0

I am working an an webapp and in my controller it iterates through all of the domain controllers in a test environment, looking for the most recent lastLogon of all users doing a search from Top Level Domain. It works perfectly when all domain controllers are up and running, however, in this one production environment, with 9 domain controllers, 1 of the domain controllers is having issues and no one can authenticate to it, my app seems to hang, but does not return any errors. I decided to use this below, from Dalton, in https://stackoverflow.com/a/19585559/2698193

public static DateTime findlastlogon(int domainID, string userName)
    {
        DirectoryContext context = new DirectoryContext(DirectoryContextType.Domain, DomainManagement.domainName(domainID), DomainManagement.domainServiceAccountLoginName(domainID), DomainManagement.domainServiceAccountPassword(domainID));
        DateTime latestLogon = DateTime.MinValue;
        DomainControllerCollection dcc = DomainController.FindAll(context);
        Parallel.ForEach(dcc.Cast<object>(), dc1 =>
        {


            DirectorySearcher ds;
            DomainController dc = (DomainController)dc1;
            using (ds = dc.GetDirectorySearcher())
            {
                try
                {
                    ds.Filter = String.Format(
                      "(sAMAccountName={0})",
                      userName
                      );
                    ds.PropertiesToLoad.Add("lastLogon");
                    ds.SizeLimit = 1;
                    SearchResult sr = ds.FindOne();

                    if (sr != null)
                    {
                        DateTime lastLogon = DateTime.MinValue;
                        if (sr.Properties.Contains("lastLogon"))
                        {
                            lastLogon = DateTime.FromFileTime(
                              (long)sr.Properties["lastLogon"][0]
                              );
                        }

                        if (DateTime.Compare(lastLogon, latestLogon) > 0)
                        {
                            latestLogon = lastLogon;
                        }
                    }
                }
                catch (Exception ex)
                {

                }
            }
            ds.Dispose();
        });
        return latestLogon;
    }

Is there any way possible to do a check on all domain controllers and skip the ones not responding so it will continue to run without even seeing the downed domain controller(s)? I am unsure of how to do this.

Thanks

muttBunch
  • 123
  • 2
  • 8
  • Look at this solution: [C# Method to check if an Active Directory Domain Controller is up and running](https://stackoverflow.com/a/39925187/421195) – paulsm4 Sep 07 '21 at 16:58
  • Thanks paulsm4, I did see that but I am unsure of how to implement it – muttBunch Sep 07 '21 at 17:34
  • Hi, saw your comment on my answer about DC hanging. Do you have access to this prod environment? Do you know where exactly your program hangs, eg using debug or memory dump (assume the problematic line is DomainController.FindAll) – oldovets Sep 10 '21 at 00:06
  • BTW don’t split object DN by comma, or you will be in trouble) Left a comment to a correct way of object DN to CN conversion in your other thread – oldovets Sep 10 '21 at 00:41
  • Thank you oldovets, I will be trying something later today with your suggestions and will keep you posted if it works. I have an idea using a "static int Ping" and see if it will work on only returning DCs that reply to the ping. Thanks again – muttBunch Sep 12 '21 at 15:46
  • @muttBunch I do not recommend pinging a dc as ping icmp rule is disabled in windows firewall by default – oldovets Sep 13 '21 at 21:59

0 Answers0