Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Is there a way to enable referral chasing for UserPrincipal.FindByIdentity()?

Tags:

c#

windows

active-directory

ldap

windows-server

I have a .NET 3.5 web application that uses the System.DirectoryServices.AccountManagement classes. When I search for some users I get a PrincipalOperationException: A referral was returned from the server. If I did this the old school way with my own LDAP code I could enable chasing of referrals. Do I need to rewrite my code?

My code looks like this:

   using (var principalContext = new PrincipalContext(ContextType.Domain, null, adPath))
    {

        // Find the principal object for which you wish to enumerate group
        // membership.
        using (var userPrincipal = UserPrincipal.FindByIdentity(principalContext, identity))
        {
            if (userPrincipal != null)
            {
                Name = userPrincipal.DisplayName;
                DistinguishedName = userPrincipal.DistinguishedName;
                EmailAddress = userPrincipal.EmailAddress;
                Sid = userPrincipal.Sid.Value;
            }
        }
    }

My adPath can be one of 2 values. One of the values is a domain that was recently joined, and can be accessed using different tools. I believe this is a problem with how this .NET library makes the LDAP calls.

like image 985
LDAP programmer Avatar asked Apr 06 '11 21:04

LDAP programmer

Video Answer

1 Answers

Here is a partial Answer, as it's too long for a comment.

According to this Microsoft documentation, as you even know, Referrals are a hint that the client can chase. But concerning RODC they add "For example, in the case of an LDAP application, if chase referrals is enabled on the LDAP connection between the client and the RODC, the application never knows that the client received a referral from the RODC. The client is automatically redirected to the writable domain controller that is specified in the referral. ".

So I look how to enable LDAP chasing on a connexion in Microsoft site and I found this which means ADSI use. I'am very interested in the answer.

Do you try to query the global catalog like this :

/* Retreiving a principal context
 */
PrincipalContext domainContext = new PrincipalContext(ContextType.Domain, "YourGCServer:3268", "dc=dom,dc=fr", "User", "Password");

It's supposed to contains all the forest domain's datas. I hope it helps.

like image 112
JPBlanc Avatar answered Oct 21 '22 13:10

JPBlanc
Sign in to Comment

Related questions

How do you cluster push pins in the Silverlight Map Control?
C# Delegates & guid.newguid()
Set JPEG metadata - implementation problems
How to make a C# web service accepts a custom object including unbound elements defined in XSD
Raise an event via reflection in c#
Tag cloud font size calculation logic
WPF - Scroll without Focus
Run individual parameterized testcase with nunit-console
MS Chart Control :Two X Axis, one for hours, another for days (or mixing both)
Authentication with an SOA approach using C#
How to correctly clean up after long running task is cancelled
Why is this ilmerge command not working?
Keyword not supported 'provider' error
Windows SDK - C# - Debugging process exiting with error code -1073741502
How to get Session object by SessionId? [duplicate]
SynchronizationContext and InvokeRequired
Can WatiN download files without requiring focus?
validateRequest="false" is acting weird
What is a good statistics library for computing multiple correlations in .NET?
GTK# + WebKit + Windows

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!