none
UserPrincipal.GetGroups issue RRS feed

  • Question

  • We recently decommissioned one of our domain controllers. Now one of the projects that uses the user.GetGroups function bombs off with ActiveDirectoryServerDownException: The server is not operational error. We have other DC's that are up and running. Do I need to specify the DC in my code (see below). The odd thing is that another project I have uses the same code and is working fine. Both are published to an application pool that runs on sharepoint.

    Code:

               using (PrincipalContext context = new PrincipalContext(ContextType.Domain))

                {
                    string userName = Request.LogonUserIdentity.Name;
                   
                    UserPrincipal user = UserPrincipal.FindByIdentity(context, userName);

                    foreach (var group in user.GetGroups())
                    {

    Tuesday, September 5, 2017 6:58 PM

Answers

  • It really sounds like a networking issue. It sounds like the DC is still thought to be around so queries against AD aren't rolling over to the remaining DCs. I'd recommend that you post the question in TechNet and see if there is a step that you missed when bringing the DC offline.

    I'm not an expert but AFAIK, unless you define a user/group specifically on a DC, then the account management is shared across the DCs so removing one wouldn't impact the others. Of course if you have a reference to a group that would only be on the DC then I could see a problem.

    Michael Taylor
    http;//www.michaeltaylorp3.net

    • Proposed as answer by Fei HuModerator Tuesday, September 19, 2017 9:56 AM
    • Marked as answer by J-Bal Tuesday, October 31, 2017 12:47 PM
    Thursday, September 7, 2017 1:45 PM
    Moderator

All replies

  • The exception "The server is not operational" is normally returned when server is not in network or switched off.  Maybe you could check the code running environment.

    Thursday, September 7, 2017 12:13 PM
  • It really sounds like a networking issue. It sounds like the DC is still thought to be around so queries against AD aren't rolling over to the remaining DCs. I'd recommend that you post the question in TechNet and see if there is a step that you missed when bringing the DC offline.

    I'm not an expert but AFAIK, unless you define a user/group specifically on a DC, then the account management is shared across the DCs so removing one wouldn't impact the others. Of course if you have a reference to a group that would only be on the DC then I could see a problem.

    Michael Taylor
    http;//www.michaeltaylorp3.net

    • Proposed as answer by Fei HuModerator Tuesday, September 19, 2017 9:56 AM
    • Marked as answer by J-Bal Tuesday, October 31, 2017 12:47 PM
    Thursday, September 7, 2017 1:45 PM
    Moderator