I am trying to fetch the members of a given active directory group by using DirectoryServices.AccouneManagement namespaces classes in c#.
If I have my principal context object constructor specified for a specific domain, then whenever I access the member from the the group which is from the other domains I am running into the below error: "A referral was returned from the server".
Scenario is : I have different sub domains under root domain Eg: emea.mycorp.com, asia.mycorp.com, asiapacific.mycorp.com, xyz.mycorp.com
If i am running the below code from the domain xyz.mycorp.com, for a group in asiapacific If I specify the servername in the principal context object I could access the group.
private PrincipalContext context =
new PrincipalContext(ContextType.Domain, "asiapacific domain server name");
If my group has the users from other domains like emea\abcd, the below code fails at UserPrincipal:
GroupPrincipal SearchGroup = GroupPrincipal.FindByIdentity(context, "Dev Team");
GroupName = new List<string>();
foreach (UserPrincipal p in SearchGroup.GetMembers())
{
GroupName.Add(p.SamAccountName + " " + p.DistinguishedName + " " + p.Name);
}
So, Is there a way that I can pass the context for the root domain, so that the code will work irrespective of the domain to which the user belongs to. I tried below and with none of it with luck:
private PrincipalContext context =
new PrincipalContext(ContextType.Domain, "mycorp.com");
or
private PrincipalContext context =
new PrincipalContext(ContextType.Domain, "DC=mycorp,DC=com");
Try this:
new PrincipalContext(ContextType.Domain, "xyz.mycorp.com:3268", "DC=mycorp,DC=com");
This will create the PrincipalContext using the global catalog service on your local domain controller (of course, this assumes that your local DC is a GC as well). This will allow searches of the entire forest.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With