个人中心
gpt4 book ai didi

c# - 如何知道 DirectoryEntry 是用户还是组?

转载 作者:太空狗 更新时间:2023-10-29 21:41:36 30 4
gpt4 key购买 nike

你好,

我有以下代码从当前 AD 创建树:

public static ActiveDirectory GetActiveDirectoryTree(string pathToAD = "")
{
    DirectoryEntry objADAM = default(DirectoryEntry);
    // Binding object. 
    DirectoryEntry objGroupEntry = default(DirectoryEntry);
    // Group Results. 
    DirectorySearcher objSearchADAM = default(DirectorySearcher);
    // Search object. 
    SearchResultCollection objSearchResults = default(SearchResultCollection);
    // Binding path. 
    ActiveDirectory result = new ActiveDirectory();
    ActiveDirectoryItem treeNode;

    // Get the AD LDS object. 
    try
    {
        if (pathToAD.Length > 0)
            objADAM = new DirectoryEntry();
        else
            objADAM = new DirectoryEntry(pathToAD);
        objADAM.RefreshCache();
    }
    catch (Exception e)
    {
        throw e;
    }

    // Get search object, specify filter and scope, 
    // perform search. 
    try
    {
        objSearchADAM = new DirectorySearcher(objADAM);
        objSearchADAM.Filter = "(&(objectClass=group))";
        objSearchADAM.SearchScope = SearchScope.Subtree;
        objSearchResults = objSearchADAM.FindAll();
    }
    catch (Exception e)
    {
        throw e;
    }

    // Enumerate groups 
    try
    {
        if (objSearchResults.Count != 0)
        {
            //SearchResult objResult = default(SearchResult);
            foreach (SearchResult objResult in objSearchResults)
            {
                objGroupEntry = objResult.GetDirectoryEntry();
                result.ActiveDirectoryTree.Add(new ActiveDirectoryItem() { Id = objGroupEntry.Guid, ParentId = objGroupEntry.Parent.Guid, AccountName = objGroupEntry.Name, Type = ActiveDirectoryType.Group, PickableNode = false });

                foreach (object child in objGroupEntry.Properties["member"])
                {
                    treeNode = new ActiveDirectoryItem();
                    var path = "LDAP://" + child.ToString().Replace("/", "\\/");
                    using (var memberEntry = new DirectoryEntry(path))
                    {
                        if (memberEntry.Properties.Contains("sAMAccountName") && memberEntry.Properties.Contains("objectSid"))
                        {
                            treeNode.Id = Guid.NewGuid();
                            treeNode.ParentId = objGroupEntry.Guid;
                            treeNode.AccountName = memberEntry.Properties["sAMAccountName"][0].ToString();
                            treeNode.Type = ActiveDirectoryType.User;
                            treeNode.PickableNode = true;
                            treeNode.FullName = memberEntry.Properties["Name"][0].ToString();

                            byte[] sidBytes = (byte[])memberEntry.Properties["objectSid"][0];
                            treeNode.ObjectSid = new System.Security.Principal.SecurityIdentifier(sidBytes, 0).ToString();

                            result.ActiveDirectoryTree.Add(treeNode);
                        }
                    }
                }
            }
        }
        else
        {
            throw new Exception("No groups found");
        }
    }
    catch (Exception e)
    {
        throw new Exception(e.Message);
    }

    return result;
}

问题是使用 (var memberEntry = new DirectoryEntry(path)) 返回 DomainUsers 作为该树的用户,我不确定这是否正确?

假设我存储了 DomainUsers 节点的 sidId,然后将其发送到以下方法:

public static Boolean GetActiveDirectoryName(string sidId,out string samAccountName,out string fullName)
        {
            samAccountName = string.Empty;
            fullName = string.Empty;


            if (sidId != null && sidId.Length > 0)
            {
                var ctx = new System.DirectoryServices.AccountManagement.PrincipalContext(ContextType.Domain, null);
                using (var up = UserPrincipal.FindByIdentity(ctx, IdentityType.Sid, sidId))
                {
                    samAccountName = up.SamAccountName;
                    fullName = up.Name;

                    return true;
                }
            }
            return false;
        }

up会被置为null?如果我在 AD 中选择另一个用户,那么它就可以正常工作。我怀疑 DomainUsers 是一个组,但我如何在 DirectoryEntry 上检查它?

致以最诚挚的问候

最佳答案

我突然想到:您是否考虑过检查返回结果的架构属性?我认为您可以使用 DirectoryEntry.SchemaEntry.Name 轻松地确定一个组。如果您的架构条目是一个组,它应该返回 group

引用:MSDN: DirectoryEntry.SchemaEntry

出于好奇,上面的代码有点离题: 

 if (pathToAD.Length > 0)
      objADAM = new DirectoryEntry();
 else
      objADAM = new DirectoryEntry(pathToAD);
 objADAM.RefreshCache();

如果 Length>0,你不想使用 pathToAD 吗?

关于c# - 如何知道 DirectoryEntry 是用户还是组?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/6354807/

30 4 0
文章推荐: c# - 未知服务器标记 'rsweb:ReportViewer'
文章推荐: c++ - Alpha-Beta "breaking"阿姆达尔定律?
文章推荐: python - 如何在没有 $0 的情况下获取 shellscript 文件名?
文章推荐: c++ - 按某个数据成员对结构的 STL 容器进行排序
太空狗
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com