10

Here is a sample of my code

var domainContext = new PrincipalContext(ContextType.Domain, "domain_server_ip",  
            "domain_admin_username", "domain_admin_password");
var group = GroupPrincipal.FindByIdentity(domainContext, "mygroup");
var users = group.Members.Where(member => names.Contains(member.Name))
            .ToList();
users.ForEach(u => group.Members.Remove(u));
group.Save(domainContext); // <-- Here I get the error

Same error if I try to get user groups

var user = UserPrincipal.FindByIdentity(domainContext, "username");
var gps = user.GetGroups(domainContext).ToList(); // <-- Here I get the error

I tried using ContextOptions.SimpleBind in connection, but nothing changes.
I've also tried setting a container name in connection, but again nothing changes.

Please note that I'm able to retrieve the group and its members... so I don't understand why I can't save the group or read user groups.

Marco
  • 56,740
  • 14
  • 129
  • 152
  • Did you ever solve this? Having the same problem but with group.GetMembers() when enumerating in foreach it throws the exception therefore no members are enumerated, there are some foreign pricipals in it but trust exists and connection can be established to the foreign domain. – user2782999 May 26 '18 at 06:47
  • @user2782999: not this way, I had to use old COM objects :( – Marco May 26 '18 at 21:05
  • I'm facing the same issue and I found some interesting info on that post https://stackoverflow.com/questions/10853995/groupprincipal-getmembers-fails-when-group-or-child-group-if-recursive-contain – gipinani Jun 11 '18 at 08:27
  • @gipinani: thanks for the heads up! If you find something please post it here as answer so other people facing this issue can find a suitable soluton. When I had this problem (more than 2 years ago) I had to find a quick solution, so I used the old COM objects :( – Marco Jun 11 '18 at 13:13
  • 2
    This can happen if you're connecting from a computer which is not part of the domain topology that you're connecting to. Filed a bug here:https://github.com/dotnet/corefx/issues/26891 – RobSiklos May 31 '19 at 16:13

2 Answers2

4

Try adding the IP address of the domain controller you're querying (in the first line - domain_server_ip) as the first DNS server on your network card's IP settings. (borrowed from here)

squillman
  • 13,363
  • 3
  • 41
  • 60
0

i had the same Problem.

the problem in our Case was that the Target was an external Domain Server. The .net Ad Library seems to take explicit the FQDN from the external AD Server (that one that the Server resolves for himself) for some requests and do not respect the FQDN or ip you gave as name to the PrincipalContext ctor in all cases.

so my Client was in x.Domain1, the External Ad Server (server1.x.Domain2) is for Domain x.Domain2.

The standard dns for Domain1 resolved the AdServer as server1.x.Domain1. This Dns don´t know about the Domain2. Thats the issue.

To Resolve this you have imho 3 choices

  1. Add ip from external Ad Server as your primary dns (do not forget do Enable/Disable Adapter after that) (Not an option for us)
  2. Edit hosts File And Add 2 Entrys: (good for test, but no option for production)
    IpofDomain2Server server1.x.Domain2
    IpofDomain2Server x.Domain2
  3. Speak with the Infrastructure to add above DNS Entrys for Domain2 in Domain1 (Dns Forwarding?)
Jan Zimmermann
  • 1
  • 1