Active Directory 嵌套组
我有一个 C# 4.0 程序,可以检索特定 AD 组的所有成员。此 AD 组中还有包含其他成员的其他 AD 组。我需要我的程序来识别它是一个组并检索该组中的成员。
我知道我需要编写一个递归程序,但我希望有人可能已经完成了。如果不是,有人可以告诉我 AD 属性属性来标识该成员实际上是一个组吗?
I have a C# 4.0 program working that retrieves all the members for a specific AD group. In this AD group are other AD groups containing other members. I need my program to identity that it is a group and retrieve the members in that group.
I know I need to write a recursive program but I was hoping somebody out there might have already done it. If not, could somebody tell me the AD property attribute to identify that the member is actual a group?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
由于您使用的是 .NET 3.5 及更高版本,因此您应该检查
System.DirectoryServices.AccountManagement(S.DS.AM) 命名空间。在这里阅读所有相关内容:基本上,您可以定义域上下文并轻松查找 AD 中的用户和/或组。另外:
GroupPrincipal有一个名为GetMembers的方法,它将列出该组的所有成员 - 或者,它会为您递归地执行此操作!新的 S.DS.AM 使 AD 中的用户和组的使用变得非常容易!
Since you're on .NET 3.5 and up, you should check out the
System.DirectoryServices.AccountManagement(S.DS.AM) namespace. Read all about it here:Basically, you can define a domain context and easily find users and/or groups in AD. Also: the
GroupPrincipalhas a method calledGetMemberswhich will list all members of that group - optionally, it will do so recursively for you!The new S.DS.AM makes it really easy to play around with users and groups in AD!
假设您使用 ActiveDirectory 的 LDAP 视图,您要查找的属性称为“objectClass”。我相信,一个组的 objectClass 为“groupOfNames”;可能是“团体”。或者,只需查看对象是否有任何“成员”,无论对象类如何,如果有,则假设它是某种组并递归。
Assuming you're using the LDAP view into ActiveDirectory, the attribute you're looking for is called "objectClass". A group shows up with an objectClass of "groupOfNames", I believe; possibly "group". Alternatively, just look to see if the object has any "member"s, regardless of object class, and if it does, assume it's some sort of group and recurse.