当前位置: 文江博客话题详情

如何在 AD 中查找属于某个组的用户,并获取他们的 SAMAccountName 和 SID?

发布于 2024-12-19 03:51:37 字数 918 浏览 0 评论 0原文

我只希望用户能够在文本框中输入组名,并仅返回他们的登录名和 SID。

到目前为止,我已经有了这个,并且加载了组中的用户,但我不确定如何提取登录名和 SID。

 SearchResult result;
            DirectorySearcher search = new DirectorySearcher();
            search.Filter = String.Format("(cn={0})", txtGroup.Text);
            search.PropertiesToLoad.Add("member");
            search.PropertiesToLoad.Add("cn");
            search.PropertiesToLoad.Add("objectGUID");
            result = search.FindOne();


            StringBuilder userNames = new StringBuilder();
            if (result != null)
            {
                for (int counter = 0; counter <
                result.Properties["member"].Count; counter++)
                {
                    string user = (string)result.Properties["member"][counter];
                    userNames.AppendLine(user);

                }
            }
            lblResults.Text = userNames.ToString();
原文

I just want a user to be able to type in a group name in a textbox, and return just their login name and their SID.

So far i have this, and that loads the users in the group but im unsure how to extract the login and SID.

 SearchResult result;
            DirectorySearcher search = new DirectorySearcher();
            search.Filter = String.Format("(cn={0})", txtGroup.Text);
            search.PropertiesToLoad.Add("member");
            search.PropertiesToLoad.Add("cn");
            search.PropertiesToLoad.Add("objectGUID");
            result = search.FindOne();


            StringBuilder userNames = new StringBuilder();
            if (result != null)
            {
                for (int counter = 0; counter <
                result.Properties["member"].Count; counter++)
                {
                    string user = (string)result.Properties["member"][counter];
                    userNames.AppendLine(user);

                }
            }
            lblResults.Text = userNames.ToString();

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

木落 2024-12-26 03:51:37

包含 SID 的属性称为 objectSid,包含登录名的属性为 sAMAccountName(对于 NT4 兼容版本)和 userPrincipalName。你最好听从@Vikkunen 的建议。

static void Main(string[] args)
{
  /* Connection to Active Directory
   */
  DirectoryEntry deBase = new DirectoryEntry("LDAP://192.168.183.138:389/dc=societe,dc=fr", "administrateur", "pwd");

  /* Directory Search
   */
  DirectorySearcher dsLookForGrp = new DirectorySearcher(deBase);
  dsLookForGrp.Filter = String.Format("(cn={0})", "yourgroup");
  dsLookForGrp.SearchScope = SearchScope.Subtree;
  dsLookForGrp.PropertiesToLoad.Add("distinguishedName");
  SearchResult srcGrp = dsLookForGrp.FindOne();

  /* Directory Search
   */
  DirectorySearcher dsLookForUsers = new DirectorySearcher(deBase);
  dsLookForUsers.Filter = String.Format("(&(objectCategory=person)(memberOf={0}))", srcGrp.Properties["distinguishedName"][0]);
  dsLookForUsers.SearchScope = SearchScope.Subtree;
  dsLookForUsers.PropertiesToLoad.Add("objectSid");
  dsLookForUsers.PropertiesToLoad.Add("userPrincipalName  ");
  dsLookForUsers.PropertiesToLoad.Add("sAMAccountName");
  SearchResultCollection srcLstUsers = dsLookForUsers.FindAll();

  foreach (SearchResult sruser in srcLstUsers)
  {
    Console.WriteLine("{0}", sruser.Path);

    SecurityIdentifier sid = new SecurityIdentifier((byte[])   sruser.Properties["objectSid"][0], 0);
    Console.WriteLine(sid.ToString());    

    foreach (string property in sruser.Properties.PropertyNames)
    {
      Console.WriteLine("\t{0} : {1} ", property, sruser.Properties[property][0]);
    }
  }
}

The propertie wich contains SID is called objectSid, and the propertie wich contain th login is sAMAccountName for the NT4 compatible version and userPrincipalName. You'd better work with @Virkkunen advice.

static void Main(string[] args)
{
  /* Connection to Active Directory
   */
  DirectoryEntry deBase = new DirectoryEntry("LDAP://192.168.183.138:389/dc=societe,dc=fr", "administrateur", "pwd");

  /* Directory Search
   */
  DirectorySearcher dsLookForGrp = new DirectorySearcher(deBase);
  dsLookForGrp.Filter = String.Format("(cn={0})", "yourgroup");
  dsLookForGrp.SearchScope = SearchScope.Subtree;
  dsLookForGrp.PropertiesToLoad.Add("distinguishedName");
  SearchResult srcGrp = dsLookForGrp.FindOne();

  /* Directory Search
   */
  DirectorySearcher dsLookForUsers = new DirectorySearcher(deBase);
  dsLookForUsers.Filter = String.Format("(&(objectCategory=person)(memberOf={0}))", srcGrp.Properties["distinguishedName"][0]);
  dsLookForUsers.SearchScope = SearchScope.Subtree;
  dsLookForUsers.PropertiesToLoad.Add("objectSid");
  dsLookForUsers.PropertiesToLoad.Add("userPrincipalName  ");
  dsLookForUsers.PropertiesToLoad.Add("sAMAccountName");
  SearchResultCollection srcLstUsers = dsLookForUsers.FindAll();

  foreach (SearchResult sruser in srcLstUsers)
  {
    Console.WriteLine("{0}", sruser.Path);

    SecurityIdentifier sid = new SecurityIdentifier((byte[])   sruser.Properties["objectSid"][0], 0);
    Console.WriteLine(sid.ToString());    

    foreach (string property in sruser.Properties.PropertyNames)
    {
      Console.WriteLine("\t{0} : {1} ", property, sruser.Properties[property][0]);
    }
  }
}
回复 原文
蓦然回首 2024-12-26 03:51:37

我认为如果您反转查询,效果会更好:

(&(objectClass=user)(memberOf={0}))

这样您就可以使用 FindAll 直接获取用户列表。不要忘记将 sAMAccountName 等添加到 PropertiesToLoad 中。

I think it would work better if you reverse your query:

(&(objectClass=user)(memberOf={0}))

This way you'll directly get back a list of users by using FindAll. Don't forget to add sAMAccountName etc into PropertiesToLoad.

回复 原文
~没有更多了~

关于作者

也只是曾经

暂无简介

文章
评论
25 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

琉璃梦幻

文章 0 评论 0

qq_4zWU6L

文章 0 评论 0

话少情深

文章 0 评论 0

西西弗的石头怪

文章 0 评论 0

彻夜缠绵

文章 0 评论 0

千寻…

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文