none
Information about the domain could not be retrieved (1355)

    Question

  • Hi,

    I am using System.DirectoryServices.AccountManagement in .Net 3.5 to connect to Active Directory. It works fine but when I try get group information for user then it throws following exception.

    System.DirectoryServices.AccountManagement.PrincipalOperationException: Information about the domain could not be retrieved (1355).
       at System.DirectoryServices.AccountManagement.Utils.GetDcName(String computerName, String domainName, String siteName, Int32 flags)
       at System.DirectoryServices.AccountManagement.ADStoreCtx.LoadDomainInfo()
       at System.DirectoryServices.AccountManagement.ADStoreCtx.get_DnsForestName()
       at System.DirectoryServices.AccountManagement.ADStoreCtx.GetGroupsMemberOf(Principal foreignPrincipal, StoreCtx foreignContext)
       at System.DirectoryServices.AccountManagement.Principal.GetGroupsHelper(PrincipalContext contextToQuery)
       at System.DirectoryServices.AccountManagement.Principal.GetGroups(PrincipalContext contextToQuery)


    It works fine when the application is run from the server which is part of the Active Directory, but when run from the stand alone client it throws this exception. Some of other operations are working without problem. The problem is also explained at http://directoryprogramming.net/forums/thread/6649.aspx as well, but the solution did not work for me.

    Following is the code, user.GetGroups(context) fails.
    using (var user = UserPrincipal.FindByIdentity(context, IdentityType.SamAccountName, userName))
    {
        if (user != null)
        {
            var groups = user.GetGroups(context);
    
            var returnGroups = from grp in groups
                               orderby grp.SamAccountName
                               select grp.SamAccountName;
    
            return returnGroups.ToArray();
        }
    }
    Similarly, I get the same error when I find a group and then try to access grp.Members property.

    Thanks,
    Aatif
    Wednesday, September 16, 2009 12:14 PM

Answers

  • All,

    I found a way to resolve the issue, this might help somebody else.

    Add the IP address domain controller (which you are trying to connect) to the DNS server list on the client machine, make sure it is the first in the list.
    Repair the network connections (disable/enable it)

    Try again, it works. 

    Revert back to your original settings won't affect, it seems it caches somewhere and works until you reboot your machine. Somebody else might have better idea about it.

    Thanks,
    Aatif
    • Marked as answer by eryang Tuesday, September 22, 2009 6:12 AM
    Thursday, September 17, 2009 12:43 PM

All replies

  • Error 1355 is documented as "The specified domain either does not exist or could not be contacted."  You'll need to work with the domain administrator to find out what's wrong with that machine.  Start with the obvious stuff, is the machine actually joined to the domain?  Ask more questions about it in a TechNet forum.

    Hans Passant.
    Wednesday, September 16, 2009 12:37 PM
  • Thanks Hans for your reply, as I mentioned the machine is not part of the domain, it works on the machine which are part of the domain. 

    For non-joined machines all other operations are working. e.g. 

    var user = UserPrincipal.FindByIdentity(context, IdentityType.SamAccountName, userName)
    works, but then 

    user.GetGroups or user.GetAuthorizationGroups() fails.

    Thanks,
    Aatif
    Wednesday, September 16, 2009 1:32 PM
  • Clearly, the machine has to be joined to the domain to make domain controller queries possible.
    Hans Passant.
    Wednesday, September 16, 2009 2:36 PM
  • I don't think I can directly help, but I can verify that you can query Active Directory from machines that are not joined to the domain.  I have done it in plain VBScript.  What you need to verify is that DNS can resolve the domain name, and you must connect to AD using an AD username and password.  If you have that, you can query AD.  Like I said, I cannot help you out with managed code, but I can with regular VBScript.

    MCP
    Wednesday, September 16, 2009 4:10 PM
  • Thanks webJose for confirmation. 
    It is working with Managed code as well but I wanted to use AccountManagement  namespace provided in .net 3.5 (see http://msdn.microsoft.com/en-us/magazine/cc135979.aspx for more details.) 

    It works when using using System.DirectoryServices (.Net 2), obviously code is complex and harder to understand.

    Thanks,
    Aatif
    Thursday, September 17, 2009 7:37 AM
  • All,

    I found a way to resolve the issue, this might help somebody else.

    Add the IP address domain controller (which you are trying to connect) to the DNS server list on the client machine, make sure it is the first in the list.
    Repair the network connections (disable/enable it)

    Try again, it works. 

    Revert back to your original settings won't affect, it seems it caches somewhere and works until you reboot your machine. Somebody else might have better idea about it.

    Thanks,
    Aatif
    • Marked as answer by eryang Tuesday, September 22, 2009 6:12 AM
    Thursday, September 17, 2009 12:43 PM
  • You should ask the network administrator to verify the DNS entries for the domain controllers in your network.  It could be that they are incomplete.  If the DNS server is compliant with Active Directory (sorry, I don't remember the exact standard right now), the domain controller itself can make sure of this using (I think) ipconfig.
    MCP
    Friday, September 18, 2009 3:33 PM
  • You should ask the network administrator to verify the DNS entries for the domain controllers in your network.  It could be that they are incomplete.  If the DNS server is compliant with Active Directory (sorry, I don't remember the exact standard right now), the domain controller itself can make sure of this using (I think) ipconfig.
    MCP
    Yes, I have suggested that to the network team, but don't know if they are going to do anything about it. Until then my workaround works for me during the development phase.

    Thanks,
    Aatif
    Tuesday, September 22, 2009 10:05 AM