System.DirectoryServices - 服务器无法运行

System.DirectoryServices - The server is not operational(System.DirectoryServices - 服务器无法运行)
本文介绍了System.DirectoryServices - 服务器无法运行的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着跟版网的小编来一起学习吧!


我在使用 Windows 身份验证的网站上收到错误消息.

I get an error by a website, on which I use Windows Authentication.


  • 仅在用户尚未保存到数据库中时发生(新的未知用户)
  • 仅在实时系统上出现,在本地开发环境中一切正常


This is what I get in a logging mail:


Source : System.DirectoryServices


Message: The server is not operational.

在 System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
在 System.DirectoryServices.DirectoryEntry.Bind()
在 System.DirectoryServices.DirectoryEntry.get_AdsObject()
在 System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne)
在 System.DirectoryServices.DirectorySearcher.FindOne()
在 Smarthouse.Labs.DataAccess.UserListManager.SaveUser(String windowsUserName)

at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_AdsObject()
at System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne)
at System.DirectoryServices.DirectorySearcher.FindOne()
at Smarthouse.Labs.DataAccess.UserListManager.SaveUser(String windowsUserName)

这就是我实现 DirectorySearch 的方式:

This is how I implement DirectorySearch:

private void SaveUser(string windowsUserName)
    string[] domainAndUser = windowsUserName.Split('\');
    string domain = domainAndUser[0];
    string username = domainAndUser[1];

    DirectoryEntry entry = new DirectoryEntry("LDAP://" + domain);
    DirectorySearcher search = new DirectorySearcher(entry);

        // Bind to the native AdsObject to force authentication.
        search.Filter = "(SAMAccountName=" + username + ")";

        SearchResult result = search.FindOne();

        if (result == null)
            throw new Exception("No results found in Windows authentication.");

        User userToSave = new User();
        userToSave.FirstName = (String) result.Properties["givenName"][0];
        userToSave.LastName = (String) result.Properties["sn"][0];
        userToSave.Email = (String) result.Properties["mail"][0];
        userToSave.Username = windowsUserName;
        userToSave.Guid = Guid.NewGuid();

    catch (Exception ex)
        throw new Exception("Error authenticating user. " + ex.Message, ex);
        //Dispose service and search to prevent leek in memory


If more code examples are needed just tell me.


您的问题是您正在使用普通"域名进行绑定 - 这在 LDAP 中不起作用.实际上,如果您尝试绑定到 LDAP://MyDomain,您真正所做的是尝试绑定到名为 服务器代码>我的域.

Your problem is that you're using a "plain" domain name to bind - this won't work in LDAP. Actually, if you try to bind to LDAP://MyDomain, what you're really doing is trying to bind to the server called MyDomain.

您需要一个有效的 LDAP 绑定字符串 - 类似于 LDAP://dc=yourdomain,dc=local 之类的东西.

You need a valid LDAP bind string - something like LDAP://dc=yourdomain,dc=local or something.

要了解您的默认 LDAP 绑定上下文是什么,请使用以下代码片段:

To find out what your default LDAP binding context is, use this code snippet:

DirectoryEntry deRoot = new DirectoryEntry("LDAP://RootDSE");

if (deRoot != null)
   string defaultNamingContext = deRoot.Properties["defaultNamingContext"].Value.ToString();

获得该字符串后 - 将其用作 LDAP 服务器的绑定字符串.

Once you have that string - use that as your bind string to your LDAP server.

如果您使用 .NET 3.5 及更高版本,您应该查看 System.DirectoryServices.AccountManagement (S.DS.AM) 命名空间.在此处阅读所有相关信息:

And if you're on .NET 3.5 and up, you should check out the System.DirectoryServices.AccountManagement (S.DS.AM) namespace. Read all about it here:

  • 在 .NET Framework 3.5 中管理目录安全主体
  • System.DirectoryServices.AccountManagement 上的 MSDN 文档

基本上,您可以定义域上下文并轻松找到 AD 中的用户和/或组:

Basically, you can define a domain context and easily find users and/or groups in AD:

// set up domain context -- no domain name needed, uses default domain 
PrincipalContext ctx = new PrincipalContext(ContextType.Domain);

// find a user
UserPrincipal user = UserPrincipal.FindByIdentity(ctx, username);

if(user != null)
   // do something here....     

新的 S.DS.AM 使在 AD 中与用户和组一起玩变得非常容易!

The new S.DS.AM makes it really easy to play around with users and groups in AD!

这篇关于System.DirectoryServices - 服务器无法运行的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持跟版网!



Finding Active Directory users from 2 OU(从 2 个 OU 中查找 Active Directory 用户)
How to set a binary attribute when using a AccountManagement Extension Class?(使用 AccountManagement 扩展类时如何设置二进制属性?)
Getting last Logon Time on Computers in Active Directory(在 Active Directory 中的计算机上获取上次登录时间)
customer-configurable web site security for fine-grained control of page and button access(客户可配置的 网站安全性,用于对页面和按钮访问进行细粒度控制)
Active Directory - Roles of a user(Active Directory - 用户的角色)
How to connect to Active Directory via LDAPS in C#?(如何在 C# 中通过 LDAPS 连接到 Active Directory?)