Active directory Active Directory子组搜索_Active Directory_Active Directory Group

Active directory Active Directory子组搜索

active-directory

Active directory Active Directory子组搜索,active-directory,active-directory-group,Active Directory,Active Directory Group,我需要有一个根广告组，并需要枚举其所有子组。我有一个连接到AD服务器并尝试检索子组列表的代码代码如下： private IEnumerable<SearchResult> GetSubGroups(string groupId) { using (var searcher = new DirectorySearcher(new DirectoryEntry(adServerName, adLogin, adPassword))

我需要有一个根广告组，并需要枚举其所有子组。我有一个连接到AD服务器并尝试检索子组列表的代码

代码如下：

        private IEnumerable<SearchResult> GetSubGroups(string groupId)
        {
            using (var searcher = new DirectorySearcher(new DirectoryEntry(adServerName, adLogin, adPassword)))
            {

                searcher.Filter = string.Format("(&(objectClass=group)({0}))", groupId);
                //Get the Root Group
                var result = searcher.FindOne();
                object resultMembers = result.GetDirectoryEntry().Invoke("Members", null);

                foreach(var member in ((IEnumerable) resultMembers))
                {
                    var memberEntry = new DirectoryEntry(member);

                    var subgroupsSearcher = new DirectorySearcher(memberEntry);
                    subgroupsSearcher.Filter = "(objectClass=group)";
                    subgroupsSearcher.PropertiesToLoad.Add("samaccountname");
                    subgroupsSearcher.PropertiesToLoad.Add("name");

                    var foundSubGroupResult = subgroupsSearcher.FindOne();

                    ...
                }

                return new List<SearchResult> {result};
            }
    }

异常的消息属性显示：

“发生操作错误”

我已经记录了错误代码，它是

-2147016672

从子组对象创建DirectoryEntry时，我还尝试隐式初始化UserName属性：

foreach(var member in ((IEnumerable) resultMembers))
                    {
                        var memberEntry = new DirectoryEntry(member);
                        memberEntry.Username = adLogin;
                        var subgroupsSearcher = new DirectorySearcher(memberEntry)

                        ...
                    }

但结果是一样的

我做错了什么？任何帮助都是值得的。

这里有一段代码。它允许使用递归筛选器see检索类“

group

”（您称之为子组的东西）的组的所有成员

不确定为什么要调用Invoke（“成员”）。您只需要让DirectorySearcher返回组的成员属性。您需要处理两件事：

属性值范围-
嵌套循环-您的代码将需要跟踪您已经扩展的组，这样您就不会一遍又一遍地这样做

可能是打字错误，但不管FindOne如何，您还是调用了一个名为FindAOne的函数。这是一个打印错误，已修复。在我调用FindOne（）的代码中

foreach(var member in ((IEnumerable) resultMembers))
                    {
                        var memberEntry = new DirectoryEntry(member);
                        memberEntry.Username = adLogin;
                        var subgroupsSearcher = new DirectorySearcher(memberEntry)

                        ...
                    }

static void Main(string[] args)
{
  /* Connection to Active Directory
   */
  string sFromWhere = "LDAP://WM2008R2ENT:389/dc=dom,dc=fr";
  DirectoryEntry deBase = new DirectoryEntry(sFromWhere, "dom\\jpb", "test.2011");

  /* To find all the groups member of groups "Grp1"  :
   * Set the base to the groups container DN; for example root DN (dc=societe,dc=fr) 
   * Set the scope to subtree
   * Use the following filter :
   * (member:1.2.840.113556.1.4.1941:=CN=Grp1,OU=MonOu,DC=X)
   * coupled with a AND Bit filter on userAccountControl
   */
  DirectorySearcher dsLookFor = new DirectorySearcher(deBase);
  dsLookFor.Filter = "(&(memberof:1.2.840.113556.1.4.1941:=CN=MonGrpSec,OU=MonOu,DC=dom,DC=fr)(objectClass=group))";
  dsLookFor.SearchScope = SearchScope.Subtree;
  dsLookFor.PropertiesToLoad.Add("cn");

  SearchResultCollection srcGroups = dsLookFor.FindAll();

  /* Just to write some result
   */
  foreach (SearchResult srcGroup in srcGroups)
  {
    Console.WriteLine("{0}", srcGroup.Path);
  }

  Console.ReadLine();
}