堆栈内存溢出
  简体   繁体   English

通过C#继承Active Directory权限

[英]Inherit Active Directory permissions via C#

 原文  2009-12-11 15:59:09       c#/ active-directory/ permissions

问题描述

Edit: It seems it doesn't work. 编辑:看来这行不通。 Some permissions aren't copied over it seems. 似乎没有复制某些权限。 This is inside an Active Directory for Exchange 2010. In the screenshot, there's the user "RTCUniversalUserReadOnlyGroup", with the "permission" column empty. 它位于Exchange 2010的Active Directory中。在屏幕快照中,用户“ RTCUniversalUserReadOnlyGroup”的“权限”列为空。 Those permissions don't get copied over at all. 这些权限根本不会被复制。 Any tips? 有小费吗?

I'm currently having to uncheck the "Include inheritable permissions from this object's parent" checkbox in Active Directory in a programmatic way. 我目前必须以编程方式在Active Directory中取消选中“包括从该对象的父级继承的权限”复选框。

EDIT: Had to put the image back in URL form: http://i47.tinypic.com/2a8fed5.jpg 编辑:必须将图像放回URL形式: http : //i47.tinypic.com/2a8fed5.jpg

I figured the way to actually uncheck it, but when you do it through the interface, it asks you if you want to copy the current permissions or remove them. 我想出了一种实际取消选中它的方法,但是当您通过界面进行操作时,它会询问您是否要复制当前权限或删除它们。

Only way I found is to manually list the permissions, put them in a temporary variable and then re-add them after the checkbox was removed. 我发现的唯一方法是手动列出权限,将其放入一个临时变量中,然后在删除复选框后重新添加它们。 

        using (DirectoryEntry entry = new DirectoryEntry(myPath))
        {
            List<ActiveDirectoryAccessRule> rules = new List<ActiveDirectoryAccessRule>();
            foreach (object ruleObject in entry.ObjectSecurity.GetAccessRules(false, true, typeof(SecurityIdentifier)))
            {
                ActiveDirectoryAccessRule rule = ruleObject as ActiveDirectoryAccessRule;
                if (rule.IsInherited)
                {
                    rules.Add(rule);
                }
            }

            foreach (object ruleObject in entry.ObjectSecurity.GetAccessRules(false, true, typeof(NTAccount)))
            {
                ActiveDirectoryAccessRule rule = ruleObject as ActiveDirectoryAccessRule;
                if (rule.IsInherited)
                {
                    rules.Add(rule);
                }
            }

            entry.ObjectSecurity.SetAccessRuleProtection(true, false);

            foreach (var rule in rules)
            {
                entry.ObjectSecurity.AddAccessRule(rule);
            }
            entry.CommitChanges();
        }

I'm wondering if there's a better way to do this and if I'm missing something. 我想知道是否有更好的方法可以做到这一点,以及是否缺少任何东西。 It seems to work fine for now, but it feels like a hack that will come bite me in the ass once the project will be deployed. 目前看来,它可以正常工作,但是一旦项目部署完成,它就会像是被黑客入侵。

1 个解决方案

解决方案1
 0 已采纳  2009-12-11 18:25:09

I'm an idiot, the solution was simply to use 我是个白痴,解决方案只是使用 

entry.ObjectSecurity.SetAccessRuleProtection(true, true);

instead of 代替 

entry.ObjectSecurity.SetAccessRuleProtection(true, false);

I guess I can't read! 我想我看不懂!

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 C#向Active Directory中的每个人授予权限 - C# Give Permissions to Everyone in Active Directory C#Active Directory主体上下文权限 - C# Active Directory Principalcontext Permissions 通过C#删除Active Directory中的用户 - Delete an user in Active Directory via C# c#通过WMI的Active Directory - c# Active Directory via WMI 通过C#解锁Active Directory帐户 - Unlock an Active Directory account via C# 是否有一个C#库,其行为类似于Active Directory的权限和组? - Is there a C# library that behaves like Active Directory's Permissions and Groups? 使用C#在Active Directory中创建新组并设置权限 - Creating a new group and setting permissions in Active Directory using C# C#代码,用于设置远程共享以从其父目录继承权限 - C# code to set a remote share to inherit permissions from its parent directory 通过C#从Active Directory提取数据时发生异常 - Exception while fetching data from Active Directory via C# 如何在C#中通过LDAPS连接到Active Directory? - How to connect to Active Directory via LDAPS in C#?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM