[英]Syncing SQL and Active Directory. C# App NotImplementedException
[英]Active Directory. Work with DACL
我正在嘗試使用自己的靜態類來處理AD。 我寫了一個靜態方法:
public static void AddReadingAceForGroup(DirectoryEntry dirEntry, string groupName)
{
dirEntry.RefreshCache();
DirectoryEntry root = new DirectoryEntry("LDAP://192.168.1.1/ dc=mydomain,dc=ru");
using (DirectorySearcher ds = new DirectorySearcher(root, "CN="+groupName))
{
SearchResult sr = ds.FindOne();
root = sr.GetDirectoryEntry();
}
try
{
ActiveDirectoryAccessRule accessRule =
new ActiveDirectoryAccessRule(root.ObjectSecurity.GetGroup(typeof(SecurityIdentifier)),
ActiveDirectoryRights.GenericRead, AccessControlType.Allow);
dirEntry.ObjectSecurity.AddAccessRule(accessRule);
dirEntry.CommitChanges();
}
catch(Exception e)
{
}
}
在使用此功能之前,我使用遠程憑據模擬用戶,然后代碼無異常地工作,但沒有結果。 刪除ACE的類似功能工作正常。
最終的工作代碼是:
public static SecurityIdentifier GetGroupSid(string groupName, string domainControllerIp)
{
SecurityIdentifier sid = null;
using (PrincipalContext dcx = new PrincipalContext(ContextType.Domain, domainControllerIp))
{
GroupPrincipal group = GroupPrincipal.FindByIdentity(dcx, groupName);
if (group != null)
{
sid = group.Sid;
group.Dispose();
}
}
return sid;
}
public static void AddDaclsAceForGroup(DirectoryEntry dirEntry, string groupName, string ip)
{
SecurityIdentifier sid = GetGroupSid(groupName,ip);
try
{
ActiveDirectoryAccessRule accessRule =
new ActiveDirectoryAccessRule(sid,ActiveDirectoryRights.GenericRead, AccessControlType.Allow);
dirEntry.ObjectSecurity.AddAccessRule(accessRule);
dirEntry.CommitChanges();
}
catch(Exception e)
{
}
}
我剛剛與組SID有錯誤。 代碼工作得很完美,但這不是我所期待的。 對不起我的英文不好。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.