[英]How do I access groups of a user in a parent domain?
I'm working in an instance where there are two AD domains Dom1 and Dom2. 我正在一个有两个AD域Dom1和Dom2的实例中工作。 There is a one way trust from the Dom1 to the Dom2 so that users in Dom1 can be authorized in Dom2. 有一种从Dom1到Dom2的信任关系,以便可以在Dom2中对Dom1中的用户进行授权。
My c# code does this just fine. 我的C#代码可以做到这一点。
However, in Dom2 when I go to pull the user's groups from a user in Dom1 I don't get anything. 但是,在Dom2中,当我从Dom1中的用户中拉出用户组时,我什么也没得到。 I do get a list of groups from users that exist in Dom2. 我确实从Dom2中存在的用户那里获得了一个组列表。
_DE.Path = "LDAP://RootDSE";
string szDomain = (string)_DE.Properties["defaultNamingContext"][0];
string obEntry = "LDAP://" + szDomain;
SearchResult res = ADExists("UserPrincipalName=" + szUPN, "User");
try
{
if (res != null)
{
_DE.Path = res.Path;
//szUserDN = res.Path;
if (_DE.Properties["memberOf"].Count > 1)
{
object[] groups = (object[])_DE.Properties["memberOf"].Value;
if (groups != null)
{
foreach (object group in groups)
{
string szGroup = group.ToString();
DataRow drAdd = dtGroups.NewRow();
drAdd["GroupName"] = group;
dtGroups.Rows.Add(drAdd);
}
}
}
Try using the System.DirectoryServices.AccountManagement
namespace instead: 尝试改用System.DirectoryServices.AccountManagement
命名空间:
static GroupPrincipal[] GetUserAuthorisationGroups(string userPrincipalName)
{
using (PrincipalContext context = new PrincipalContext(ContextType.Domain))
using (UserPrincipal user = UserPrincipal.FindByIdentity(context, IdentityType.UserPrincipalName, userPrincipalName))
{
return user.GetAuthorizationGroups().OfType<GroupPrincipal>().ToArray();
}
}
Then you can find groups by whatever way you want: 然后,您可以通过任意方式找到组:
GroupPrincipal[] groups = GetUserAuthorisationGroups(szUPN);
bool searchBySid = groups.Any(g => g.Sid == groupSid);
bool searchByDN = groups.Any(g => g.DistinguishedName == groupDN);
bool searchByName = groups.Any(g => g.Name == groupName);
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.