发表新帖
发表新帖

How to resolve “The server does not support the control. The control is critical.” Active Directory error

后端 未结
关注
3 1296
礼貌的吻别
礼貌的吻别 2020-12-21 08:10

When trying to get all users from AD based on a role I was getting the exception:

System.DirectoryServices.Protocols.DirectoryOperationException: The

相关标签:
3条回答
  • 伪装坚强ぢ
    2020-12-21 08:42

    I recently experienced this issue even though I had explicitly set the LDAP version number to 3 and was using NTML authentication.

    In my case there was a mutli domain Active Directory Domain Services forest and the problem was resolved by changing the port number used to establish the LDAP connection from 389 to 3268.

    It turns out that these ports have very specific purposes -

    389 - requests information from the local domain controller. The local domain controller has access to the complete list of attributes for all objects within the domain however querying for objects stored on an another domain requires referral chasing and this was where I was seeing "The server does not support the control" error.

    3268 - This port is used to access the Global Catalog, this is a repository of all of the objects within the entire forest. It does have it limits in that the Global Catalog only stores attributes that have been marked for replication. Another side effect is that the Global Catalog is much more performant that access the local domain controller as it has no reliance on referral chasing to work.

    0 讨论(0)
  • 没有蜡笔的小新
    2020-12-21 08:58

    The solution posted in response to thread Paged LDap search fails with “The requested attribute does not exists” helped me with my issue too. I was using AuthType.Basic and changing it to AuthType.Ntlm had the paging code running fine. I doubt it will affect any other piece of AD code that I have but I'll check and post if I find anything to watch out for.

    Thanks.

    0 讨论(0)
  • 离开以前
    2020-12-21 08:59

    It is true that it helps to change from AuthType.Basic, but in case anyone wants to get it working with AuthType.Basic then you need to make sure to set LDAP protocol version to 3:

    var connection = new LdapConnection(new LdapDirectoryIdentifier(server), null, AuthType.Basic);
connection.Bind(new NetworkCredential(username, password));
connection.SessionOptions.ProtocolVersion = 3;

    I found this solution here: https://groups.google.com/d/msg/microsoft.public.active.directory.interfaces/x1ZiixXknqk/m7-Li21QBoIJ

    0 讨论(0)
 看不清?
提交回复
热议问题