![](/img/trans.png)
[英]Return a list of all Active Directory groups a user belongs to in string[ ]
[英]In C#, how to access Active Directory to get the list of groups that a certain user belongs to?
在C#中,我如何访问Active Directory以获取某个用户所属的组的列表?
用户详细信息采用以下形式:
"MYDOMAIN\myuser"
我一直在按照这里的说明进行操作,但是只有在我在表格中输入用户详细信息时,它们才起作用:
"LDAP://sample.com/CN=MySurname MyFirstname,OU=General,OU=Accounts,DC=sample,DC=com"
因此,也许我要问的是,如何从第一个较短的表格转换为下面的完全合格表格?
非常感谢!
这可能会帮助...
using System.Collections;
using System.DirectoryServices;
/// <summary>
/// Gets the list of AD groups that a user belongs to
/// </summary>
/// <param name="loginName">The login name of the user (domain\login or login)</param>
/// <returns>A comma delimited list of the user's AD groups</returns>
public static SortedList GetADGroups(string loginName)
{
if (string.IsNullOrEmpty(loginName))
throw new ArgumentException("The loginName should not be empty");
SortedList ADGroups = new SortedList();
int backSlash = loginName.IndexOf("\\");
string userName = backSlash > 0 ? loginName.Substring(backSlash + 1) : loginName;
DirectoryEntry directoryEntry = new DirectoryEntry();
DirectorySearcher directorySearcher = new DirectorySearcher(directoryEntry, "(sAMAccountName=" + userName + ")");
SearchResult searchResult = directorySearcher.FindOne();
if (null != searchResult)
{
DirectoryEntry userADEntry = new DirectoryEntry(searchResult.Path);
// Invoke Groups method.
object userADGroups = userADEntry.Invoke("Groups");
foreach (object obj in (IEnumerable)userADGroups)
{
// Create object for each group.
DirectoryEntry groupDirectoryEntry = new DirectoryEntry(obj);
string groupName = groupDirectoryEntry.Name.Replace("cn=", string.Empty);
groupName = groupName.Replace("CN=", string.Empty);
if (!ADGroups.ContainsKey(groupName))
ADGroups.Add(groupName, groupName);
}
}
return ADGroups;
}
最后,我不得不从相反的角度来研究它,因为我必须验证来自单独(受信任)森林的成员。 因此,以下是查找给定组成员列表的代码:
/// <summary>
/// Finds the users in the given group. Eg groupName=My-Group-Name-Blah
/// returns an array of users eg: DOMAIN\user
/// </summary>
string[] UsersInGroup(string groupName)
{
List<String> users = new List<string>();
// First, find the group:
string query = string.Format("(CN={0})", groupName);
SearchResult searchResult = new DirectorySearcher(query).FindOne();
DirectoryEntry group = new DirectoryEntry(searchResult.Path);
// Find all the members
foreach (object rawMember in (IEnumerable)group.Invoke("members"))
{
// Grab this member's SID
DirectoryEntry member = new DirectoryEntry(rawMember);
byte[] sid = null;
foreach (object o in member.Properties["objectSid"]) sid = o as byte[];
// Convert it to a domain\user string
try
{
users.Add(
new SecurityIdentifier(sid, 0).Translate(typeof(NTAccount)).ToString());
}
catch { } // Some SIDs cannot be discovered - ignore these
}
return users.ToArray();
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.