All geek questions in one place

ActiveDirectory: how do I know if a domain is available?

Is there a way to find out if a domain is accessible in ActiveDirectory before using GetDomain? I have an application in which users should be able to add domains by themselves, and if they enter an invalid domain, there should be an error. This is being handled right now, catching an exception below, but a user entering an invalid domain is unlikely to be an exceptional case, and the exception can also take a very long time to get a throw, especially if the ip address is entered (it seems), Is there a better solution for this ?

public Domain RegisterUserDirectory(string domainId) { DirectoryContext context = new DirectoryContext(DirectoryContextType.Domain, domainId); System.DirectoryServices.ActiveDirectory.Domain domain; try { domain = System.DirectoryServices.ActiveDirectory.Domain.GetDomain(context); } catch (ActiveDirectoryNotFoundException adne) { // handle } catch (Exception e) { Log.Warning("Failed to contact domain {0}: {1}", domainId, e.Message); throw; } ... ... }
+4
source share
5 answers

Unfortunately, I think there is no other way. Just think about how you check the availability of the IP address. All you can do is try a connection or send a ping request. After that, you just need to wait if someone answers, and because the connection may be slow, timeouts are high, and you have to wait all the time.

All you can do for a better user experience is to put this work in a different tread (or background worker) so that your GUI still reacts and shows some progress or a step bar for the user. Then you can also add the ability to cancel the connection attempt by simply canceling this stream.

Thus, this would not accelerate, but respond better to the user, and thus, he would feel faster.

+3
source

The only other option I can think of is to use a forest to list domains. i.e.

  var myDomain = Domain.GetCurrentDomain(); //or .GetComputerDomain(); var forestDomains = myDomain.Forest.Domains;

It is assumed that all the domains you want are in the same forest. Then you will need to test your user, entered domainId into this collection, perhaps by testing the properties of each .Name domain.

+5
source

This is how I do it without using Forest. Some read-only servers have problems using the Forest class, so if I get an exception from my regular DomainExists method, I will try this instead.

 public static bool DomainExistsNoForests(string domain, string server) { try { DirectoryContext directoryContext = new DirectoryContext(DirectoryContextType.DirectoryServer, server); Domain d = Domain.GetDomain(directoryContext); if (d.Name.Trim().Equals(domain.Trim(), StringComparison.CurrentCultureIgnoreCase)) return true; return false; } catch (Exception e) { return false; } }

This is much faster than you posted. This code does not attempt to resolve the domain, but you need to know the directory server that you are using.

I also have code to check for null arguments, but I edited it to answer.

Charles.

+3
source

We need more information to give you a good answer. Active Directory stores information about all trusted domains. Thus, you can find out all the trusted information about the domain simply by looking at the Global Catalog and not being tied to the domain controller.

However, you need to know that even if domain information exists in Active Directory, this does not mean that you can bind to it. Perhaps you do not have the rights to bind to it or the firewall settings in your environment may block your access to some domains.

Here I assume the following.

  • The computer on which your software is running is already connected to the domain.
  • You register as a domain user when you start the software.
  • You have only one forest, but the forest includes many domains.
  • You have a global catalog in your forest (very often you have one)
  • You enter a DNS domain name, but not a NETBIOS domain name

You can use the following code to check if a domain exists in your current forest. If so, continue calling Domain.GetDomain (context) to get the Domain object. If for some reason you cannot get attached to it, you still need to wait until the timeout occurs.

 private bool DomainExist(string domain) { HashSet<string> domains = new HashSet<string>(); foreach (Domain d in Forest.GetCurrentForest().Domains) { domains.Add(d.Name.ToLower()); } return domains.Contains(domain.ToLower()); }
+1
source

I tried my best to check the path to the domain. It worked for me.

 try { FileAttributes attr = File.GetAttributes(textBox1.Text); if ((attr & FileAttributes.Directory) == FileAttributes.Directory) { } } catch (ArgumentException e1) { result = false; } catch (IOException e2) { if (e2.Message.Contains("The network path was not found.")) { result = false; } else { result = true; } }
0
source

Source: https://habr.com/ru/post/1335208/

More articles:


All Articles