C# 获取 Active Directory 中的组成员资格 (memberOf) 列表
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/9480100/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Getting a list of groups membership (memberOf) in Active Directory
提问by Henry Meyer
I'am back with my Active Directory tool...
我带着我的 Active Directory 工具回来了...
I'am trying to list the groups in the "member of" attribute of a user. Below is the function I use:
我正在尝试在用户的“成员”属性中列出组。下面是我使用的函数:
public static DataTable ListGroupsByUser(string selectedOu)
{
DataTable groupListByUser = new DataTable();
String dom = "OU=" + selectedOu + ",OU=XXX,DC=XXX,DCXXX,DC=XXX,DC=XXX";
DirectoryEntry directoryObject = new DirectoryEntry("LDAP://" + dom);
DataColumn column;
DataRow row;
column = new DataColumn();
column.ColumnName = "ID";
groupListByUser.Columns.Add(column);
column = new DataColumn();
column.ColumnName = "User";
groupListByUser.Columns.Add(column);
column = new DataColumn();
column.ColumnName = "Groups";
groupListByUser.Columns.Add(column);
int i = 1;
foreach (DirectoryEntry child in directoryObject.Children)
{
row = groupListByUser.NewRow();
groupListByUser.Rows.Add(row);
row["ID"] = i++;
if (child.Properties["memberOf"].Value != null)
{
row["User"] = child.Properties["sAMAccountName"].Value.ToString();
row["Groups"] = child.Properties["memberOf"].Value.ToString();
}
else
{
row["Groups"] = "blabla";
}
}
return groupListByUser;
}
It returns the right group for users belonging to only one group. As soon as There's more than one group, it returns System.Object[].
它为仅属于一个组的用户返回正确的组。只要有多个组,它就会返回 System.Object[]。
How can I do to see all groups ?
我怎样才能看到所有组?
采纳答案by marc_s
If you're on .NET 3.5 and up, you should check out the System.DirectoryServices.AccountManagement(S.DS.AM) namespace. Read all about it here:
如果您使用 .NET 3.5 及更高版本,则应查看System.DirectoryServices.AccountManagement(S.DS.AM) 命名空间。在这里阅读所有相关信息:
- Managing Directory Security Principals in the .NET Framework 3.5
- MSDN docs on System.DirectoryServices.AccountManagement
Basically, you can define a domain context and easily find users and/or groups in AD:
基本上,您可以定义域上下文并轻松找到 AD 中的用户和/或组:
// set up domain context
PrincipalContext ctx = new PrincipalContext(ContextType.Domain);
// find a user
UserPrincipal user = UserPrincipal.FindByIdentity(ctx, "SomeUserName");
if(user != null)
{
var groups = user.GetGroups();
// or there's also:
//var authGroups = userByEmail.GetAuthorizationGroups()
}
The calls to GetGroups()or GetAuthorizationGroups()willreturn nested group membership, too - so no need for you to hunt those nested memberships anymore!
对GetGroups()或的调用也GetAuthorizationGroups()将返回嵌套的组成员身份 - 所以您不再需要寻找那些嵌套的成员身份了!
The new S.DS.AM makes it really easy to play around with users and groups in AD!
新的 S.DS.AM 使在 AD 中与用户和组一起玩变得非常容易!
回答by Oliver
The problem is your Properties["memberOf"].Value.ToString().
问题是你的Properties["memberOf"].Value.ToString().
I made a little investigation and this code worked for me:
我做了一些调查,这段代码对我有用:
var memberGroups = child.Properties["memberOf"].Value;
if (memberGroups.GetType() == typeof(string))
{
row["Groups"] = (String)memberGroups;
}
else if (memberGroups.GetType().IsArray)
{
var memberGroupsEnumerable = memberGroups as IEnumerable;
if (memberGroupsEnumerable != null)
{
var asStringEnumerable = memberGroupsEnumerable.OfType<object>().Select(obj => obj.ToString());
row["Groups"] = String.Join(", ", asStringEnumerable);
}
}
else
{
row["Groups"] = "No group found.";
}
It's not very cutebut it works and gives room for further improvements. ;-)
它不是很可爱,但它有效并为进一步改进提供了空间。;-)
