.net 如何确定AD组是否包含来自另一个(受信任)域的给定DirectoryEntry?
我正在尝试加强我的代码,以确定用户是否是给定广告组的成员。它基本上可以工作,除非组成员恰好来自另一个(受信任)域,因为它存储为foreignsecurityprincipal 鉴于我对要测试的组和要检查的帐户都有一个有效的DirectoryEntry对象,我需要一个DirectorySearcher筛选器字符串,该字符串允许我确认该帐户是否在该组中,即使该帐户是foreignsecurityprincipal (演示问题的VB.NET代码示例).net 如何确定AD组是否包含来自另一个(受信任)域的给定DirectoryEntry?,.net,active-directory,ldap,adsi,.net,Active Directory,Ldap,Adsi,我正在尝试加强我的代码,以确定用户是否是给定广告组的成员。它基本上可以工作,除非组成员恰好来自另一个(受信任)域,因为它存储为foreignsecurityprincipal 鉴于我对要测试的组和要检查的帐户都有一个有效的DirectoryEntry对象,我需要一个DirectorySearcher筛选器字符串,该字符串允许我确认该帐户是否在该组中,即使该帐户是foreignsecurityprincipal (演示问题的VB.NET代码示例) 好的。找到了。这是诀窍 我正在尝试加强我的代码,以
好的。找到了。这是诀窍 我正在尝试加强我的代码,以确定用户是否是给定广告组的成员。它基本上可以工作,除非组成员恰好来自另一个(受信任)域,因为它存储为foreignsecurityprincipal (VB.NET代码示例)
Dim ContainerGroup as DirectoryEntry = ... Code to get Group
Dim UserToCheckFor as DirectoryEntry = ... Code to get User
DSearcher = New DirectorySearcher(ContainerGroup, "(WHATCANIPUTINHERE)", New String() {"member;Range=0-5000"}, SearchScope.Base)
DSearcher.AttributeScopeQuery = "member"
'If an object is found, the account was in the group
Return (DSearcher.FindOne() IsNot Nothing)
Dim ContainerGroup as DirectoryEntry = ... Code to get Group
Dim UserToCheckFor as DirectoryEntry = ... Code to get User
DSearcher = New DirectorySearcher
Dim DSearcher As New DirectorySearcher(ContainerGroup, getLDAPQueryStringUsingSID(containedGroup), New String() {"member;Range=0-5000"}, SearchScope.Base)
Return (DSearcher.FindOne() IsNot Nothing)
** Helper Methods **
Private Function getLDAPQueryStringUsingSID(ByVal DEObject As DirectoryEntry) As String
Return "(objectSid=" + getSDDLSidForDirectoryEntry(DEObject) + ")"
End Function
Private Function getSDDLSidForDirectoryEntry(ByVal DEObject As DirectoryEntry) As String
Dim bytes As Byte() = CType(DEObject.Properties("objectSid").Value, Byte())
Dim sid As New System.Security.Principal.SecurityIdentifier(bytes, 0)
Return sid.ToString
End Function