如何检索用户在一组，包括小学组用户 [英] How to retrieve Users in a Group, including primary group users

问题描述

我工作在.NET 2.0和需要找回某个广告组的所有用户。我有一个不返回该组的所有成员下面的方法，但它不返回具有传递组作为主要的用户群。什么我需要做的就是这些用户包括在内？

  ///＆LT;总结＆gt;
///获取该组孩子的用户。
///＆LT; /总结＆gt;
///＆LT; PARAM NAME =parentGroup＆gt;在母集团＆LT; /参数＆GT;
///＆LT;返回＆GT;＆LT; /回报＆GT;
公开名单＆LT; ADUser便有＆GT; GetGroupChildUsers（广告组parentGroup）
{
    名单＆LT; ADUser便有＆GT;名单=新的名单，其中，ADUser便有＆GT;（）;

    的DirectoryEntry条目= GetDirectoryEntry（LdapBaseString）;

    DirectorySearcher从搜索=新DirectorySearcher从（输入）;
    sea​​rcher.Filter =的String.Format（（及（objectCategory属性=人）（的memberOf = {0}）），parentGroup.DN）;

    sea​​rcher.PropertiesToLoad.Add（的objectGUID）;
    sea​​rcher.SizeLimit = MaxReturnCount;

    SearchResultCollection结果= searcher.FindAll（）;

    的foreach（信息搜索结果导致的结果）{
        GUID GUID =新的GUID（（字节[]）result.Properties [的objectGUID] [0]）;
        list.Add（GetUserByGuid（GUID））;
    }

    如果（list.Count＆所述; = 0）{
        返回null;
    } 其他 {
        返回列表;
    }
}
 

解决方案

用户的主要组是由用户的 primaryGroupID 属性给出。事实上 primaryGroupID 包含RID的字符串格式的主组。这就是为什么，我先帮你寻找的用户组的SID，那么我计算（不好）的RID，我搜索用户提供了 primaryGroupID 包含RID

  / *连接到Active Directory
 * /
的DirectoryEntry贬低=新的DirectoryEntry（LDAP：// WM2008R2ENT：389 / DC = DOM，DC = FR）;

/ *目录搜索agroup
 * /
字符串givenGrpName =MonGrpSec;
DirectorySearcher从dsLookFor =新DirectorySearcher从（贬低）;
dsLookFor.Filter =的String.Format（（sAMAccountName赋= {0}），givenGrpName）;
dsLookFor.SearchScope = SearchScope.Subtree;
dsLookFor.PropertiesToLoad.Add（CN）;
dsLookFor.PropertiesToLoad.Add（的objectSID）;

信息搜索结果srcGrp = dsLookFor.FindOne（）;

/ *获取SID
 * /
的SecurityIdentifier secId =新的SecurityIdentifier（srcGrp.Properties [的objectSID] [0]作为字节[]，0）;

/ *查找的RID（肯定存在一个最好的方法）
 * /
正则表达式REGRID =新的正则表达式（@^ S *  - （\ d +）$）;
比赛matchRID = regRID.Match（secId.Value）;
字符串SRID = matchRID.Groups [1] .value的;

/ *电话号码簿搜索用户具有特定主组
 * /
DirectorySearcher从dsLookForUsers =新DirectorySearcher从（贬低）;
dsLookForUsers.Filter =的String.Format（（primaryGroupID = {0}），SRID）;
dsLookForUsers.SearchScope = SearchScope.Subtree;
dsLookForUsers.PropertiesToLoad.Add（CN）;

SearchResultCollection srcUsers = dsLookForUsers.FindAll（）;

的foreach（在srcUsers信息搜索结果的用户）
{
  Console.WriteLine（{0} {1}的主组，givenGrpName，user.Properties [CN] [0]）;
}
 

I'm working in .net 2.0 and need to retrieve all the users of a given AD group. I have the following method that does return all the members of the group, but it does not return users that have the passed group as their primary group. What do I need to do to get those users included as well?

/// <summary>
/// Gets the group child users.
/// </summary>
/// <param name="parentGroup">The parent group.</param>
/// <returns></returns>
public List<ADUser> GetGroupChildUsers(ADGroup parentGroup)
{
    List<ADUser> list = new List<ADUser>();

    DirectoryEntry entry = GetDirectoryEntry(LdapBaseString);

    DirectorySearcher searcher = new DirectorySearcher(entry);
    searcher.Filter = string.Format("(&(objectCategory=person)(memberOf={0}))", parentGroup.DN);

    searcher.PropertiesToLoad.Add("objectGUID");
    searcher.SizeLimit = MaxReturnCount;

    SearchResultCollection results = searcher.FindAll();

    foreach (SearchResult result in results) {
        Guid guid = new Guid((byte[])result.Properties["objectGUID"][0]);
        list.Add(GetUserByGuid(guid));
    }

    if (list.Count <= 0) {
        return null;
    } else {
        return list;
    }
}

解决方案

The primary group of a user is given by primaryGroupID attribute of a user. In fact primaryGroupID contains the RID of the primary group in a string format. That's why, I first get the SID of the group you are looking for users, then I compute (badly) the RID, and I search for users with a primaryGroupID containing the RID.

/* Connection to Active Directory
 */
DirectoryEntry deBase = new DirectoryEntry("LDAP://WM2008R2ENT:389/dc=dom,dc=fr");

/* Directory Search for agroup
 */
string givenGrpName = "MonGrpSec"; 
DirectorySearcher dsLookFor = new DirectorySearcher(deBase);
dsLookFor.Filter = string.Format ("(sAMAccountName={0})", givenGrpName);
dsLookFor.SearchScope = SearchScope.Subtree;
dsLookFor.PropertiesToLoad.Add("cn");
dsLookFor.PropertiesToLoad.Add("objectSid");

SearchResult srcGrp = dsLookFor.FindOne();

/* Get the SID
 */
SecurityIdentifier secId = new SecurityIdentifier(srcGrp.Properties["objectSid"][0] as byte[], 0);

/* Find The RID (sure exists a best method)
 */
Regex regRID = new Regex(@"^S.*-(\d+)$");
Match matchRID =  regRID.Match(secId.Value);
string sRID = matchRID.Groups[1].Value;

/* Directory Search for users that has a particular primary group
 */
DirectorySearcher dsLookForUsers = new DirectorySearcher(deBase);
dsLookForUsers.Filter = string.Format("(primaryGroupID={0})", sRID);
dsLookForUsers.SearchScope = SearchScope.Subtree;
dsLookForUsers.PropertiesToLoad.Add("cn");

SearchResultCollection srcUsers = dsLookForUsers.FindAll();

foreach (SearchResult user in srcUsers)
{
  Console.WriteLine("{0} is the primary group of {1}", givenGrpName, user.Properties["cn"][0]);
}

这篇关于如何检索用户在一组，包括小学组用户的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！