在C#中,如何访问Active Directory以获取某个用户所属组的列表?
在C#中,如何访问Active Directory以获取某个用户所属的组列表 用户详细信息如下表所示:在C#中,如何访问Active Directory以获取某个用户所属组的列表?,c#,asp.net,active-directory,ldap,C#,Asp.net,Active Directory,Ldap,在C#中,如何访问Active Directory以获取某个用户所属的组列表 用户详细信息如下表所示: "MYDOMAIN\myuser" "LDAP://sample.com/CN=MySurname MyFirstname,OU=General,OU=Accounts,DC=sample,DC=com" 我一直在关注,但只有当我在表单中有用户详细信息时,它们才起作用: "MYDOMAIN\myuser" "LDAP://sample.com/CN=MySurname MyFirstna
"MYDOMAIN\myuser"
"LDAP://sample.com/CN=MySurname MyFirstname,OU=General,OU=Accounts,DC=sample,DC=com"
我一直在关注,但只有当我在表单中有用户详细信息时,它们才起作用:
"MYDOMAIN\myuser"
"LDAP://sample.com/CN=MySurname MyFirstname,OU=General,OU=Accounts,DC=sample,DC=com"
所以,也许我想问的是,如何从第一个较短的表格到下面的完全限定表格
非常感谢 这可能会有帮助
using System.Collections;
using System.DirectoryServices;
/// <summary>
/// Gets the list of AD groups that a user belongs to
/// </summary>
/// <param name="loginName">The login name of the user (domain\login or login)</param>
/// <returns>A comma delimited list of the user's AD groups</returns>
public static SortedList GetADGroups(string loginName)
{
if (string.IsNullOrEmpty(loginName))
throw new ArgumentException("The loginName should not be empty");
SortedList ADGroups = new SortedList();
int backSlash = loginName.IndexOf("\\");
string userName = backSlash > 0 ? loginName.Substring(backSlash + 1) : loginName;
DirectoryEntry directoryEntry = new DirectoryEntry();
DirectorySearcher directorySearcher = new DirectorySearcher(directoryEntry, "(sAMAccountName=" + userName + ")");
SearchResult searchResult = directorySearcher.FindOne();
if (null != searchResult)
{
DirectoryEntry userADEntry = new DirectoryEntry(searchResult.Path);
// Invoke Groups method.
object userADGroups = userADEntry.Invoke("Groups");
foreach (object obj in (IEnumerable)userADGroups)
{
// Create object for each group.
DirectoryEntry groupDirectoryEntry = new DirectoryEntry(obj);
string groupName = groupDirectoryEntry.Name.Replace("cn=", string.Empty);
groupName = groupName.Replace("CN=", string.Empty);
if (!ADGroups.ContainsKey(groupName))
ADGroups.Add(groupName, groupName);
}
}
return ADGroups;
}
使用系统集合;
使用System.DirectoryServices;
///
///获取用户所属的广告组列表
///
///用户的登录名(域\登录或登录)
///以逗号分隔的用户广告组列表
公共静态分类列表GetADGroups(字符串登录名)
{
if(string.IsNullOrEmpty(loginName))
抛出新ArgumentException(“登录名不应为空”);
SortedList ADGroups=新SortedList();
int反斜杠=loginName.IndexOf(“\\”);
字符串用户名=反斜杠>0?登录名。子字符串(反斜杠+1):登录名;
DirectoryEntry DirectoryEntry=新的DirectoryEntry();
DirectorySearcher DirectorySearcher=新的DirectorySearcher(directoryEntry,“(sAMAccountName=“+userName+”);
SearchResult SearchResult=directorySearcher.FindOne();
如果(null!=搜索结果)
{
DirectoryEntry userADEntry=新的DirectoryEntry(searchResult.Path);
//调用组方法。
object userADGroups=userADEntry.Invoke(“组”);
foreach(IEnumerable用户组中的对象对象)
{
//为每个组创建对象。
DirectoryEntry组DirectoryEntry=新的DirectoryEntry(obj);
