I ran into the following error while traversing certain user’s security groups in Active Directory:
System.DirectoryServices.AccountManagement.NoMatchingPrincipalException: An error occurred while enumerating the groups. The group could not be found.
The error was thrown when calling GetAuthorizationGroups() on line 3:
PrincipalContext adServer = new PrincipalContext(ContextType.Domain, CasRolesConfig.ADServer); UserPrincipal adUser = UserPrincipal.FindByIdentity(adServer, samAccountName ); PrincipalSearchResult<Principal> adAuthGroups = adUser.GetAuthorizationGroups(); foreach (Principal adAuthGroup in adAuthGroups) { string groupName = adAuthGroup.Name; // [...] }
The error occurs when the group or child group contains a ForeignSecurityPrincipal. Microsoft has confirmed it as an issue and a bug has been raised internally.