gpt4 book ai didi

.net - 如何确定AD组是否包含来自另一个(可信)域的给定DirectoryEntry?

转载 作者:行者123 更新时间:2023-12-02 04:19:34 29 4
gpt4 key购买 nike

我正在尝试增强确定用户是否为给定AD组成员的代码。它实际上是有效的,除非组的成员恰好来自另一个(受信任)域,因为它存储为外部安全性本金。

鉴于我对要测试的组和要检查的帐户都有一个有效的DirectoryEntry对象,因此我需要一个DirectorySearcher过滤器字符串,该字符串将允许我确认该帐户在该组中,即使该帐户也是如此是外国安全专家。

(VB.NET代码示例演示了该问题)

Dim ContainerGroup as DirectoryEntry = ... Code to get Group
Dim UserToCheckFor as DirectoryEntry = ... Code to get User

DSearcher = New DirectorySearcher(ContainerGroup, "(WHATCANIPUTINHERE)", New String() {"member;Range=0-5000"}, SearchScope.Base)
DSearcher.AttributeScopeQuery = "member"

'If an object is found, the account was in the group
Return (DSearcher.FindOne() IsNot Nothing)

最佳答案

好的。找到了。这就是窍门。

我正在尝试增强确定用户是否为给定AD组成员的代码。它实际上是有效的,除非组的成员恰好来自另一个(受信任)域,因为它存储为外部安全性本金。

(VB.NET代码示例)

Dim ContainerGroup as DirectoryEntry = ... Code to get Group
Dim UserToCheckFor as DirectoryEntry = ... Code to get User

DSearcher = New DirectorySearcher
Dim DSearcher As New DirectorySearcher(ContainerGroup, getLDAPQueryStringUsingSID(containedGroup), New String() {"member;Range=0-5000"}, SearchScope.Base)

Return (DSearcher.FindOne() IsNot Nothing)


** Helper Methods **

Private Function getLDAPQueryStringUsingSID(ByVal DEObject As DirectoryEntry) As String
Return "(objectSid=" + getSDDLSidForDirectoryEntry(DEObject) + ")"
End Function

Private Function getSDDLSidForDirectoryEntry(ByVal DEObject As DirectoryEntry) As String
Dim bytes As Byte() = CType(DEObject.Properties("objectSid").Value, Byte())
Dim sid As New System.Security.Principal.SecurityIdentifier(bytes, 0)
Return sid.ToString
End Function

关于.net - 如何确定AD组是否包含来自另一个(可信)域的给定DirectoryEntry?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/371947/

29 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com