string groupName=groupDirectoryEntry.Name.Replace(“cn=,string.Empty”);
groupName=groupName.Replace(“CN=”,string.Empty);
如果(!ADGroups.ContainsKey(groupName))
ADGroups.Add(groupName,groupName);
}
}
返回广告组;
}
这可能会有帮助
using System.Collections;
using System.DirectoryServices;
/// <summary>
/// Gets the list of AD groups that a user belongs to
/// </summary>
/// <param name="loginName">The login name of the user (domain\login or login)</param>
/// <returns>A comma delimited list of the user's AD groups</returns>
public static SortedList GetADGroups(string loginName)
{
if (string.IsNullOrEmpty(loginName))
throw new ArgumentException("The loginName should not be empty");
SortedList ADGroups = new SortedList();
int backSlash = loginName.IndexOf("\\");
string userName = backSlash > 0 ? loginName.Substring(backSlash + 1) : loginName;
DirectoryEntry directoryEntry = new DirectoryEntry();
DirectorySearcher directorySearcher = new DirectorySearcher(directoryEntry, "(sAMAccountName=" + userName + ")");
SearchResult searchResult = directorySearcher.FindOne();
if (null != searchResult)
{
DirectoryEntry userADEntry = new DirectoryEntry(searchResult.Path);
// Invoke Groups method.
object userADGroups = userADEntry.Invoke("Groups");
foreach (object obj in (IEnumerable)userADGroups)
{
// Create object for each group.
DirectoryEntry groupDirectoryEntry = new DirectoryEntry(obj);
string groupName = groupDirectoryEntry.Name.Replace("cn=", string.Empty);
groupName = groupName.Replace("CN=", string.Empty);
if (!ADGroups.ContainsKey(groupName))
ADGroups.Add(groupName, groupName);
}
}
return ADGroups;
}
使用系统集合;
使用System.DirectoryServices;
///
///获取用户所属的广告组列表
///
///用户的登录名(域\登录或登录)
///以逗号分隔的用户广告组列表
公共静态分类列表GetADGroups(字符串登录名)
{
if(string.IsNullOrEmpty(loginName))
抛出新ArgumentException(“登录名不应为空”);
SortedList ADGroups=新SortedList();
int反斜杠=loginName.IndexOf(“\\”);
字符串用户名=反斜杠>0?登录名。子字符串(反斜杠+1):登录名;
DirectoryEntry DirectoryEntry=新的DirectoryEntry();
DirectorySearcher DirectorySearcher=新的DirectorySearcher(directoryEntry,“(sAMAccountName=“+userName+”);
SearchResult SearchResult=directorySearcher.FindOne();
如果(null!=搜索结果)
{
DirectoryEntry userADEntry=新的DirectoryEntry(searchResult.Path);
//调用组方法。
object userADGroups=userADEntry.Invoke(“组”);
foreach(IEnumerable用户组中的对象对象)
{
//为每个组创建对象。
DirectoryEntry组DirectoryEntry=新的DirectoryEntry(obj);
string groupName=groupDirectoryEntry.Name.Replace(“cn=,string.Empty”);
groupName=groupName.Replace(“CN=”,string.Empty);
如果(!ADGroups.ContainsKey(groupName))
ADGroups.Add(groupName,groupName);
}
}
返回广告组;
}
最后,我不得不从相反的角度接近它,因为我必须验证来自独立(受信任)林的成员。下面是查找给定组成员列表的代码:
/// <summary>
/// Finds the users in the given group. Eg groupName=My-Group-Name-Blah
/// returns an array of users eg: DOMAIN\user
/// </summary>
string[] UsersInGroup(string groupName)
{
List<String> users = new List<string>();
// First, find the group:
