从 Azure 云中 Windows Server 上运行的 Active Directory 获取用户
[英]Get Users from Active Directory running on Windows Server in Azure Cloud
问题描述
I'd like to read out all users on an active directory running on a windows server 2016 inside a azure cloud.
我想读出在蔚蓝云中的 Windows Server 2016 上运行的活动目录中的所有用户。 I can access the windows server with remote desktop but I'm not able to use the PrincipalContext of the DirectoryServices to connect to the AD.我可以使用远程桌面访问 Windows 服务器,但我无法使用 DirectoryServices 的 PrincipalContext 连接到 AD。 I have the IP-Address of the remote windows server 2016 on which the active directory service is running.我有运行 Active Directory 服务的远程 Windows Server 2016 的 IP 地址。 A user with admin rights was also created.还创建了具有管理员权限的用户。
I tried different statements regarding the connection of the PrincipalContext.我尝试了有关 PrincipalContext 连接的不同陈述。
1. 1.
using (var adContext = new PrincipalContext(ContextType.Domain, "ip-adress of remote server"))
using (var adContext = new PrincipalContext(ContextType.Domain, "LDAP://ip-adress of remote server"))
using (var context = new PrincipalContext(ContextType.Domain, "ip-adress of remote server", "CN=Users", "adminuser", "adminpassword")
The exception I'm getting is System.DirectoryServices.AccountManagement.PrincipalServerDownException: 'The server could not be contacted.我得到的例外是 System.DirectoryServices.AccountManagement.PrincipalServerDownException: '无法联系服务器。 Is there an issue because the server is not in the same domain?是否存在问题,因为服务器不在同一个域中?
This is my first time doing anything regarding active directory or windows server.这是我第一次对活动目录或 Windows 服务器做任何事情。 So if there is some giant error in in my approach please be considerate.因此,如果我的方法中有一些巨大的错误,请体谅。
1 个解决方案
解决方案1
0 2019-08-13 12:20:23
Sounds like a firewall issue - you just can't contact the server over the network.听起来像是防火墙问题 - 您只是无法通过网络联系服务器。 You can test this in PowerShell using the command:您可以使用以下命令在 PowerShell 中对此进行测试:
Test-NetConnection "ip-adress of remote server" -Port 389
There are 4 ports you can test:您可以测试 4 个端口:
- 389: The default LDAP port. 389:默认的 LDAP 端口。 This is used if you don't specify a port.如果您未指定端口,则使用此选项。
- 636: LDAPS, or LDAP over SSL (encrypted) 636:LDAPS 或 LDAP over SSL(加密)
- 3268: Global Catalog. 3268:全局目录。 Works the same as LDAP, but includes all domains in your forest (if you have more than one domain)工作方式与 LDAP 相同,但包括林中的所有域(如果您有多个域)
- 3269: GC over SSL 3269:基于 SSL 的垃圾回收
If any of the other ports work, then you can specify it in the PrincipalContext :如果任何其他端口工作,那么您可以在PrincipalContext指定它:
new PrincipalContext(ContextType.Domain, "ip-adress of remote server:636")
Using SSL complicates things a little since your computer needs to trust the SSL certificate that the server sends.使用 SSL 会使事情变得有点复杂,因为您的计算机需要信任服务器发送的 SSL 证书。
If none of the ports work, then there is a firewall blocking communication somewhere and you need to get that fixed first.如果所有端口都不起作用,则说明某处有防火墙阻止了通信,您需要先修复该问题。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.