当前位置: 文江博客话题详情

给定用户的 SID,如何获取 AD DirectoryEntry?

发布于 2024-11-30 03:44:24 字数 146 浏览 1 评论 0原文

我在 windowsPrincipal.getIdentity().getSid() 中将用户的 SID 作为 byte[] 。 如何从 SID 获取 Active Directory 条目 (DirectoryEntry)?

原文

I have the user's SID as byte[] within windowsPrincipal.getIdentity().getSid().
How can I get an Active Directory entry (DirectoryEntry) from the SID?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(4

∞琼窗梦回ˉ 2024-12-07 03:44:24

使用安全标识符 类将 sid 从 byte[] 格式转换为字符串,然后直接绑定到对象:

DirectoryEntry OpenEntry(byte[] sidAsBytes)
{
    var sid = new SecurityIdentifier(sidAsBytes, 0);

    return new DirectoryEntry(string.Format("LDAP://<SID={0}>", sid.ToString()));
}

Use the SecurityIdentifier class to convert the sid from byte[] format to string and then bind directly to the object:

DirectoryEntry OpenEntry(byte[] sidAsBytes)
{
    var sid = new SecurityIdentifier(sidAsBytes, 0);

    return new DirectoryEntry(string.Format("LDAP://<SID={0}>", sid.ToString()));
}
回复 原文
陪你到最终 2024-12-07 03:44:24

我在c# Converted to VB.NET中找到了这个例子

    // SID must be in Security Descriptor Description Language (SDDL) format
    // The PrincipalSearcher can help you here too (result.Sid.ToString())
    public void FindByIdentitySid()
    {
        UserPrincipal user = UserPrincipal.FindByIdentity(
            adPrincipalContext,
            IdentityType.Sid,
            "S-1-5-21-2422933499-3002364838-2613214872-12917");
        Console.WriteLine(user.DistinguishedName);
    }


    ' SID must be in Security Descriptor Description Language (SDDL) format
    ' The PrincipalSearcher can help you here too (result.Sid.ToString())
    Public Sub FindByIdentitySid()
        Dim user As UserPrincipal = UserPrincipal.FindByIdentity(adPrincipalContext,     IdentityType.Sid, "S-1-5-21-2422933499-3002364838-2613214872-12917")
        Console.WriteLine(user.DistinguishedName)
    End Sub

显然你可以:

    dim de as new DirectoryEntry("LDAP://" & user.DistinguishedName)

要获得SID = S-1-5-21-*(对不起VB.NET)

    ' Convert ObjectSID to a String

    ' http://social.msdn.microsoft.com/forums/en-US/netfxbcl/thread/57452aab-4b68-4444-aefa-136b387dd06e

    Dim ADpropSid As Byte()
    ADpropSid = de.Properties("objectSid").Item(0)    
    ' in my test the byte field looks like this : 01 02 00 00 00 00.......37 02 00 00
    Dim SID As New System.Security.Principal.SecurityIdentifier(ADpropSid, 0)

我还没有测试过C# 或我自己使用转换后的版本,但使用上面的方法以 SDDL 格式返回 SID。

I found this example in c#

    // SID must be in Security Descriptor Description Language (SDDL) format
    // The PrincipalSearcher can help you here too (result.Sid.ToString())
    public void FindByIdentitySid()
    {
        UserPrincipal user = UserPrincipal.FindByIdentity(
            adPrincipalContext,
            IdentityType.Sid,
            "S-1-5-21-2422933499-3002364838-2613214872-12917");
        Console.WriteLine(user.DistinguishedName);
    }

Converted to VB.NET:

    ' SID must be in Security Descriptor Description Language (SDDL) format
    ' The PrincipalSearcher can help you here too (result.Sid.ToString())
    Public Sub FindByIdentitySid()
        Dim user As UserPrincipal = UserPrincipal.FindByIdentity(adPrincipalContext,     IdentityType.Sid, "S-1-5-21-2422933499-3002364838-2613214872-12917")
        Console.WriteLine(user.DistinguishedName)
    End Sub

