[英]Get nETBIOSName from a UserPrincipal object
I am using the System.DirectoryServices.AccountManagement part of the .Net library to interface into ActiveDirectory. 我正在使用.Net库的System.DirectoryServices.AccountManagement部分连接到ActiveDirectory。
Having called GetMembers() on a GroupPrincipal object and filter the results, I now have a collection of UserPrincipal objects 在GroupPrincipal对象上调用GetMembers()并过滤结果后,我现在有一个UserPrincipal对象的集合
GroupPrincipal myGroup; // population of this object omitted here
foreach (UserPrincipal user in myGroup.GetMembers(false).OfType<UserPrincipal>())
{
Console.WriteLine(user.SamAccountName);
}
The above code sample will print out usernames like "TestUser1". 上面的代码示例将打印出“TestUser1”之类的用户名。 I need to compare these to a list coming from another application in "DOMAIN\\TestUser1" format.
我需要将这些与来自“DOMAIN \\ TestUser1”格式的另一个应用程序的列表进行比较。
How do I get the "DOMAIN" part from the UserPrincipal object? 如何从UserPrincipal对象获取“DOMAIN”部分?
I can't just append a known domain name as there are multiple domains involved and I need to differentiate DOMAIN1\\TestUser1 and DOMAIN2\\TestUser2. 我不能只附加一个已知的域名,因为涉及多个域,我需要区分DOMAIN1 \\ TestUser1和DOMAIN2 \\ TestUser2。
You have two choices that I can think of. 你有两个我能想到的选择。
name@fully.qualified.domain.name
; name@fully.qualified.domain.name
; System.DirectoryServices
namespace. System.DirectoryServices
命名空间。 I don't know about UserPrincipal , neither do I about GroupPrincipal . 我不知道UserPrincipal ,我也不知道GroupPrincipal 。 On the other hand, I know of a working way to achive to what you want.
另一方面,我知道一种工作方式来实现你想要的东西。
[TestCase("LDAP://fully.qualified.domain.name", "TestUser1")]
public void GetNetBiosName(string ldapUrl, string login)
string netBiosName = null;
string foundLogin = null;
using (DirectoryEntry root = new DirectoryEntry(ldapUrl))
Using (DirectorySearcher searcher = new DirectorySearcher(root) {
searcher.SearchScope = SearchScope.Subtree;
searcher.PropertiesToLoad.Add("sAMAccountName");
searcher.Filter = string.Format("(&(objectClass=user)(sAMAccountName={0}))", login);
SearchResult result = null;
try {
result = searcher.FindOne();
if (result == null)
if (string.Equals(login, result.GetDirectoryEntry().Properties("sAMAccountName").Value))
foundLogin = result.GetDirectoryEntry().Properties("sAMAccountName").Value
} finally {
searcher.Dispose();
root.Dispose();
if (result != null) result = null;
}
}
if (!string.IsNullOrEmpty(foundLogin))
using (DirectoryEntry root = new DirectoryEntry(ldapUrl.Insert(7, "CN=Partitions,CN=Configuration,DC=").Replace(".", ",DC="))
Using DirectorySearcher searcher = new DirectorySearcher(root)
searcher.Filter = "nETBIOSName=*";
searcher.PropertiesToLoad.Add("cn");
SearchResultCollection results = null;
try {
results = searcher.FindAll();
if (results != null && results.Count > 0 && results[0] != null) {
ResultPropertyValueCollection values = results[0].Properties("cn");
netBiosName = rpvc[0].ToString();
} finally {
searcher.Dispose();
root.Dispose();
if (results != null) {
results.Dispose();
results = null;
}
}
}
Assert.AreEqual("INTRA\TESTUSER1", string.Concat(netBiosName, "\", foundLogin).ToUpperInvariant())
}
Other related information or links available in this SO question. 本SO问题中提供的其他相关信息或链接。
C# Active Directory: Get domain name of user? C#Active Directory:获取用户的域名?
How to find the NetBIOS name of a domain 如何查找域的NetBIOS名称
Use the ActiveDs COM library, it has built-in name translation that works and does not make any assumptions (like other answers here). 使用ActiveDs COM库,它具有内置名称转换功能,并且不做任何假设(如此处的其他答案)。
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using ActiveDs;
namespace Foo.Repository.AdUserProfile
{
public class ADUserProfileValueTranslate
{
public static string ConvertUserPrincipalNameToNetBiosName(string userPrincipleName)
{
NameTranslate nameTranslate = new NameTranslate();
nameTranslate.Set((int)ADS_NAME_TYPE_ENUM.ADS_NAME_TYPE_USER_PRINCIPAL_NAME, userPrincipleName);
return nameTranslate.Get((int) ADS_NAME_TYPE_ENUM.ADS_NAME_TYPE_NT4);
}
}
}
You could look for the possible domains in the user.DistinguishedName property. 您可以在user.DistinguishedName属性中查找可能的域。 A user in Domain 1 should contain the string "DC=DOMAIN1".
域1中的用户应包含字符串“DC = DOMAIN1”。 It definitely shouldn't contain the string "DC=DOMAIN2".
它绝对不应该包含字符串“DC = DOMAIN2”。
Have you tried passing the fully qualified domain name to this other app? 您是否尝试将完全限定的域名传递给其他应用? Most windows API's won't complain if you do
fully_qualified_domain\\USER
. 如果你使用
fully_qualified_domain\\USER
大多数windows API都不会抱怨。
正如对该问题的评论之一所述,我认为这是最近的一个很好的答案:
user.Sid.Translate(typeof(System.Security.Principal.NTAccount)).ToString()
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.