManagement.ADStoreCtx.LoadDomainInfo()
at System.DirectoryServices.AccountManagement.ADStoreCtx.get_DnsDomainName()
at System.DirectoryServices.AccountManagement.ADStoreCtx.GetGroupsMemberOfAZ(Principal p)
at System.DirectoryServices.AccountManagement.UserPrincipal.GetAuthorizationGroupsHelper()
at System.DirectoryServices.AccountManagement.UserPrincipal.GetAuthorizationGroups()
© Stack Overflow or respective owner
