如何在具有子组的Active Directory组中找到用户?
[英]How I can find a user in Active Directory Group with SubGroups?
问题描述
I have a Problem with ASP.NET and Active Directory. 
我有ASP.NET和Active Directory的问题。
I want to find out whether the User is in a Groupe of the Active Directory and if he is in this Group he can see more. 我想知道用户是否在Active Directory的Groupe中,如果他在这个组中,他可以看到更多。 For this I write a Function with a filterstring. 为此我用一个filterstring编写一个Function。 The Problem is that in our company we switch the Groups and the structure is not static. 问题是,在我们公司,我们切换组,结构不是静态的。 For this I search the Group first and than I search a user in the Group with the parameter member-of... 为此,我首先搜索组,然后搜索组中的用户,参数member-of ...
here is the structure of our AD: 这是我们AD的结构:
Here is my Code for saerch the group: 这是我的搜索组的代码:
public string GetGroup(string groupname)
{
string path = "<OurDomain>";
DirectoryEntry rootEntry = new DirectoryEntry(path);
DirectorySearcher srch = new DirectorySearcher(rootEntry);
srch.SearchScope = SearchScope.Subtree;
srch.Filter = "(&(objectCategory=Group)(name=" + groupname + "))";
SearchResult resFilter = srch.FindOne();
string filterpath = resFilter.Path;
return filterpath;
}
My method for find the user: 我找到用户的方法:
public bool IsUserInGroup(string username,string groupepath)
{
string path = "<OurDomain>";
DirectoryEntry rootEntry = new DirectoryEntry(path);
DirectorySearcher srch = new DirectorySearcher(rootEntry);
srch.SearchScope = SearchScope.Subtree;
srch.Filter = "(&(objectClass=user)(sAMAccountName=*" + username + "*)(memberof=CN=GastzugangUser,OU=SubFolderB,OU=FolderB,DC=company,DC=com))";
SearchResultCollection res = srch.FindAll();
if (res == null || res.Count <= 0)
{
return false;
}
else
{
return true;
}
}
How I can search a User in the SubGroups of a Group and that dynamic? 如何在组的子组中搜索用户和该动态? :( :(
2 个解决方案
解决方案1
1 已采纳 2013-01-09 12:12:59
Didn't try that but does adding this to the filter help? 没有尝试,但将此添加到过滤器帮助? http://ldapwiki.willeke.com/wiki/1.2.840.113556.1.4.1941 http://ldapwiki.willeke.com/wiki/1.2.840.113556.1.4.1941
eg 例如
(&(objectClass=user)(sAMAccountName=*" + username + "*)(memberof:1.2.840.113556.1.4.1941:=CN=GastzugangUser,OU=SubFolderB,OU=FolderB,DC=company,DC=com))";
解决方案2
1 2013-01-09 12:18:45
If you're on .NET 3.5 and up, you should check out the System.DirectoryServices.AccountManagement (S.DS.AM) namespace. 如果您使用的是.NET 3.5及更高版本,则应该查看System.DirectoryServices.AccountManagement (S.DS.AM)命名空间。 Read all about it here: 在这里阅读所有相关内容:
- Managing Directory Security Principals in the .NET Framework 3.5 管理.NET Framework 3.5中的目录安全性主体
- MSDN docs on System.DirectoryServices.AccountManagement System.DirectoryServices.AccountManagement上的MSDN文档
Basically, you can define a domain context and easily find users and/or groups in AD: 基本上,您可以定义域上下文并轻松查找AD中的用户和/或组:
// set up domain context
using (PrincipalContext ctx = new PrincipalContext(ContextType.Domain))
{
// find a user
UserPrincipal user = UserPrincipal.FindByIdentity(ctx, "SomeUserName");
if(user != null)
{
// GetAuthorizationGroups returns a list of GroupPrincipals and work recursively
var groupsForUser = user.GetAuthorizationGroups();
// then check to see if that group you want it part of this list
}
}
The new S.DS.AM makes it really easy to play around with users and groups in AD! 新的S.DS.AM使得在AD中与用户和群组玩游戏变得非常容易!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.