[英]Given a GUID representing a user in Active Directory, how would I use this to determine the distinguished name?
Given a GUID representing a user in Active Directory, how would I use this to determine the user's "distinguished name" using C#? 给定一个代表Active Directory中用户的GUID,我如何使用它来使用C#确定用户的“专有名称”?
The GUID is retrieved earlier in our application using directoryEntry.Guid; 使用directoryEntry.Guid在我们的应用程序中先前检索GUID; MSDN Link
MSDN链接
As you've made it clear a GUID is what you're searching on, try this: 正如您已经明确指出GUID是您正在搜索的内容,请尝试以下操作:
using System;
using System.DirectoryServices.AccountManagement;
public static class DomainHelpers
{
public string GetDistinguishedName(string domain, string guid)
{
var context = new PrincipalContext(ContextType.Domain, domain);
var userPrincipal = UserPrincipal.FindByIdentity(context, IdentityType.Guid, guid);
return userPrincipal.DistinguishedName;
}
}
I've used this with IdentityType.Name
so can't be sure it'll work for IdentityType.Guid
, but it's worth a try. 我已将它与
IdentityType.Name
一起使用,因此无法确定它是否适用于IdentityType.Guid
,但值得一试。
You can get the distinguishedName from the DirectoryEntry directly: 您可以直接从DirectoryEntry获取distinguishedName:
public string GetDN(DirectoryEntry de)
{
return de.Properties["distinguishedName"].Value.ToString();
}
If you still need to bind via GUID you can do that as well: 如果你仍然需要通过GUID绑定,你也可以这样做:
public string GetDNviaGUID(Guid queryGuid)
{
DirectoryEntry de = new DirectoryEntry("LDAP://<GUID=" + queryGuid + ">");
return de.Properties["distinguishedName"].Value.ToString();
}
The following properties and methods don't work when you bind via GUID or SID: ADsPath, Name, Parent, GetObject, Create, Delete, CopyHere, MoveHere. 通过GUID或SID绑定时,以下属性和方法不起作用:ADsPath,Name,Parent,GetObject,Create,Delete,CopyHere,MoveHere。
You can get around this by retrieving the object via GUID, getting its distinguished name, and then binding using the DN. 您可以通过GUID检索对象,获取其可分辨名称,然后使用DN进行绑定来解决此问题。
You do not. 你不。 The GUID is not a conversion to start with, it is totally random unique.
GUID不是一个开始的转换,它是完全随机的唯一。
Basically, you have to have your SID, then CALL into active diretory and get the User object that has the same sid, then read out the distinguished name from that. 基本上,您必须拥有SID,然后CALL进入活动的diretory并获取具有相同sid的User对象,然后从中读出可分辨名称。 Note that this is not a CONVERSION, o that is why the answer is no.
请注意,这不是CONVERSION,这就是为什么答案是否定的原因。
if a conversion back would be possible, the SID would be useless for conversion purposes, as I could always generate a SID from your distinguished name, which is - within the domain - public. 如果转换回来是可能的,那么SID对于转换目的来说是无用的,因为我总是可以从你的专有名称生成一个SID,即在域内 - 公共。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.