windows 如何确定帐户的类型(AD 用户与 AD 组)?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/1845170/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to determine the type (AD User vs. AD Group) of an account?
提问by ddou
I have a question about determining the type (User or Group) of a account name.
For example, I have two strings, say "Adventure-works\david" and "Adventure-works\admins",
the first represents a user named david, and the second represents an AD group.
我有一个关于确定帐户名称类型(用户或组)的问题。
例如,我有两个字符串,分别是“Adventure-works\david”和“Adventure-works\admins”,第一个代表名为david 的用户,第二个代表一个AD 组。
My question is how can I determin the type(User or AD group) of these account? Are there convenient method I can use?
我的问题是如何确定这些帐户的类型(用户或 AD 组)?有什么方便的方法可以使用吗?
Any comments are appreciated. Thanks.
任何意见表示赞赏。谢谢。
回答by marc_s
What version of .NET are you on??
你用的是什么版本的.NET??
If you're on .NET 3.5, see this excellent MSDN articleon how the Active Directory interface has changed quite a bit.
如果您使用的是 .NET 3.5,请参阅这篇出色的MSDN 文章,了解 Active Directory 界面如何发生了相当大的变化。
If you're on .NET 3.5, you could write:
如果你使用 .NET 3.5,你可以这样写:
PrincipalContext ctx = new PrincipalContext(ContextType.Domain, "YOURDOMAIN");
Principal myObject = Principal.FindByIdentity(ctx, "your name value");
Typically, you'd have to pass in just the user name - the part after the backslash - not the whole DOMAIN\USERNAME string.
通常,您必须只传递用户名 - 反斜杠后面的部分 - 而不是整个 DOMAIN\USERNAME 字符串。
This "Principal" now either is a UserPrincipalor a GroupPrincipal(or it could some other type of principal, e.g. ComputerPrincipal):
这种“主要”现在要么是一个UserPrincipal或一个GroupPrincipal(或它可以一些其它类型的本金,例如ComputerPrincipal):
if(myObject is UserPrincipal)
{
// you have a user
}
else if(myObject is GroupPrincipal)
{
// you have a group
}
and you can go on from there.
你可以从那里继续。
If you're on .NET 1.x/2.0/3.0, you'd have to use the slightly more involved procedure of creating a DirectorySearcherand searching for your object:
如果您使用的是 .NET 1.x/2.0/3.0,则必须使用稍微复杂一些的创建DirectorySearcher和搜索对象的过程:
// create root DirectoryEntry for your search
DirectoryEntry deRoot = new DirectoryEntry("LDAP://dc=YourCompany,dc=com");
// create searcher
DirectorySearcher ds = new DirectorySearcher(deRoot);
ds.SearchScope = SearchScope.Subtree;
// define LDAP filter - all you can specify is the "anr" (ambiguous name
// resolution) attribute of the object you're looking for
ds.Filter = string.Format("(anr={0})", "YourNameValue");
// define properties you want in search result(s)
ds.PropertiesToLoad.Add("objectCategory");
ds.PropertiesToLoad.Add("displayName");
// search
SearchResult sr = ds.FindOne();
// check if we get anything back, and if we can check the "objectCategory"
// property in the search result
if (sr != null)
{
if(sr.Properties["objectCategory"] != null)
{
// objectType will be "Person" or "Group" (or something else entirely)
string objectType = sr.Properties["objectCategory"][0].ToString();
}
}
Marc
马克
回答by Just Shadow
Warning:In case of using DirectorySearcherthe accepted answer might fail, since objectCategoryit doesn't return consistent results.
警告:如果使用DirectorySearcher已接受的答案可能会失败,因为objectCategory它不会返回一致的结果。
Consider using objectClassinstead:
考虑使用objectClass:
SearchResult sr = ds.FindOne();
bool isUser = sr.Properties["objectClass"]?.Contains("user") == true;
// OR
bool isGroup = sr.Properties["objectClass"]?.Contains("group") == true;