string query = string.Format("(CN={0})", groupName);
SearchResult searchResult = new DirectorySearcher(query).FindOne();
DirectoryEntry group = new DirectoryEntry(searchResult.Path);
// Find all the members
foreach (object rawMember in (IEnumerable)group.Invoke("members"))
{
// Grab this member's SID
DirectoryEntry member = new DirectoryEntry(rawMember);
byte[] sid = null;
foreach (object o in member.Properties["objectSid"]) sid = o as byte[];
// Convert it to a domain\user string
try
{
users.Add(
new SecurityIdentifier(sid, 0).Translate(typeof(NTAccount)).ToString());
}
catch { } // Some SIDs cannot be discovered - ignore these
}
return users.ToArray();
}
//
///查找给定组中的用户。例如groupName=我的组名等等
///返回用户数组,例如:域\用户
///
字符串[]用户组(字符串组名)
{
列表用户=新列表();
//首先,找到小组:
string query=string.Format(“(CN={0})”,groupName);
SearchResult SearchResult=new DirectorySearcher(query).FindOne();
DirectoryEntry组=新的DirectoryEntry(searchResult.Path);
//查找所有成员
foreach(对象为(IEnumerable)组中的成员。调用(“成员”))
{
//获取此成员的SID
DirectoryEntry成员=新的DirectoryEntry(rawMember);
字节[]sid=null;
foreach(member.Properties[“objectSid”]中的对象o)sid=o作为字节[];
//将其转换为域\用户字符串
尝试
{
用户。添加(
新的SecurityIdentifier(sid,0).Translate(typeof(NTAccount)).ToString();
}
catch{}//无法发现某些SID-忽略这些
}
返回users.ToArray();
}
最后,我不得不从相反的角度接近它,因为我必须验证来自独立(受信任)林的成员。下面是查找给定组成员列表的代码:
/// <summary>
/// Finds the users in the given group. Eg groupName=My-Group-Name-Blah
/// returns an array of users eg: DOMAIN\user
/// </summary>
string[] UsersInGroup(string groupName)
{
List<String> users = new List<string>();
// First, find the group:
string query = string.Format("(CN={0})", groupName);
SearchResult searchResult = new DirectorySearcher(query).FindOne();
DirectoryEntry group = new DirectoryEntry(searchResult.Path);
// Find all the members
foreach (object rawMember in (IEnumerable)group.Invoke("members"))
{
// Grab this member's SID
DirectoryEntry member = new DirectoryEntry(rawMember);
byte[] sid = null;
foreach (object o in member.Properties["objectSid"]) sid = o as byte[];
// Convert it to a domain\user string
try
{
users.Add(
new SecurityIdentifier(sid, 0).Translate(typeof(NTAccount)).ToString());
}
catch { } // Some SIDs cannot be discovered - ignore these
}
return users.ToArray();
}
//
///查找给定组中的用户。例如groupName=我的组名等等
///返回用户数组,例如:域\用户
///
字符串[]用户组(字符串组名)
{
列表用户=新列表();
//首先,找到小组:
string query=string.Format(“(CN={0})”,groupName);
SearchResult SearchResult=new DirectorySearcher(query).FindOne();
DirectoryEntry组=新的DirectoryEntry(searchResult.Path);
//查找所有成员
foreach(对象为(IEnumerable)组中的成员。调用(“成员”))
{
//获取此成员的SID
DirectoryEntry成员=新的DirectoryEntry(rawMember);
字节[]sid=null;
foreach(member.Properties[“objectSid”]中的对象o)sid=o作为字节[];
//将其转换为域\用户字符串
尝试
{
用户。添加(
新的SecurityIdentifier(sid,0).Translate(typeof(NTAccount)).ToString();
}
catch{}//无法发现某些SID-忽略这些
}
返回users.ToArray();
}
我碰巧在生产环境中运行了一段时间的助手类中有这个方法。那么,这是在Windows20上测试的