堆栈内存溢出
  简体   繁体   English

如何访问父域中的用户组?

[英]How do I access groups of a user in a parent domain?

 原文  2014-02-27 05:02:08       c#/ active-directory/ active-directory-group

问题描述

I'm working in an instance where there are two AD domains Dom1 and Dom2. 我正在一个有两个AD域Dom1和Dom2的实例中工作。 There is a one way trust from the Dom1 to the Dom2 so that users in Dom1 can be authorized in Dom2. 有一种从Dom1到Dom2的信任关系,以便可以在Dom2中对Dom1中的用户进行授权。

My c# code does this just fine. 我的C#代码可以做到这一点。

However, in Dom2 when I go to pull the user's groups from a user in Dom1 I don't get anything. 但是,在Dom2中,当我从Dom1中的用户中拉出用户组时,我什么也没得到。 I do get a list of groups from users that exist in Dom2. 我确实从Dom2中存在的用户那里获得了一个组列表。 

            _DE.Path = "LDAP://RootDSE";
        string szDomain = (string)_DE.Properties["defaultNamingContext"][0];
        string obEntry = "LDAP://" + szDomain;
        SearchResult res = ADExists("UserPrincipalName=" + szUPN, "User");
        try
        {
            if (res != null)
            {
                _DE.Path = res.Path;
                //szUserDN = res.Path;
                if (_DE.Properties["memberOf"].Count > 1)
                {
                    object[] groups = (object[])_DE.Properties["memberOf"].Value;
                    if (groups != null)
                    {
                        foreach (object group in groups)
                        {
                            string szGroup = group.ToString();
                            DataRow drAdd = dtGroups.NewRow();
                            drAdd["GroupName"] = group;
                            dtGroups.Rows.Add(drAdd);
                        }
                    }
                }

1 个解决方案

解决方案1
 0  2014-02-27 10:31:08

Try using the System.DirectoryServices.AccountManagement namespace instead: 尝试改用System.DirectoryServices.AccountManagement命名空间: 

static GroupPrincipal[] GetUserAuthorisationGroups(string userPrincipalName)
{
    using (PrincipalContext context = new PrincipalContext(ContextType.Domain))
    using (UserPrincipal user = UserPrincipal.FindByIdentity(context, IdentityType.UserPrincipalName, userPrincipalName))
    {
        return user.GetAuthorizationGroups().OfType<GroupPrincipal>().ToArray();
    }
}

Then you can find groups by whatever way you want: 然后,您可以通过任意方式找到组: 

GroupPrincipal[] groups = GetUserAuthorisationGroups(szUPN);

bool searchBySid = groups.Any(g => g.Sid == groupSid);
bool searchByDN = groups.Any(g => g.DistinguishedName == groupDN);
bool searchByName = groups.Any(g => g.Name == groupName);

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何从 ASP.NET 用户控件中的父页面访问控件? - How do I access controls from the parent page from within an ASP.NET User Control? 如何访问 .NET Regex 中的命名捕获组? - How do I access named capturing groups in a .NET Regex? 如何限制整个控制器对某些组的访问? - How do I restrict access to certain groups for an entire controller? 如何在 .NET Core 3.1 的 C# 中检索域用户的所有本地组? - How can I retrieve all the local groups for a domain user in C# in .NET Core 3.1? 获取本地组,而不是域用户的主要组 - get local groups and not the primary groups for a domain user 如何在指定用户名和域时获取用户的广告组 - How to get AD groups a user is in specifying username and domain 如何访问我知道的变量的父级 class? - How do I access a class that is the parent of a variable which I know? 如何从未加入域的计算机中获取用户的域名? - How do I get the domain name of a user from a machine not joined to the domain? 如何在XAML中访问父模板样式的元素? - How do I access an element of a parent template style in XAML? 如何在不需要管理员权限的情况下访问Microsoft Graph API中已登录用户的组? - How can I access the signed in user's groups in Microsoft's Graph API without needing admin priviledges?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM