With this code I can find invalid computer domain accounts
:
try
{
string sMyComputer = "MyComputer"
Domain computerDomain = Domain.GetComputerDomain(); // may! throw ActiveDirectoryObjectNotFoundException if computer account is invalid
string sComputerDomain = computerDomain.Name;
NTAccount acc_machine = new NTAccount(sComputerDomain, sMyComputer + "$");
SecurityIdentifier sid = (SecurityIdentifier)acc_machine.Translate(typeof(SecurityIdentifier)); // always throws an SystemException if computer account is invalid
}
catch
{
// something is wrong with the account
}
- sMyComputer + "$" is how the account name is stored in the active directory
- my experience is that the first exception is mostly not thrown and the return value is the correct name of the domain the computer had once a working computer account
- the second exception (SystemException) is always thrown if computeraccount is now invalid. The errocode is 80004005. (I had expected an IdentityNotMappedException)
EDIT:
corrected error in code