使用 System.DirectoryServices.AccountManagement 列出本地管理员不会检索域用户

发布于 2024-09-01 06:48:06 字数 825 浏览 6 评论 0原文

我正在尝试远程列出本地管理员组的成员。以下代码仅返回属于管理员组成员的本地帐户 - 根本不返回域组或个人帐户(例如,BLAH\Domain Admins 或 BLAH\yajohn)。

有人有主意吗?

      Public Function listLocalAdmins(ByVal machinename As String, ByVal creduname As String, ByVal credpass As String) As String
    Try
        Dim mctx As New PrincipalContext(ContextType.Machine, machinename, creduname, credpass)
        Dim lcladmins As GroupPrincipal = GroupPrincipal.FindByIdentity(mctx, IdentityType.Name, "Administrators")
        Dim pc As PrincipalCollection = lcladmins.Members
        Dim r As New StringBuilder
        For Each p As Principal In pc
            r.Append("Name:->" & p.Name.ToString & vbCrLf)
        Next
        Return r.ToString
    Catch ex As Exception
        Return ex.Message
    End Try
End Function

感谢您的任何反馈。

I'm trying to remotely list members of the local Administrators group. The following code returns only local accounts which are members of the admin group - no domain groups or individual accounts are returned at all (BLAH\Domain Admins or BLAH\yajohn, for instance).

Anyone have an idea?

      Public Function listLocalAdmins(ByVal machinename As String, ByVal creduname As String, ByVal credpass As String) As String
    Try
        Dim mctx As New PrincipalContext(ContextType.Machine, machinename, creduname, credpass)
        Dim lcladmins As GroupPrincipal = GroupPrincipal.FindByIdentity(mctx, IdentityType.Name, "Administrators")
        Dim pc As PrincipalCollection = lcladmins.Members
        Dim r As New StringBuilder
        For Each p As Principal In pc
            r.Append("Name:->" & p.Name.ToString & vbCrLf)
        Next
        Return r.ToString
    Catch ex As Exception
        Return ex.Message
    End Try
End Function

Thanks for any feedback.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

手心的温暖 2024-09-08 06:48:06

我之前发过帖子,但发现它并没有解决你的问题。我无法使用 AccountManagement 来执行您想要的操作。我可以使用 DirectoryServices,也许这会有所帮助。

Imports System.DirectoryServices


Sub Main()
    'basic props'
    Dim computername As String = "computername"
    Dim username As String = "Domain1\account"
    Dim password As String = "password"

    'User to check if they are part of ADMIN group'
    Dim userToCheck As String = "usertocheck"

    'User to add/remove'
    Dim usertoAddRemove As String = "usertoaddremove"

    'get computer entry'
    Dim deComputer As DirectoryEntry = GetComputerEntry(computername, username, password)

    'get admin group info'
    Dim deGroup As DirectoryEntry = GetGroupByName(deComputer, "administrators")

    'get members'
    Dim groupMembers As List(Of DirectoryEntry) = GetGroupMembers(deGroup)

    'check if "UserToCheck" is part of admin group'
    Console.WriteLine(String.Format("User {0} Found?: {1}", userToCheck, CheckIfUsernameIsInGroup(deGroup, userToCheck).ToString()))

    'get user to add/remove DN'
    Dim userDN As DirectoryEntry = New DirectoryEntry(String.Format("WinNT://{0}/{1},user", "DOMAIN1", usertoAddRemove))

    'add account'
    AddUserToGroup(deGroup, userDN)
    Console.WriteLine(String.Format("User account {0} added to group {1}", usertoAddRemove, deGroup.Name))

    'remove account'
    RemoveUserFromGroup(deGroup, userDN)
    Console.WriteLine(String.Format("User account {0} removed from group {1}", usertoAddRemove, deGroup.Name))

    Console.ReadLine()

End Sub

Public Function GetComputerEntry(ByVal Computername As String, ByVal Username As String, ByVal Password As String) As DirectoryEntry
    'create directory entry connection to the remote machine'
    Dim deComputer As New DirectoryEntry("WinNT://" + Computername + ",computer", Username, Password)
    deComputer.RefreshCache()

    Return deComputer
End Function

Public Function GetGroupByName(ByVal DE As DirectoryEntry, ByVal Groupname As String) As DirectoryEntry
    'get admin group info'
    Dim deGroup As DirectoryEntry = DE.Children.Find(Groupname, "group")

    Return deGroup
End Function

Public Function GetGroupMembers(ByVal deGroup As DirectoryEntry) As List(Of DirectoryEntry)
    Dim members As IEnumerable = deGroup.Invoke("members", Nothing)
    Dim r As New List(Of DirectoryEntry)()

