查找当前用户活动目录组 C++
我将如何查询当前登录用户属于哪个活动目录组?我假设它将通过 LDAP 进行,但我还没有找到很多关于如何获取此特定信息的信息。
我已经整理了一些代码,但我不太确定下一步需要做什么
// Open the access token associated with the calling process.
if (OpenProcessToken(GetCurrentProcess(),
TOKEN_QUERY,
&hToken) == FALSE)
{
dwErrorCode = GetLastError();
wprintf(L"OpenProcessToken failed. GetLastError returned: %d\n", dwErrorCode);
return HRESULT_FROM_WIN32(dwErrorCode);
}
// Retrieve the token information in a TOKEN_USER structure.
GetTokenInformation(hToken,
TokenUser, // Request for a TOKEN_USER structure.
NULL,
0,
&dwBufferSize);
pTokenUser = (PTOKEN_USER) new BYTE[dwBufferSize];
memset(pTokenUser, 0, dwBufferSize);
if (GetTokenInformation(hToken,
TokenUser,
pTokenUser,
dwBufferSize,
&dwBufferSize))
{
CloseHandle(hToken);
}
else
{
dwErrorCode = GetLastError();
wprintf(L"GetTokenInformation failed. GetLastError returned: %d\n", dwErrorCode);
return HRESULT_FROM_WIN32(dwErrorCode);
}
if (IsValidSid(pTokenUser->User.Sid) == FALSE)
{
wprintf(L"The owner SID is invalid.\n");
delete [] pTokenUser;
}
How would I go about querying what active directory group the currently logged in user belongs to? I am assuming it will be through LDAP but I havnt been able to find much on how to get this particular information.
I have put together some code but im not quite sure what I need to do next
// Open the access token associated with the calling process.
if (OpenProcessToken(GetCurrentProcess(),
TOKEN_QUERY,
&hToken) == FALSE)
{
dwErrorCode = GetLastError();
wprintf(L"OpenProcessToken failed. GetLastError returned: %d\n", dwErrorCode);
return HRESULT_FROM_WIN32(dwErrorCode);
}
// Retrieve the token information in a TOKEN_USER structure.
GetTokenInformation(hToken,
TokenUser, // Request for a TOKEN_USER structure.
NULL,
0,
&dwBufferSize);
pTokenUser = (PTOKEN_USER) new BYTE[dwBufferSize];
memset(pTokenUser, 0, dwBufferSize);
if (GetTokenInformation(hToken,
TokenUser,
pTokenUser,
dwBufferSize,
&dwBufferSize))
{
CloseHandle(hToken);
}
else
{
dwErrorCode = GetLastError();
wprintf(L"GetTokenInformation failed. GetLastError returned: %d\n", dwErrorCode);
return HRESULT_FROM_WIN32(dwErrorCode);
}
if (IsValidSid(pTokenUser->User.Sid) == FALSE)
{
wprintf(L"The owner SID is invalid.\n");
delete [] pTokenUser;
}
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
在您的特定情况下,我认为您可以不进行任何 LDAP 调用。这里有一个建议:
GetCurrentProcessId和OpenProcess获取当前进程的句柄,OpenProcessToken以打开与该进程关联的访问令牌当前进程GetTokenInformation,令牌信息类为TokenGroups,TOKEN_GROUPS结构包含一个包含 SID 和属性的列表访问令牌中的所有组LookupAccountSid来获取其名称MSDN 应该提供有关上述调用的更详细信息。
In your particular case I think you can do without any LDAP calls. Here's a suggestion:
GetCurrentProcessIdandOpenProcessto get a handle to the current processOpenProcessTokenon that handle to open the access token associated with the current processGetTokenInformationon that access token, with a token information class ofTokenGroupsTOKEN_GROUPSstructure contains a list with the SIDs and attributes of all the groups in the access tokenLookupAccountSidon the SID of each group in the list to obtain its nameMSDN should provide more detailed information about the calls mentioned above.