Obviously you can then:

    dim de as new DirectoryEntry("LDAP://" & user.DistinguishedName)

To get the SID = S-1-5-21-* (sorry VB.NET)

    ' Convert ObjectSID to a String

    ' http://social.msdn.microsoft.com/forums/en-US/netfxbcl/thread/57452aab-4b68-4444-aefa-136b387dd06e

    Dim ADpropSid As Byte()
    ADpropSid = de.Properties("objectSid").Item(0)    
    ' in my test the byte field looks like this : 01 02 00 00 00 00.......37 02 00 00
    Dim SID As New System.Security.Principal.SecurityIdentifier(ADpropSid, 0)

I haven't tested the C# or used the converted version yet myself, but have used the above to return the SID in SDDL format.

回复 原文
内心激荡 2024-12-07 03:44:24

我发现的最简单的方法是使用 LDAP 绑定。与尼克·吉尔斯所说的类似。更多信息请访问 MSDN

''' <summary>
''' Gets the DirectoryEntry identified by this SecurityIdentifier.
''' </summary>
''' <param name="id">The SecurityIdentifier (SID).</param>
<System.Runtime.CompilerServices.Extension()> _
Public Function GetDirectoryEntry(ByVal id As SecurityIdentifier) As DirectoryEntry
    Const sidBindingFormat As String = "LDAP://AOT/<SID={0}>"

    Return New DirectoryEntry(String.Format(sidBindingFormat, id.Value))
End Function

The easiest way I've found is using LDAP binding. Similar to what Nick Giles said. More info at MSDN

''' <summary>
''' Gets the DirectoryEntry identified by this SecurityIdentifier.
''' </summary>
''' <param name="id">The SecurityIdentifier (SID).</param>
<System.Runtime.CompilerServices.Extension()> _
Public Function GetDirectoryEntry(ByVal id As SecurityIdentifier) As DirectoryEntry
    Const sidBindingFormat As String = "LDAP://AOT/<SID={0}>"

    Return New DirectoryEntry(String.Format(sidBindingFormat, id.Value))
End Function
回复 原文
情深缘浅 2024-12-07 03:44:24

只要您有可用的 .Net 3.5 或 4.0,也可以在 PowerShell 中完成此操作(请参阅 https://gist。 github.com/882528(如果默认情况下不这样做)

add-type -assemblyname system.directoryservices.accountmanagement
$adPrincipalContext = 
    New-Object System.DirectoryServices.AccountManagement.PrincipalContext( 
    [System.DirectoryServices.AccountManagement.ContextType]::Domain)
$user = [system.directoryservices.accountmanagement.userprincipal]::findbyidentity(
    $adPrincipalContext
    , [System.DirectoryServices.AccountManagement.IdentityType]::Sid
    , "S-1-5-21-2422933499-3002364838-2613214872-12917")
$user.DisplayName
$user.DistinguishedName

This can also be done in PowerShell, as long as you have .Net 3.5 or 4.0 available (see https://gist.github.com/882528 if you don't by default)

add-type -assemblyname system.directoryservices.accountmanagement
$adPrincipalContext = 
    New-Object System.DirectoryServices.AccountManagement.PrincipalContext( 
    [System.DirectoryServices.AccountManagement.ContextType]::Domain)
$user = [system.directoryservices.accountmanagement.userprincipal]::findbyidentity(
    $adPrincipalContext
    , [System.DirectoryServices.AccountManagement.IdentityType]::Sid
    , "S-1-5-21-2422933499-3002364838-2613214872-12917")
$user.DisplayName
$user.DistinguishedName
回复 原文
~没有更多了~

关于作者

浮世清欢

暂无简介

0 文章
0 评论
22 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

娇女薄笑

文章 0 评论 0

biaggi

文章 0 评论 0

xiaolangfanhua

文章 0 评论 0

rivulet

文章 0 评论 0

我三岁

文章 0 评论 0

薆情海

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文