1. 确认网络连接是否正常，尤其是3268/3269端口是否已开放。

2. 确认查询的账户是否具有足够的权限来访问根林域。可以使用以下代码测试：

    DirectoryEntry entry = new DirectoryEntry("LDAP://example.com:3268/DC=example,DC=com", "username", "password");
    try
    {
        DirectorySearcher searcher = new DirectorySearcher(entry);
        SearchResult result = searcher.FindOne();
        Console.WriteLine("Success");
    }
    catch (Exception ex)
    {
        Console.WriteLine(ex.Message);
    }
   

其中example.com应替换为根林域对应的DNS名称。如果成功输出“Success”，则表示账户权限正常。

3. 如果上述两点都正常，可以尝试在查询时添加以下代码，强制使用基于UDP的查询方式：

    DirectoryContext context = new DirectoryContext(DirectoryContextType.DirectoryServer, "example.com:3268", "username", "password");
    Domain domain = Domain.GetDomain(context);
    Forest forest = domain.Forest;
    GlobalCatalog gc = forest.FindGlobalCatalog();
    using (DirectorySearcher searcher = gc.GetDirectorySearcher())
    {
        searcher.SearchRoot = forest.RootDomain;
        searcher.Filter = "(objectClass=user)";
        searcher.SearchScope = SearchScope.Subtree;
        searcher.PropertyNamesOnly = false;
        searcher.CacheResults = false;
        SearchResultCollection results = searcher.FindAll();
        foreach (SearchResult result in results)
        {
            Console.WriteLine(result.Properties["samAccountName"][0].ToString());
        }
    }
   

如果可以正常执行且返回结果，则说明该方法可以解决该问题。