查明 AD 中的组是否属于通讯组？

发布于 12-13 04:32 字数 272 浏览 8 评论 0原文

我正在使用 ASP.net 和 C#，并且对 Active Directory 知之甚少。我收到了按以下步骤编写程序的任务：

为 ASP.net 应用程序提供了用户的用户名。

应用程序应查询具有给定用户名的用户的所有组。

然后，应用程序应将这些组显示在两个单独的列表中，一个列表包含通讯组，另一个列表包含其余组。

现在，查询所有组就很容易了。但是如何检查该组是否在通讯组中呢？

我没有得到更多信息。

有什么属性或者我可以检查的东西吗？

原文

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

徒留西风2024-12-20 04:32:00

此代码将检索所有启用电子邮件的组，无论它是安全组还是通讯组。（看到您对 marc_s 答案的评论后，我猜这实际上就是您的经理正在寻找的）。

using (PrincipalContext ctx = new PrincipalContext(ContextType.Domain))
{
    Principal prototype = new GroupPrincipal(ctx);
    PrincipalSearcher searcher = new PrincipalSearcher(prototype);
    List<string> groupNames = new List<string>();
    PropertyValueCollection email;

    foreach (var gp in searcher.FindAll()) using (gp)
    {
        GroupPrincipal group = gp as GroupPrincipal;

        using (DirectoryEntry groupEntry = ((DirectoryEntry)group.GetUnderlyingObject())
        {
          email = groupEntry.Properties["mail"];
          if (email.Value != null)
          {
            groupNames.Add(group.Name);
          }
        }
    }
}

This code will retrieve all your email enabled groups, regardless of whether it is a security or distribution group. (Having seen your comment to marc_s's answer, I'm guessing this is actually what your managers are looking for).

using (PrincipalContext ctx = new PrincipalContext(ContextType.Domain))
{
    Principal prototype = new GroupPrincipal(ctx);
    PrincipalSearcher searcher = new PrincipalSearcher(prototype);
    List<string> groupNames = new List<string>();
    PropertyValueCollection email;

    foreach (var gp in searcher.FindAll()) using (gp)
    {
        GroupPrincipal group = gp as GroupPrincipal;

        using (DirectoryEntry groupEntry = ((DirectoryEntry)group.GetUnderlyingObject())
        {
          email = groupEntry.Properties["mail"];
          if (email.Value != null)
          {
            groupNames.Add(group.Name);
          }
        }
    }
}

回复收藏 0 原文

笨笨の傻瓜2024-12-20 04:32:00

您可以从名为 Groupe-Type（最后一行）。

(0x00000001) : Specifies a group that is created by the system.
(0x00000002) : Specifies a group with global scope.
(0x00000004) : Specifies a group with domain local scope.
(0x00000008) : Specifies a group with universal scope.
(0x00000010) : Specifies an APP_BASIC group for Windows Server Authorization Manager.
(0x00000020) : Specifies an APP_QUERY group fir Windows Server Authorization Manager.
(0x80000000) :Specifies a security group. If this flag is not set, then the group is a distribution group.

您可以在此答案中找到或在这另一个不同检索用户所属组的方法。

您可以在此处找到如何检索用户。

You can retreive this information from an attribute called Groupe-Type(last line).

(0x00000001) : Specifies a group that is created by the system.
(0x00000002) : Specifies a group with global scope.
(0x00000004) : Specifies a group with domain local scope.
(0x00000008) : Specifies a group with universal scope.
(0x00000010) : Specifies an APP_BASIC group for Windows Server Authorization Manager.
(0x00000020) : Specifies an APP_QUERY group fir Windows Server Authorization Manager.
(0x80000000) :Specifies a security group. If this flag is not set, then the group is a distribution group.

You can find in this answer or at the botton of this other one different ways to retreive groups a user belongs to.

You can find here how to retreive user.

回复收藏 0 原文

烟火散人牵绊2024-12-20 04:32:00

由于您使用的是 .NET 3.5 及更高版本，因此您应该检查 System.DirectoryServices.AccountManagement (S.DS.AM) 命名空间。在这里阅读所有相关内容：

基本上，您可以定义域上下文并轻松查找 AD 中的用户和/或组：

// set up domain context
PrincipalContext ctx = new PrincipalContext(ContextType.Domain);

// find a user
UserPrincipal user = UserPrincipal.FindByIdentity(ctx, "SomeUserName");

if(user != null)
{ 
   // get all roles for that user
   var roles = user.GetGroups();

   // set up two lists for each type of groups
   List<GroupPrincipal> securityGroups = new List<GroupPrincipal>();
   List<GroupPrincipal> distributionGroups = new List<GroupPrincipal>();

   // iterate over groups found
   foreach (Principal p in roles)
   {
       // cast to GroupPrincipal
       GroupPrincipal gp = (p as GroupPrincipal);

       if (gp != null)
       {
           // check whether it's a security group or a distribution group
           if (gp.IsSecurityGroup)
              securityGroups.Add(gp);
           else
              distributionGroups.Add(gp);
       }
    }
}

新的 S.DS.AM 使在 AD 中使用用户和组变得非常容易！

Since you're on .NET 3.5 and up, you should check out the System.DirectoryServices.AccountManagement (S.DS.AM) namespace. Read all about it here:

Basically, you can define a domain context and easily find users and/or groups in AD:

// set up domain context
PrincipalContext ctx = new PrincipalContext(ContextType.Domain);

// find a user
UserPrincipal user = UserPrincipal.FindByIdentity(ctx, "SomeUserName");

if(user != null)
{ 
   // get all roles for that user
   var roles = user.GetGroups();

   // set up two lists for each type of groups
   List<GroupPrincipal> securityGroups = new List<GroupPrincipal>();
   List<GroupPrincipal> distributionGroups = new List<GroupPrincipal>();

   // iterate over groups found
   foreach (Principal p in roles)
   {
       // cast to GroupPrincipal
       GroupPrincipal gp = (p as GroupPrincipal);

       if (gp != null)
       {
           // check whether it's a security group or a distribution group
           if (gp.IsSecurityGroup)
              securityGroups.Add(gp);
           else
              distributionGroups.Add(gp);
       }
    }
}

The new S.DS.AM makes it really easy to play around with users and groups in AD!

回复收藏 0 原文

~没有更多了~