While trying to resolve a cross-store reference, the SID of the target principal could not be resolved. The error code is 1332

Question

While fetching users from group, giving exception message as "While trying to resolve a cross-store reference, the SID of the target principal could not be resolved. The error code is 1332."

        PrincipalContext ctx = null;
        if (!string.IsNullOrWhiteSpace(adUserName))
        {
            ctx = new PrincipalContext(ContextType.Domain, domainName, adUserName, adPassword);
        }
        else
        {
            ctx = new PrincipalContext(ContextType.Domain, domainName);
        }
        var groupNames = commaSeparatedGroupNames.Split(',');
        IEnumerable<Principal> users = null;
        foreach (var groupName in groupNames)
        {
            if (!string.IsNullOrWhiteSpace(groupName))
            {
                var userGroup = GroupPrincipal.FindByIdentity(ctx, groupName.Trim());
                if (userGroup == null)
                    throw new InvalidOperationException("Active Directory Group Not Found :: " + groupName);

                var usersInGroup = userGroup.GetMembers();

                if (users == null)
                {
                    users = usersInGroup;
                }
                else
                {
                    users = users.Union(usersInGroup);
                }
            }
        }

        return users;

When doing

foreach (UserPrincipal user in users)

I am getting the error. Any suggestions i can check for this error or skip this member from list during looping.

Answer 1

I am getting the error. Any suggestions i can check for this error or skip this member from list during looping.

The error may be related to a group object in the member collection. You can confirm this by changing your GetMembers line to this:

var usersInGroup = userGroup.GetMembers(true);

This will do a recursive search and only return the leaf nodes. If that bypasses the error, and you don't need groups returned but you do want all the group members including those in the groups, then your problem is solved. If not, this hopefully gives you more data for further troubleshooting.

More info here.

Answer 2

Sandra's solution is almost right, but the exception is thrown on the MoveNext() method, so if you place your try..catch block inside it, it won't work.

var enumerator = members.GetEnumerator();

var moveNext = true;

while (moveNext)
{
    try
    {
        moveNext = enumerator.MoveNext();

        if (moveNext)
        {
            Principal member = enumerator.Current;
        
            Console.WriteLine("{0}\r\n\t{1}\r\n\t{2}", member, member.Guid, member.DistinguishedName);
        }
    } 
    catch (Exception ex) 
    {
        Console.WriteLine(ex.Message);
    }
}

Answer 3

I just encountered this same problem yesterday, and this is the best answer I found at this link:

IEnumerator<Principal> enumerator = members.GetEnumerator();
while (enumerator.MoveNext())
{
    try
    {
        Principal member = enumerator.Current;
        Console.WriteLine("{0}\r\n\t{1}\r\n\t{2}",member.ToString(),member.Guid,member.DistinguishedName);
    } catch (Exception ex) {
        Console.WriteLine(ex.Message);
    }
}

This is how you would iterate the IEnumerable collection 'manually'. It gives you a chance to attempt getting the Principal and to catch the exception if it's an undefined SID or some other issue.

Answer 4

I think your problem is tied to the return type of group.GetMembers(), which isn't neccessarily a UserPrincipal but a Principal.

So you might want to check, if the Principal is a UserPrincipal or a GroupPrincipal.

foreach(var principal in groupMembers)

would be a better choice in your case.