LDAP查询组成员身份
[英]LDAP query for group membership
问题描述
I'm trying to find an AD query to test if User A is part of Group B. 
我正在尝试找到一个AD查询以测试用户A是否是组B的一部分。
User A is member of Group A which is member of Group B; 用户A是组A的成员,而组A是组B的成员; hence, User A is really a member of Group B. 因此,用户A实际上是组B的成员。
I have tried looking at the information from http://msdn.microsoft.com/en-us/library/aa746475%28VS.85%29.aspx , but this looks like it's starting the search from the User and going down. 我尝试查看来自http://msdn.microsoft.com/zh-cn/library/aa746475%28VS.85%29.aspx的信息,但这看起来像是从用户开始搜索并向下搜索。 I need to be able to start from the Group and crawl the child objects. 我需要能够从组开始并爬行子对象。
1 个解决方案
解决方案1
0 已采纳 2012-05-30 20:35:37
If you're on .NET 3.5 and up, and using VB.NET or C# as your programming language, you should check out the System.DirectoryServices.AccountManagement (S.DS.AM) namespace. 如果您使用的是.NET 3.5及更高版本,并且使用VB.NET或C#作为编程语言,则应签出System.DirectoryServices.AccountManagement (S.DS.AM)命名空间。 Read all about it here: 在这里阅读所有内容:
- Managing Directory Security Principals in the .NET Framework 3.5 在.NET Framework 3.5中管理目录安全主体
- MSDN docs on System.DirectoryServices.AccountManagement System.DirectoryServices.AccountManagement上的MSDN文档
Basically, you can define a domain context and easily find users and/or groups in AD: 基本上,您可以定义域上下文并轻松找到AD中的用户和/或组:
// set up domain context
PrincipalContext ctx = new PrincipalContext(ContextType.Domain);
// find a user
UserPrincipal user = UserPrincipal.FindByIdentity(ctx, "SomeUserName");
if(user != null)
{
// find the group in question
GroupPrincipal group = GroupPrincipal.FindByIdentity(ctx, "YourGroupNameHere");
if(group != null)
{
bool isUserMemberOfThatGroup = user.IsMemberOf(group);
}
}
The new S.DS.AM makes it really easy to play around with users and groups in AD! 新的S.DS.AM使得与AD中的用户和组玩起来非常容易!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.