[英]C# Active Directory : get list temporary group membership?
I use the temporary (time-based) group membership mechanism in Active Directory for temporary user access to groups.我使用 Active Directory 中的临时(基于时间的)组成员身份机制来临时用户访问组。
By means of Powershell, it is very easy to add users:通过Powershell,添加用户非常简单:
$ts = New-TimeSpan -Start (Get-Date) -End (Get-date).AddSeconds(50000)
Add-ADGroupMember -Identity "mytest" -Members "kul" -MemberTimeToLive $ts
Then I can view the users and the remaining time and TTL:然后我可以查看用户和剩余时间和 TTL:
(Get-ADGroup 'mytest' -Property member -ShowMemberTimeToLive).member
<TTL=49891>,CN=kul,OU=Company,DC=test,DC=local
How can I use C# / LDAP to add and view users with their counters?如何使用 C# / LDAP 添加和查看用户及其计数器?
DirectoryEntry
or GroupPrincipal
?DirectoryEntry
或GroupPrincipal
正确获取此数据? I've discovered this is part of a control search control that is provided in your search.我发现这是您的搜索中提供的控件搜索控件的一部分。 1.2.840.113556.1.4.2309 - LDAP_SERVER_LINK_TTL_OID
1.2.840.113556.1.4.2309 - LDAP_SERVER_LINK_TTL_OID
This is a quick example of its use in S.DS.P这是它在 S.DS.P 中使用的一个简单示例
var groupDN = "Your Group DN";
var showttlcontrol = new System.DirectoryServices.Protocols.DirectoryControl("1.2.840.113556.1.4.2309", null, true, true);
var request = new SearchRequest();
request.Controls.Add(showttlcontrol);
request.DistinguishedName = groupDN;
request.Scope = SearchScope.Subtree;
request.Attributes.AddRange(new string[] { "member" });
var response = (SearchResponse)connection.SendRequest(request);
var enumerator = response.Entries.GetEnumerator();
if (enumerator.MoveNext() && enumerator.Current is SearchResultEntry entry) {
var member = entry.Attributes["member"].GetValues(typeof(string)).Select(x => (string)x).FirstOrDefault();
Console.WriteLine(member);
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.