使用 System.DirectoryServices.AccountManagement 列出本地管理员不会检索域用户

Question

我正在尝试远程列出本地管理员组的成员。以下代码仅返回属于管理员组成员的本地帐户 - 根本不返回域组或个人帐户（例如，BLAH\Domain Admins 或 BLAH\yajohn）。

有人有主意吗？

      Public Function listLocalAdmins(ByVal machinename As String, ByVal creduname As String, ByVal credpass As String) As String
    Try
        Dim mctx As New PrincipalContext(ContextType.Machine, machinename, creduname, credpass)
        Dim lcladmins As GroupPrincipal = GroupPrincipal.FindByIdentity(mctx, IdentityType.Name, "Administrators")
        Dim pc As PrincipalCollection = lcladmins.Members
        Dim r As New StringBuilder
        For Each p As Principal In pc
            r.Append("Name:->" & p.Name.ToString & vbCrLf)
        Next
        Return r.ToString
    Catch ex As Exception
        Return ex.Message
    End Try
End Function

感谢您的任何反馈。

Answer 1

我之前发过帖子，但发现它并没有解决你的问题。我无法使用 AccountManagement 来执行您想要的操作。我可以使用 DirectoryServices，也许这会有所帮助。

Imports System.DirectoryServices


Sub Main()
    'basic props'
    Dim computername As String = "computername"
    Dim username As String = "Domain1\account"
    Dim password As String = "password"

    'User to check if they are part of ADMIN group'
    Dim userToCheck As String = "usertocheck"

    'User to add/remove'
    Dim usertoAddRemove As String = "usertoaddremove"

    'get computer entry'
    Dim deComputer As DirectoryEntry = GetComputerEntry(computername, username, password)

    'get admin group info'
    Dim deGroup As DirectoryEntry = GetGroupByName(deComputer, "administrators")

    'get members'
    Dim groupMembers As List(Of DirectoryEntry) = GetGroupMembers(deGroup)

    'check if "UserToCheck" is part of admin group'
    Console.WriteLine(String.Format("User {0} Found?: {1}", userToCheck, CheckIfUsernameIsInGroup(deGroup, userToCheck).ToString()))

    'get user to add/remove DN'
    Dim userDN As DirectoryEntry = New DirectoryEntry(String.Format("WinNT://{0}/{1},user", "DOMAIN1", usertoAddRemove))

    'add account'
    AddUserToGroup(deGroup, userDN)
    Console.WriteLine(String.Format("User account {0} added to group {1}", usertoAddRemove, deGroup.Name))

    'remove account'
    RemoveUserFromGroup(deGroup, userDN)
    Console.WriteLine(String.Format("User account {0} removed from group {1}", usertoAddRemove, deGroup.Name))

    Console.ReadLine()

End Sub

Public Function GetComputerEntry(ByVal Computername As String, ByVal Username As String, ByVal Password As String) As DirectoryEntry
    'create directory entry connection to the remote machine'
    Dim deComputer As New DirectoryEntry("WinNT://" + Computername + ",computer", Username, Password)
    deComputer.RefreshCache()

    Return deComputer
End Function

Public Function GetGroupByName(ByVal DE As DirectoryEntry, ByVal Groupname As String) As DirectoryEntry
    'get admin group info'
    Dim deGroup As DirectoryEntry = DE.Children.Find(Groupname, "group")

    Return deGroup
End Function

Public Function GetGroupMembers(ByVal deGroup As DirectoryEntry) As List(Of DirectoryEntry)
    Dim members As IEnumerable = deGroup.Invoke("members", Nothing)
    Dim r As New List(Of DirectoryEntry)()

    For Each o As Object In members
        Dim deMember As DirectoryEntry = New DirectoryEntry(o)

        r.Add(deMember)
    Next

    Return r
End Function

Public Function CheckIfUsernameIsInGroup(ByVal deGroup As DirectoryEntry, ByVal Username As String) As Boolean
    'first get group members'
    Dim u As List(Of DirectoryEntry) = GetGroupMembers(deGroup)

    'then check for name'
    Dim r = From c In u Where c.Name.ToUpper() = Username.ToUpper() Select c

    'return true/false if found'
    Return r.Count = 1
End Function

Public Sub AddUserToGroup(ByVal deGroup As DirectoryEntry, ByVal User As DirectoryEntry)
    deGroup.Invoke("Add", User.Path.ToString())
    deGroup.CommitChanges()
End Sub

Public Sub RemoveUserFromGroup(ByVal deGroup As DirectoryEntry, ByVal User As DirectoryEntry)
    deGroup.RefreshCache()
    deGroup.Invoke("Remove", User.Path.ToString())
    deGroup.CommitChanges()
End Sub