查明 AD 中的组是否属于通讯组?

发布于 2024-12-13 04:32:00 字数 272 浏览 1 评论 0原文

我正在使用 ASP.net 和 C#,并且对 Active Directory 知之甚少。我收到了按以下步骤编写程序的任务:

为 ASP.net 应用程序提供了用户的用户名。

应用程序应查询具有给定用户名的用户的所有组。

然后,应用程序应将这些组显示在两个单独的列表中,一个列表包含通讯组,另一个列表包含其余组。

现在,查询所有组就很容易了。但是如何检查该组是否在通讯组中呢?

我没有得到更多信息。

有什么属性或者我可以检查的东西吗?

I'm using ASP.net with C# and have a very little idea about Active Directory. I've been given a task to write a program in steps below:

The ASP.net application is given the username of a user.

The application should query all the groups of the user with the given username.

Then the application should display these groups in two separate lists one consisting of the distribution groups and in other list, the rest of the groups.

Now, the querying for all the groups is easy. But how can I check whether the group is in distribution group or not?

I have not been given more information.

Any attribute or something I can check?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

徒留西风 2024-12-20 04:32:00

此代码将检索所有启用电子邮件的组,无论它是安全组还是通讯组。 (看到您对 marc_s 答案的评论后,我猜这实际上就是您的经理正在寻找的)。

using (PrincipalContext ctx = new PrincipalContext(ContextType.Domain))
{
    Principal prototype = new GroupPrincipal(ctx);
    PrincipalSearcher searcher = new PrincipalSearcher(prototype);
    List<string> groupNames = new List<string>();
    PropertyValueCollection email;

    foreach (var gp in searcher.FindAll()) using (gp)
    {
        GroupPrincipal group = gp as GroupPrincipal;

        using (DirectoryEntry groupEntry = ((DirectoryEntry)group.GetUnderlyingObject())
        {
          email = groupEntry.Properties["mail"];
          if (email.Value != null)
          {
            groupNames.Add(group.Name);
          }
        }
    }
}

This code will retrieve all your email enabled groups, regardless of whether it is a security or distribution group. (Having seen your comment to marc_s's answer, I'm guessing this is actually what your managers are looking for).

using (PrincipalContext ctx = new PrincipalContext(ContextType.Domain))
{
    Principal prototype = new GroupPrincipal(ctx);
    PrincipalSearcher searcher = new PrincipalSearcher(prototype);
    List<string> groupNames = new List<string>();
    PropertyValueCollection email;

    foreach (var gp in searcher.FindAll()) using (gp)
    {
        GroupPrincipal group = gp as GroupPrincipal;

        using (DirectoryEntry groupEntry = ((DirectoryEntry)group.GetUnderlyingObject())
        {
          email = groupEntry.Properties["mail"];
          if (email.Value != null)
          {
            groupNames.Add(group.Name);
          }
        }
    }
}
笨笨の傻瓜 2024-12-20 04:32:00

您可以从名为 Groupe-Type(最后一行)。

(0x00000001) : Specifies a group that is created by the system.
(0x00000002) : Specifies a group with global scope.
(0x00000004) : Specifies a group with domain local scope.
(0x00000008) : Specifies a group with universal scope.
(0x00000010) : Specifies an APP_BASIC group for Windows Server Authorization Manager.
(0x00000020) : Specifies an APP_QUERY group fir Windows Server Authorization Manager.
(0x80000000) :Specifies a security group. If this flag is not set, then the group is a distribution group.

您可以在此答案中找到或在 这另一个不同检索用户所属组的方法。

您可以在此处找到如何检索用户。

You can retreive this information from an attribute called Groupe-Type(last line).

(0x00000001) : Specifies a group that is created by the system.
(0x00000002) : Specifies a group with global scope.
(0x00000004) : Specifies a group with domain local scope.
(0x00000008) : Specifies a group with universal scope.
(0x00000010) : Specifies an APP_BASIC group for Windows Server Authorization Manager.
(0x00000020) : Specifies an APP_QUERY group fir Windows Server Authorization Manager.
(0x80000000) :Specifies a security group. If this flag is not set, then the group is a distribution group.

You can find in this answer or at the botton of this other one different ways to retreive groups a user belongs to.

You can find here how to retreive user.

烟火散人牵绊 2024-12-20 04:32:00

由于您使用的是 .NET 3.5 及更高版本,因此您应该检查 System.DirectoryServices.AccountManagement (S.DS.AM) 命名空间。在这里阅读所有相关内容:

基本上,您可以定义域上下文并轻松查找 AD 中的用户和/或组:

// set up domain context
PrincipalContext ctx = new PrincipalContext(ContextType.Domain);

// find a user
UserPrincipal user = UserPrincipal.FindByIdentity(ctx, "SomeUserName");

if(user != null)
{ 
   // get all roles for that user
   var roles = user.GetGroups();

   // set up two lists for each type of groups
   List<GroupPrincipal> securityGroups = new List<GroupPrincipal>();
   List<GroupPrincipal> distributionGroups = new List<GroupPrincipal>();

   // iterate over groups found
   foreach (Principal p in roles)
   {
       // cast to GroupPrincipal
       GroupPrincipal gp = (p as GroupPrincipal);

       if (gp != null)
       {
           // check whether it's a security group or a distribution group
           if (gp.IsSecurityGroup)
              securityGroups.Add(gp);
           else
              distributionGroups.Add(gp);
       }
    }
}

新的 S.DS.AM 使在 AD 中使用用户和组变得非常容易!

Since you're on .NET 3.5 and up, you should check out the System.DirectoryServices.AccountManagement (S.DS.AM) namespace. Read all about it here:

Basically, you can define a domain context and easily find users and/or groups in AD:

// set up domain context
PrincipalContext ctx = new PrincipalContext(ContextType.Domain);

// find a user
UserPrincipal user = UserPrincipal.FindByIdentity(ctx, "SomeUserName");

if(user != null)
{ 
   // get all roles for that user
   var roles = user.GetGroups();

   // set up two lists for each type of groups
   List<GroupPrincipal> securityGroups = new List<GroupPrincipal>();
   List<GroupPrincipal> distributionGroups = new List<GroupPrincipal>();

   // iterate over groups found
   foreach (Principal p in roles)
   {
       // cast to GroupPrincipal
       GroupPrincipal gp = (p as GroupPrincipal);

       if (gp != null)
       {
           // check whether it's a security group or a distribution group
           if (gp.IsSecurityGroup)
              securityGroups.Add(gp);
           else
              distributionGroups.Add(gp);
       }
    }
}

The new S.DS.AM makes it really easy to play around with users and groups in AD!

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文