stackoom
  简体   繁体   中英

Get users from an AD group

 原文  2011-05-17 14:10:46       c#/ active-directory

Question

I have this code to work with users from a group 

DirectorySearcher myGroupSearcher = new DirectorySearcher(myDirectoryEntry);
myGroupSearcher.Filter = String.Format("(&(objectClass=group)(|(cn={0})(dn={0})))", strGroupName);
myGroupSearcher.PropertiesToLoad.Add("member");

SearchResult myGroupSearchResult = myGroupSearcher.FindOne();

if (myGroupSearchResult != null)
{
    ResultPropertyValueCollection myUsersInGroup = myGroupSearchResult.Properties["member"];

    int intMemberCount = myUsersInGroup.Count;

    for (int i = 0; i < intMemberCount; i++)
    {
        //Split the current result
        string[] strProperites = myUsersInGroup[i].ToString().Split(',');

        //Get the CN
        string strUsername = strProperites[0].Substring(3);

        DirectorySearcher myUserSearcher = new DirectorySearcher(myDirectoryEntry);
        myUserSearcher.Filter = String.Format("(&(objectClass=user)(|(cn={0})(sAMAccountName={0})))", strUsername);
        myUserSearcher.PropertiesToLoad.Add("memberOf");

        SearchResult myUserSearchResult = myUserSearcher.FindOne();

        //Do some work
    }
}

This works for most users, but for some, the strUsername gets turncated depending on how the customers AD looks like (if the user have a CN containing ,). So this solution isnt the most optimal to use. Is there a way to get the samaccount name when searching for members in a group? Or is there a better way?

3 answers

solution1
 7  2011-05-17 14:18:52

Assuming you're on .NET 3.5 or newer (or can upgrade to it), you should check out the System.DirectoryServices.AccountManagement (S.DS.AM) namespace. Read all about it here:

Managing Directory Security Principals in the .NET Framework 3.5

Basically, you can define a domain context and easily find users and/or groups in AD: 

// set up domain context
PrincipalContext ctx = new PrincipalContext(ContextType.Domain);

// find the group in question
GroupPrincipal group = GroupPrincipal.FindByIdentity(ctx, "YourGroupNameHere");

// if found....
if (group != null)
{
   // iterate over members
   foreach (Principal p in group.GetMembers())
   {
      Console.WriteLine("{0}: {1}", p.StructuralObjectClass, p.DisplayName);
      // do whatever you need to do to those members
   }
}

The new S.DS.AM makes it really easy to play around with users and groups in AD:

solution2
 0 ACCPTED  2011-05-17 14:18:00

string[] strProperites = myUsersInGroup[i].ToString().Split(new string[] { "cn=" }, StringSplitOptions.RemoveEmptyEntries);

solution3
 0  2011-05-17 14:19:09

It might be an option to use the System.DirectoryServices.AccountManagement classes instead of the DirectorySearcher. There is a GroupPrincipal class which has a Members property that contains the UserPrincipal objects.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Get all AD users from Specified Group Get users from an AD Security group inside a SharePoint group Get Users in Group from Azure AD via Microsoft Graph Get List of Users From Active Directory In A Given AD Group AD get users in group with inherited memberships Get all users from AD domain Graph API get users from Azure AD Get AD users and groups from client How to find users in AD that belong to a group, and just get their SAMAccountName, and SID? How to hide links from users that aren't part of AD Group
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM