Pin Active Directory provider to domain controller

LIAMActiveDirectory/cADServiceGroupCreator.cs

@@ -19,7 +19,6 @@ namespace LiamAD
     {
         private readonly cLiamProviderAD _provider;
         private readonly cActiveDirectoryBase _adBase;
-        private readonly string _ldapRoot;
         private readonly string _user;
         private readonly string _password;
         public enum ADGroupType
@@ -31,11 +30,25 @@ namespace LiamAD
         {
             _provider = provider ?? throw new ArgumentNullException(nameof(provider));
             _adBase = provider.activeDirectoryBase;
-            _ldapRoot = $"LDAP://{provider.Domain}/{provider.GroupPath}";
             _user = provider.Credential.Identification;
             _password = new System.Net.NetworkCredential(_user, provider.Credential.Secret).Password;
         }
 
+        private string GetLdapServer()
+        {
+            return string.IsNullOrWhiteSpace(_adBase.EffectiveDomainController) ? _provider.Domain : _adBase.EffectiveDomainController;
+        }
+
+        private string GetLdapRoot()
+        {
+            return $"LDAP://{GetLdapServer()}/{_provider.GroupPath}";
+        }
+
+        private string GetLdapDomainRoot()
+        {
+            return $"LDAP://{GetLdapServer()}";
+        }
+
         /// <summary>
         /// Erstellt oder findet beide AD-Gruppen (Member & Owner) für einen Service.
         /// Neu mit: gruppenbereich (Scope) und gruppentyp (für Member-Gruppe).
@@ -115,7 +128,7 @@ namespace LiamAD
             if (sidList == null) return;
 
             // Basis für die Suche: komplette Domäne, nicht nur der OU-Pfad
-            string domainRoot = $"LDAP://{_provider.Domain}";
+            string domainRoot = GetLdapDomainRoot();
             using (var root = new DirectoryEntry(domainRoot, _user, _password, AuthenticationTypes.Secure))
             using (var grpSearch = new DirectorySearcher(root))
             {
@@ -185,7 +198,7 @@ namespace LiamAD
 
         private string GetSid(string name)
         {
-            using (var root = new DirectoryEntry(_ldapRoot, _user, _password, AuthenticationTypes.Secure))
+            using (var root = new DirectoryEntry(GetLdapRoot(), _user, _password, AuthenticationTypes.Secure))
             using (var ds = new DirectorySearcher(root))
             {
                 ds.Filter = $"(&(objectCategory=group)(sAMAccountName={name}))";
@@ -219,7 +232,7 @@ namespace LiamAD
         {
             if (!GroupExists(groupName))
             {
-                using (var root = new DirectoryEntry(_ldapRoot, _user, _password, AuthenticationTypes.Secure))
+                using (var root = new DirectoryEntry(GetLdapRoot(), _user, _password, AuthenticationTypes.Secure))
                 {
                     var grp = root.Children.Add("CN=" + groupName, "group");
                     grp.Properties["sAMAccountName"].Value = groupName;
@@ -261,7 +274,7 @@ namespace LiamAD
 
         private string GetDistinguishedName(string name)
         {
-            using (var root = new DirectoryEntry(_ldapRoot, _user, _password, AuthenticationTypes.Secure))
+            using (var root = new DirectoryEntry(GetLdapRoot(), _user, _password, AuthenticationTypes.Secure))
             using (var ds = new DirectorySearcher(root))
             {
                 ds.Filter = "(&(objectClass=group)(sAMAccountName=" + name + "))";
@@ -285,4 +298,4 @@ namespace LiamAD
             }
         }
     }
-}
+}