C# .NET active-directory directoryservices

如何获取AD用户的间接组？ - C#

发布于 2024-10-08 19:03:11 字数 573 浏览 3 评论 0原文

我使用 DirectorySearcher 来获取 AD 用户的组，该用户是使用“memberof”属性的成员。但根据此 msdn 页面，“memberof”属性仅返回该用户是其中的会员。我怎样才能获得用户的间接组。

对于前。

Group A -> User X, User Y, Group B
Group B -> User Z
Group C -> User Z

我想为用户 Z 获取 A 组、B 组、C 组的结果，因为他是 A 组的间接用户。

更新

好的。我按照这篇 codeproject 文章递归地获取组。但列表中仍然缺少内置组“域用户”。那么这是否意味着内置组不会出现在目录搜索器中？

原文

I'm using DirectorySearcher to get the groups of an AD user in which he is a member of using the 'memberof' property. But according to this msdn page the 'memberof' property only returns the direct groups in which the user is a member. How can I get the indirect groups of the user too.

For ex.

Group A -> User X, User Y, Group B
Group B -> User Z
Group C -> User Z

I want to get the result as Group A, Group B, Group C for the user Z since he is an indirect user of Group A.

Update

Okie. I've followed this codeproject article to get the groups recursively. But still the builtin group 'Domain Users' is missing from the list. So does that mean Built in groups wont appear in the directory searcher?

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

美羊羊 2024-10-15 19:03:11

您必须定义自己的方法来迭代直接组，直到达到所有组的共同根。您需要对每个组执行 LDAP 查询，并使用相同的 memberOf 属性来确定该组属于哪些组。这可能会耗费大量时间，特别是当群组数量众多且呈网络状布局时。

回复收藏 0 原文

扮仙女 2024-10-15 19:03:11

我的答案与乔尔·埃瑟顿的答案相同，但带有代码。我不久前在我的一个应用程序中实现了这一点。您所需要做的就是将 VB.Net 解释为 C# :)。下面的代码将获取一个组并返回所有子组。因此，您只需循环遍历每个组并将它们放入列表中即可。我引用了一些我没有包括但应该是不言自明的方法。我确实包含了PrincipalGenericCollection，因为它很方便。

Public Function GetSubGroups(ByVal groupname As String) As List(Of String)
    Dim result As New List(Of String)()

    GetSubGroups(groupname, result)

    Return result
End Function

Public Sub GetSubGroups(ByVal Group As String, ByRef l As List(Of String))
    Dim grp = GetGroup(Group)

    'sometimes group will be null if its a system built in group like "authenticated users"'
    If grp Is Nothing Then
        Exit Sub
    End If

    Dim sGroups = GetGroupMembership(Group, False).Where(Function(c) TypeOf c Is GroupPrincipal)

    For Each g In sGroups
        Dim n As String = FormatPrincipalName(g.Name)

        If Not l.Contains(n) Then
            l.Add(n)

            GetSubGroups(g.Name, l)
        End If
    Next
End Sub

Public Function GetGroupMembership(ByVal GroupName As String, Optional ByVal Recursive As Boolean = True) As PrincipalGenericCollection(Of Principal)
    Dim group As GroupPrincipal = GetGroup(GroupName)

    If group Is Nothing Then
        Return Nothing
    End If

    Dim prinCol As New PrincipalGenericCollection(Of Principal)(group.GetMembers(Recursive))

    prinCol.SortByName()

    Return prinCol
End Function


Public Class PrincipalGenericCollection(Of T As Principal)
    Inherits List(Of T)

    Public Sub New()
        MyBase.New()
    End Sub

    Public Sub New(ByVal collection As PrincipalCollection)
        For Each p As Principal In collection
            Me.Add(p)
        Next
    End Sub

    Public Sub New(ByVal collection As IEnumerable(Of T))
        MyBase.New(collection)
    End Sub

    Public Sub SortByName()
        Sort(New PrincipalSorter(Of T))
    End Sub
End Class

My answer follows the same lines as Joel Etherton's, but with code. I implemented this a while ago in one of my apps. All you need to do is interpret the VB.Net to C# :). The code below will take a group and return all of the child groups. So you just need to loop through for each group and put them in a list. I reference a few methods that I didn't include but should be self explanatory. I did include PrincipalGenericCollection, since it can be handy.

Public Function GetSubGroups(ByVal groupname As String) As List(Of String)
    Dim result As New List(Of String)()

    GetSubGroups(groupname, result)

    Return result
End Function

Public Sub GetSubGroups(ByVal Group As String, ByRef l As List(Of String))
    Dim grp = GetGroup(Group)

    'sometimes group will be null if its a system built in group like "authenticated users"'
    If grp Is Nothing Then
        Exit Sub
    End If

    Dim sGroups = GetGroupMembership(Group, False).Where(Function(c) TypeOf c Is GroupPrincipal)

    For Each g In sGroups
        Dim n As String = FormatPrincipalName(g.Name)

        If Not l.Contains(n) Then
            l.Add(n)

            GetSubGroups(g.Name, l)
        End If
    Next
End Sub

Public Function GetGroupMembership(ByVal GroupName As String, Optional ByVal Recursive As Boolean = True) As PrincipalGenericCollection(Of Principal)
    Dim group As GroupPrincipal = GetGroup(GroupName)

    If group Is Nothing Then
        Return Nothing
    End If

    Dim prinCol As New PrincipalGenericCollection(Of Principal)(group.GetMembers(Recursive))

    prinCol.SortByName()

    Return prinCol
End Function


Public Class PrincipalGenericCollection(Of T As Principal)
    Inherits List(Of T)

    Public Sub New()
        MyBase.New()
    End Sub

    Public Sub New(ByVal collection As PrincipalCollection)
        For Each p As Principal In collection
            Me.Add(p)
        Next
    End Sub

    Public Sub New(ByVal collection As IEnumerable(Of T))
        MyBase.New(collection)
    End Sub

    Public Sub SortByName()
        Sort(New PrincipalSorter(Of T))
    End Sub
End Class

回复收藏 0 原文