我需要使用 C# 代码检查按名称给出的组是否是 AD 中的安全组。
我注意到组属性中有一个名为“groupType”的属性,但我不知道该属性的用途。我检查了几个组,发现它的值可以是null、8或-2147483646。是否与安全组类型相关?
我还发现在组的distinguishedName 中,可以有“OU=Security Group”或“OU=Secuity Group with Mail Lists”blabla。能否作为判断安全组类型的标准?
提前致谢。
I need to check whether a group given by name is a security group in AD using C# code.
I notice there's a property named "groupType" in groups properties, but I don't know what this property is used for. I checked several groups and find its value can be null, 8 or -2147483646. Is it associated with the security group type?
I also find in the distinguishedName of the group, there can be "OU=Security Group" or "OU=Secuity Group with Mail Lists" blabla. Can it be a criteria to determine security group type?
Thanks in advance.
发布评论
评论(3)
来自 http://adsearch-winzero.blogspot.com/ 2006/04/object-group-attribute-grouptype.html
From http://adsearch-winzero.blogspot.com/2006/04/object-group-attribute-grouptype.html
出于对 Matt 的尊重,更好的答案应该来自 Microsoft:
https://msdn.microsoft.com/en-us/library/ms675935(v=vs.85).aspx
值相同,但仍应来自创建者。 * 安全组是通过将安全组值 -2147483648 添加到 * 通讯组值而得出的。
https://blogs.technet.microsoft.com/heyscriptingguy/2004/12/21/how-can-i-tell-whether-a-group-is-a -安全组或分发组/
With all due to respect to Matt, the better answer should come from Microsoft:
https://msdn.microsoft.com/en-us/library/ms675935(v=vs.85).aspx
The values are the same, but should still come from the creator. The * security group is derived from adding the security group value of -2147483648 to the * distribution group value.
https://blogs.technet.microsoft.com/heyscriptingguy/2004/12/21/how-can-i-tell-whether-a-group-is-a-security-group-or-a-distribution-group/
您可以使用“安全组”作为查询条件。但根据您公司的设置方式,它并不是那么值得信任。最好为所有安全组拥有一个 OU 条目并直接使用该条目。
You can use "Security Group" as a query condition. But it's not so trustful based on how your company set up it. It's better to have a OU entry for all security groups and use that entry directly.