    For Each o As Object In members
        Dim deMember As DirectoryEntry = New DirectoryEntry(o)

        r.Add(deMember)
    Next

    Return r
End Function

Public Function CheckIfUsernameIsInGroup(ByVal deGroup As DirectoryEntry, ByVal Username As String) As Boolean
    'first get group members'
    Dim u As List(Of DirectoryEntry) = GetGroupMembers(deGroup)

    'then check for name'
    Dim r = From c In u Where c.Name.ToUpper() = Username.ToUpper() Select c

    'return true/false if found'
    Return r.Count = 1
End Function

Public Sub AddUserToGroup(ByVal deGroup As DirectoryEntry, ByVal User As DirectoryEntry)
    deGroup.Invoke("Add", User.Path.ToString())
    deGroup.CommitChanges()
End Sub

Public Sub RemoveUserFromGroup(ByVal deGroup As DirectoryEntry, ByVal User As DirectoryEntry)
    deGroup.RefreshCache()
    deGroup.Invoke("Remove", User.Path.ToString())
    deGroup.CommitChanges()
End Sub

I posted earlier, but found out it didn't resolve your issue. I was not able to use AccountManagement to do what you wanted. I was able to use DirectoryServices though, maybe this will help.

Imports System.DirectoryServices


Sub Main()
    'basic props'
    Dim computername As String = "computername"
    Dim username As String = "Domain1\account"
    Dim password As String = "password"

    'User to check if they are part of ADMIN group'
    Dim userToCheck As String = "usertocheck"

    'User to add/remove'
    Dim usertoAddRemove As String = "usertoaddremove"

    'get computer entry'
    Dim deComputer As DirectoryEntry = GetComputerEntry(computername, username, password)

    'get admin group info'
    Dim deGroup As DirectoryEntry = GetGroupByName(deComputer, "administrators")

    'get members'
    Dim groupMembers As List(Of DirectoryEntry) = GetGroupMembers(deGroup)

    'check if "UserToCheck" is part of admin group'
    Console.WriteLine(String.Format("User {0} Found?: {1}", userToCheck, CheckIfUsernameIsInGroup(deGroup, userToCheck).ToString()))

    'get user to add/remove DN'
    Dim userDN As DirectoryEntry = New DirectoryEntry(String.Format("WinNT://{0}/{1},user", "DOMAIN1", usertoAddRemove))

    'add account'
    AddUserToGroup(deGroup, userDN)
    Console.WriteLine(String.Format("User account {0} added to group {1}", usertoAddRemove, deGroup.Name))

    'remove account'
    RemoveUserFromGroup(deGroup, userDN)
    Console.WriteLine(String.Format("User account {0} removed from group {1}", usertoAddRemove, deGroup.Name))

    Console.ReadLine()

End Sub

Public Function GetComputerEntry(ByVal Computername As String, ByVal Username As String, ByVal Password As String) As DirectoryEntry
    'create directory entry connection to the remote machine'
    Dim deComputer As New DirectoryEntry("WinNT://" + Computername + ",computer", Username, Password)
    deComputer.RefreshCache()

    Return deComputer
End Function

Public Function GetGroupByName(ByVal DE As DirectoryEntry, ByVal Groupname As String) As DirectoryEntry
    'get admin group info'
    Dim deGroup As DirectoryEntry = DE.Children.Find(Groupname, "group")

    Return deGroup
End Function

Public Function GetGroupMembers(ByVal deGroup As DirectoryEntry) As List(Of DirectoryEntry)
    Dim members As IEnumerable = deGroup.Invoke("members", Nothing)
    Dim r As New List(Of DirectoryEntry)()

    For Each o As Object In members
        Dim deMember As DirectoryEntry = New DirectoryEntry(o)

        r.Add(deMember)
    Next

    Return r
End Function

Public Function CheckIfUsernameIsInGroup(ByVal deGroup As DirectoryEntry, ByVal Username As String) As Boolean
    'first get group members'
    Dim u As List(Of DirectoryEntry) = GetGroupMembers(deGroup)

    'then check for name'
    Dim r = From c In u Where c.Name.ToUpper() = Username.ToUpper() Select c

    'return true/false if found'
    Return r.Count = 1
End Function

Public Sub AddUserToGroup(ByVal deGroup As DirectoryEntry, ByVal User As DirectoryEntry)
    deGroup.Invoke("Add", User.Path.ToString())
    deGroup.CommitChanges()
End Sub

Public Sub RemoveUserFromGroup(ByVal deGroup As DirectoryEntry, ByVal User As DirectoryEntry)
    deGroup.RefreshCache()
    deGroup.Invoke("Remove", User.Path.ToString())
    deGroup.CommitChanges()
End Sub
~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文