如何只从 Active Directory 中检索用户，而不是组

Question

I am having this code that returns list of users and groups from the Active Directory我有这段代码可以从 Active Directory 返回用户和组的列表

public ArrayList GetADGroupUsers(string groupNames)
{

    string[] strGrpNames = groupNames.Split(new char[] { ',' });
    string strTeamList = string.Empty;
    ArrayList userNames = new ArrayList();            
    string ADPassword = ConfigurationManager.AppSettings["ADPassword"];
    IAAccess_Transaction.drms_dataaccess drmsda = new IAAccess_Transaction.drms_dataaccess();
      
    string domainAndUsername = ConfigurationManager.AppSettings["domain"] + @"\" + ConfigurationManager.AppSettings["ADUserName"];
    string decriptedADPassword = drmsda.Decrypt(ADPassword);
    DirectoryEntry entry = new DirectoryEntry(_path, domainAndUsername, decriptedADPassword);

    //Bind to the native AdsObject to force authentication.
    object obj = entry.NativeObject;

    DirectorySearcher search = new DirectorySearcher(entry);

    foreach (string strGrp in strGrpNames)
    {
        search.Filter = String.Format("(cn={0})", strGrp);
        search.PropertiesToLoad.Add("member");

        SearchResult result = search.FindOne();

        if (result != null)
        {
            for (int counter = 0; counter <
                     result.Properties["member"].Count; counter++)
            {
                string user = (string)result.Properties["member"][counter];
                userNames.Add(user);
            }
        }
    }
    return userNames;
}

This code retrieves BOTH, users AND group as shown on the screenshot.此代码检索用户和组，如屏幕截图所示。 How can I modify this code to retrieve JUST users, NOT groups?我如何修改此代码以检索 JUST 用户，而不是组？

Answer 1

In order to include the nested group members, you need to lookup each entry and find out if it is a group or user.为了包含嵌套的组成员，您需要查找每个条目并确定它是组还是用户。 If it is a group, you can add to the groups you are already processing.如果是一个组，您可以添加到您已经在处理的组中。 Since C#/.Net doesn't have a built-in Deque class, I used LinkedList<T> instead.由于 C#/.Net 没有内置的双端队列 class，因此我改用了LinkedList<T> 。

public List<string> GetADGroupUsers(string groupNames) {
    LinkedList<string> strGrpNames = new(groupNames.Split(','));
    List<string> userNames = new();
    string ADPassword = ConfigurationManager.AppSettings["ADPassword"];
    string domainAndUsername = ConfigurationManager.AppSettings["domain"] + @"\" + ConfigurationManager.AppSettings["ADUserName"];
    string decryptedADPassword = drmsda.Decrypt(ADPassword);
    DirectoryEntry entry = new(_path, domainAndUsername, decryptedADPassword);

    //Bind to the native AdsObject to force authentication.
    object obj = entry.NativeObject;

    DirectorySearcher groupSearcher = new(entry);
    groupSearcher.PropertiesToLoad.Add("member");
    DirectorySearcher userSearcher = new(entry);
    userSearcher.PropertiesToLoad.Add("groupType");
    while (strGrpNames.Count > 0) {
        string strGrp = strGrpNames.First();
        strGrpNames.RemoveFirst();
        groupSearcher.Filter = $"(cn={strGrp})";
        SearchResult result = groupSearcher.FindOne();

        if (result != null) {
            var members = result.Properties["member"];
            for (int counter = 0; counter < members.Count; ++counter) {
                var user = (string)members[counter];
                var userCN = user.Substring(user.IndexOf('=')+1).Substring(0,user.IndexOf(',')-3);
                userSearcher.Filter = $"(cn={userCN})";
                SearchResult userProperties = userSearcher.FindOne();
                var userGroupType = userProperties.Properties["groupType"];
                if (userGroupType != null && userGroupType.Count > 0) // group
                    strGrpNames.AddFirst(userCN);
                else
                    userNames.Add(user);
            }
        }
    }
    return userNames;
}

如何只从 Active Directory 中检索用户，而不是组

问题描述

1 个解决方案

解决方案1
0 已采纳 2023-01-26 21:55:53

如何只从 Active Directory 中检索用户，而不是组

问题描述

1 个解决方案

解决方案1 0 已采纳 2023-01-26 21:55:53

解决方案1
0 已采纳 2023-01-26 21:55:53