.net – UserPrincipal.FindByIdentity坚持“服务器上没有这样的对象.”

我目前的目标是使用System.DirectoryServices.AccountManagement程序集中的实用程序为基于域安全组的ASP.NET应用程序实现只读角色提供程序.我有以下代码在我的开发域中正常工作,但在部署环境中失败：

Using myContext As New PrincipalContext(ContextType.Domain, Nothing, "DC=My,DC=Controller", accountName, accountPassword)
    Try
        Dim p As UserPrincipal = UserPrincipal.FindByIdentity(myContext, IdentityType.SamAccountName, userName)
        Dim groups = p.GetAuthorizationGroups()
        For Each g In groups
            Debug.WriteLine("Found security group: " & g.DisplayName & vbNewLine)
        Next
    Catch ex As Exception
        Debug.WriteLine("Encountered an exception: " & vbNewLine & ex.ToString())
    End Try
End Using

异常堆栈跟踪返回如下：

    System.DirectoryServices.AccountManagement.PrincipalOperationException: There is no such object on the server.
     ---> System.DirectoryServices.DirectoryServicesCOMException (0x80072030): There is no such object on the server.
       at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
       at System.DirectoryServices.DirectoryEntry.Bind()
       at System.DirectoryServices.DirectoryEntry.get_SchemaEntry()
       at System.DirectoryServices.AccountManagement.ADStoreCtx.IsContainer(DirectoryEntry de)
       at System.DirectoryServices.AccountManagement.ADStoreCtx..ctor(DirectoryEntry ctxBase, Boolean ownCtxBase, String username, String password, ContextOptions options)
       at System.DirectoryServices.AccountManagement.PrincipalContext.CreateContextFromDirectoryEntry(DirectoryEntry entry)
       at System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInit()
       --- End of inner exception stack trace ---
       at System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInit()
       at System.DirectoryServices.AccountManagement.PrincipalContext.DoDomainInit()
       at System.DirectoryServices.AccountManagement.PrincipalContext.Initialize()
       at System.DirectoryServices.AccountManagement.PrincipalContext.get_QueryCtx()
       at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithTypeHelper(PrincipalContext context, Type principalType, Nullable`1 identityType, String identityValue, DateTime refDate)
       at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithType(PrincipalContext context, Type principalType, IdentityType identityType, String identityValue)
       at System.DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity(PrincipalContext context, IdentityType identityType, String identityValue)

我知道这里明显的“问题”是确定对象实际上,好……存在于服务器上.但是,我可以毫无疑问地确认无论我使用哪个帐户的SAM帐户名称,我都会收到相同的结果.此外,Microsoft ActiveDirectoryMembershipProvider对同一SAM帐户名进行身份验证没有问题,我可以使用DirectorySearcher类的信息找到该对象.我可以在开发网络和部署之间确定的唯一区别是部署环境的DC是Windows Server 2003框,而本地我使用Windows Server 2008 DC进行开发.我可以俯瞰什么？

出于某种原因,问题在于域控制器的路径.将路径描述为DC = box123,DC = dom不起作用,但使用路径box123.dom.不能说为什么,这不是我可以在本地域上复制的行为,但这解决了这个问题.

编辑：在进一步研究时,结构DC = box123,DC = dom,当削减到DC = dom也正确运行时.我不了解寻址的动态,但我能够通过使用DirectorySearcher对象显示示例用户的路径来确定问题,该对象显示了我的用户的路径：LDAP：//box123.dom/ CN =用户名/ CN =用户/ DC = DOM