如何获取AD用户的间接组? - C#

发布于 2024-10-08 19:03:11 字数 573 浏览 6 评论 0原文

我使用 DirectorySearcher 来获取 AD 用户的组,该用户是使用“memberof”属性的成员。但根据 此 msdn 页面,“memberof”属性仅返回该用户是其中的会员。我怎样才能获得用户的间接组。

对于前。

Group A -> User X, User Y, Group B
Group B -> User Z
Group C -> User Z

我想为用户 Z 获取 A 组、B 组、C 组的结果,因为他是 A 组的间接用户。

更新

好的。我按照 这篇 codeproject 文章递归地获取组。但列表中仍然缺少内置组“域用户”。那么这是否意味着内置组不会出现在目录搜索器中?

I'm using DirectorySearcher to get the groups of an AD user in which he is a member of using the 'memberof' property. But according to this msdn page the 'memberof' property only returns the direct groups in which the user is a member. How can I get the indirect groups of the user too.

For ex.

Group A -> User X, User Y, Group B
Group B -> User Z
Group C -> User Z

I want to get the result as Group A, Group B, Group C for the user Z since he is an indirect user of Group A.

Update

Okie. I've followed this codeproject article to get the groups recursively. But still the builtin group 'Domain Users' is missing from the list. So does that mean Built in groups wont appear in the directory searcher?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(4

美羊羊 2024-10-15 19:03:11

您必须定义自己的方法来迭代直接组,直到达到所有组的共同根。您需要对每个组执行 LDAP 查询,并使用相同的 memberOf 属性来确定该组属于哪些组。这可能会耗费大量时间,特别是当群组数量众多且呈网络状布局时。

You have to define your own method of iterating through the direct groups until you reach the common root for all. You will need to perform an LDAP query against each group and use the same memberOf attribute to determine which groups that group belongs to. This can be time intensive, particularly if the groups are numerous and laid out web-like.

扮仙女 2024-10-15 19:03:11

我的答案与乔尔·埃瑟顿的答案相同,但带有代码。我不久前在我的一个应用程序中实现了这一点。您所需要做的就是将 VB.Net 解释为 C# :)。下面的代码将获取一个组并返回所有子组。因此,您只需循环遍历每个组并将它们放入列表中即可。我引用了一些我没有包括但应该是不言自明的方法。我确实包含了PrincipalGenericCollection,因为它很方便。

Public Function GetSubGroups(ByVal groupname As String) As List(Of String)
    Dim result As New List(Of String)()

    GetSubGroups(groupname, result)

    Return result
End Function

Public Sub GetSubGroups(ByVal Group As String, ByRef l As List(Of String))
    Dim grp = GetGroup(Group)

    'sometimes group will be null if its a system built in group like "authenticated users"'
    If grp Is Nothing Then
        Exit Sub
    End If

    Dim sGroups = GetGroupMembership(Group, False).Where(Function(c) TypeOf c Is GroupPrincipal)

    For Each g In sGroups
        Dim n As String = FormatPrincipalName(g.Name)

        If Not l.Contains(n) Then
            l.Add(n)

            GetSubGroups(g.Name, l)
        End If
    Next
End Sub

Public Function GetGroupMembership(ByVal GroupName As String, Optional ByVal Recursive As Boolean = True) As PrincipalGenericCollection(Of Principal)
    Dim group As GroupPrincipal = GetGroup(GroupName)

    If group Is Nothing Then
        Return Nothing
    End If

    Dim prinCol As New PrincipalGenericCollection(Of Principal)(group.GetMembers(Recursive))

    prinCol.SortByName()

    Return prinCol
End Function


Public Class PrincipalGenericCollection(Of T As Principal)
    Inherits List(Of T)

    Public Sub New()
        MyBase.New()
    End Sub

    Public Sub New(ByVal collection As PrincipalCollection)
        For Each p As Principal In collection
            Me.Add(p)
        Next
    End Sub

    Public Sub New(ByVal collection As IEnumerable(Of T))
        MyBase.New(collection)
    End Sub

    Public Sub SortByName()
        Sort(New PrincipalSorter(Of T))
    End Sub
End Class

My answer follows the same lines as Joel Etherton's, but with code. I implemented this a while ago in one of my apps. All you need to do is interpret the VB.Net to C# :). The code below will take a group and return all of the child groups. So you just need to loop through for each group and put them in a list. I reference a few methods that I didn't include but should be self explanatory. I did include PrincipalGenericCollection, since it can be handy.

Public Function GetSubGroups(ByVal groupname As String) As List(Of String)
    Dim result As New List(Of String)()

    GetSubGroups(groupname, result)

    Return result
End Function

Public Sub GetSubGroups(ByVal Group As String, ByRef l As List(Of String))
    Dim grp = GetGroup(Group)

    'sometimes group will be null if its a system built in group like "authenticated users"'
    If grp Is Nothing Then
        Exit Sub
    End If

    Dim sGroups = GetGroupMembership(Group, False).Where(Function(c) TypeOf c Is GroupPrincipal)

    For Each g In sGroups
        Dim n As String = FormatPrincipalName(g.Name)

        If Not l.Contains(n) Then
            l.Add(n)

            GetSubGroups(g.Name, l)
        End If
    Next
End Sub

Public Function GetGroupMembership(ByVal GroupName As String, Optional ByVal Recursive As Boolean = True) As PrincipalGenericCollection(Of Principal)
    Dim group As GroupPrincipal = GetGroup(GroupName)

    If group Is Nothing Then
        Return Nothing
    End If

    Dim prinCol As New PrincipalGenericCollection(Of Principal)(group.GetMembers(Recursive))

    prinCol.SortByName()

    Return prinCol
End Function


Public Class PrincipalGenericCollection(Of T As Principal)
    Inherits List(Of T)

    Public Sub New()
        MyBase.New()
    End Sub

    Public Sub New(ByVal collection As PrincipalCollection)
        For Each p As Principal In collection
            Me.Add(p)
        Next
    End Sub

    Public Sub New(ByVal collection As IEnumerable(Of T))
        MyBase.New(collection)
    End Sub

    Public Sub SortByName()
        Sort(New PrincipalSorter(Of T))
    End Sub
End Class
聚集的泪 2024-10-15 19:03:11

用户的主要组不会显示在“memberOf”属性中。
相反,它的 RID 存储在“primaryGroupID”属性中,并且您必须根据该 RID(即域 SID+组 RID)计算组的 SID。

这就是为什么您找不到域用户组(这是用户的主要组)

The primary group of the user won't be shown in the "memberOf" property.
Instead, it's RID is stored in the "primaryGroupID" property, and you have to calculate the group's SID from that RID (which is domain SID+group RID).

Thats why you couldn't find the Domain Users group (which is the user's primary group)

〆凄凉。 2024-10-15 19:03:11

对我来说听起来像是一种简单的递归方法。查找组,用户是其成员,并且对于每个组,查找组,该组是其成员。重复此操作,直到找不到更多成员资格。

Sounds to me like a simple recursive approach. Find the groups, the user is member of and for each group, find the groups, the group is member of. Repeat until no more memberships are found.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文