我有一些代码(下面)每15分钟运行一次.有时它将无法使用以下错误查询AD:
System.DirectoryServices.Protocols.DirectoryOperationException: The server does not support the control. The control is critical. at System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request,TimeSpan requestTimeout)
>当它成功运行时,整个过程大约需要一分钟才能运行,AD查询大约需要30秒,32页.
>当它失败时,它始终在第一页上.
>就我所知,它似乎没有在一个模式中失败(总是在一天的不同时间).
在谷歌搜索该错误后,我发现了两个SO问题(one,two),指向使用AuthType.Ntlm来解决问题.但这对我来说并没有解决. Another说检查服务器是否支持分页(确实如此).
关于为什么会发生这种情况的任何想法?
var attributesToReturn = new[] {
"givenName","sn","middleName","extensionAttribute8","department","sAMAccountName","userAccountControl"
};
var filter = "(&(objectclass=user)(!(objectclass=computer))(sn=*)(givenName=*)(extensionAttribute8=*)(|(sn=a*)(sn=b*)(sn=c*)(sn=d*)(sn=e*)(sn=f*)(sn=g*)(sn=h*)(sn=i*)(sn=j*)(sn=k*)(sn=l*)(sn=m*)(sn=n*)(sn=o*)(sn=p*)(sn=q*)(sn=r*)(sn=s*)(sn=t*)(sn=u*)(sn=v*)(sn=w*)(sn=x*)(sn=y*)(sn=z*)))";
var currentBatch = 1;
var searchRequest = new SearchRequest("DC=foo,DC=bar,DC=baz",filter,SearchScope.Subtree,attributesToReturn);
var pageRequestControl = new PageResultRequestControl(500);
searchRequest.Controls.Add(pageRequestControl);
using (var ldapConnection = new LdapConnection("server.foo.bar.baz"))
{
ldapConnection.Credential = new NetworkCredential("user","pass","domain");
ldapConnection.Timeout = new TimeSpan(0,4,0);
ldapConnection.AuthType = AuthType.Ntlm; // https://stackoverflow.com/a/14255413
while (true)
{
log.Debug("Fetching batch {0} from AD",currentBatch);
var searchResponse = (SearchResponse)ldapConnection.SendRequest(searchRequest);
var pageResultResponse = (PageResultResponseControl)searchResponse.Controls[0];
log.Debug("Parsing AD response for batch {0}",currentBatch);
ParseResponse(_return,searchResponse,includeDisabled);
if (pageResultResponse.Cookie.Length == 0)
break;
pageRequestControl.Cookie = pageResultResponse.Cookie;
currentBatch++;
}
}
