stackoom
  简体   繁体   中英

Active Directory groups

 原文  2013-05-24 15:03:35       c#/ asp.net/ active-directory

Question

I am trying to get a list of security groups in AD but I am not having much luck. When I check Active Directory Users and Computers MMC, I see: 

blah.blah.com (top)
Group 1
  Group1_1
  Group1_2
    Group1_2_1
Group2

and so on. What I need is all security groups in Group1_2_1 I tried using DirectoryEntry and DirectorySearcher using "(&(objectClass=group))" as search filter but I get things I can't even find in Active Directory Users and Computers MMC.

This is what I have in C# code: 

        // Binding path. 
        string strPath = "LDAP://<domain_name>.ABC.DEF.COM";

        // Binding object. 
        DirectoryEntry objADAM = default(DirectoryEntry);
        // Group Results. 
        DirectoryEntry objGroupEntry = default(DirectoryEntry);
        // Search object. 
        DirectorySearcher objSearchADAM = default(DirectorySearcher);
        // Results collection. 
        SearchResultCollection objSearchResults = default(SearchResultCollection);
        // Construct the binding string. 
        List<string> result = new List<string>();            

        // Get the AD LDS object. 
        try
        {
            objADAM = new DirectoryEntry(strPath);
            objADAM.RefreshCache();
        }
        catch (Exception e)
        {
            throw e;
        }

        // Get search object, specify filter and scope, 
        // perform search. 
        try
        {
            objSearchADAM = new DirectorySearcher(objADAM);
            objSearchADAM.Filter = "Group1_2_1 (groupType:1.2.840.113556.1.4.803:=2147483648)";
            //objSearchADAM.Filter = "(&(objectCategory=group)(OU=Group1_2)(OU=Group1_2_1))";
            objSearchADAM.SearchScope = SearchScope.Subtree;
            objSearchResults = objSearchADAM.FindAll();
        }

Thanks.

2 answers

solution1
 0 ACCPTED  2013-05-26 08:03:49

Try: Setting your base to: Group1_2_1 (groupType:1.2.840.113556.1.4.803:=2147483648)

for some more examples. -jim

solution2
 -1  2017-08-23 04:48:02

If this is for a single user security groups only then below is the one liner PowerShell script 

Get-ADPrincipalGroupMembership -Identity >samaccount< | Where-Object {$_.distinguishedname -notcontains "config"}| Where-Object {$_.GroupCategory -notmatch "distribution"} | select name

This will first get the complete membership of a user -> then remove the membership for the 'config' groups -> then filter out distribution groups -> lastly it will give you only the names of the security groups.

Regards, Avisekh

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Active Directory nested groups Active Directory Groups not being returned Windows Authentication with Active Directory Groups Nested Active Directory Groups in a Group Listing All Active Directory Groups Query Active Directory Groups With Additional Properties LDAP Find groups for a Active Directory User in .NET Map Active Directory Users to Internal Groups Active Directory groups not immediately available after creation Recursively search Active Directory for groups only
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM