从Active Directory获取用户的组成员 [英] Get a user's group memberships from Active Directory

问题描述

我怎么能大约从公元得到一个用户的组成员，preferably使用相同的模式，因为我用它来获取用户的部门属性，如下面？我已经发现了几个例子，但所有的实施例的技术的交叉集是相当小的，并且缺少这种处查询的气密性和简单性：

  VAR广告服务器= ConfigurationManager.AppSettings [广告服务器]？ localhost的;
        VAR remoteRo​​ot =新的DirectoryEntry（GetRootPath（广告服务器））;
        VAR搜索=新DirectorySearcher从（remoteRo​​ot，的String.Format（（SAM帐户名= {0}），shortUserName））;

        sea​​rcher.PropertiesToLoad.Add（部）;
        信息搜索结果的结果= NULL;
        结果= searcher.FindOne（）;
 

解决方案

您在.NET 3.5？如果是这样，这是非常容易的：

  PrincipalContext CTX =新PrincipalContext（ContextType.Domain，YOURDOMAIN）;

字符串username =yourUser;

UserPrincipal用户= UserPrincipal.FindByIdentity（CTX，用户名）;

PrincipalSearchResult＆LT;主＆GT;结果= user.GetAuthorizationGroups（）;
 

找到你的用户，然后调用 .GetAuthorizationGroups（）你的用户主体 - 返回用户所属的，包括他的主要组的所有组和任何嵌套组成员身份。

看看这个 MSDN文章新善良的.NET 3.5，当涉及到处理AD。

在.NET 2.0中，事情很多混乱......

How can I about getting a user's group memberships from AD, preferably using the same pattern as I use to get the user's Department property, as below? I have found several examples, but the intersecting set of all example techniques is quite small, and lacks the tightness and simplicity of this Department query:

        var adServer = ConfigurationManager.AppSettings["adServer"] ?? "localhost";
        var remoteRoot = new DirectoryEntry(GetRootPath(adServer));
        var searcher = new DirectorySearcher(remoteRoot, string.Format("(SAMAccountName={0})", shortUserName));

        searcher.PropertiesToLoad.Add("Department");
        SearchResult result = null;
        result = searcher.FindOne();

解决方案

Are you on .NET 3.5 ? If so, it's very easy:

PrincipalContext ctx = new PrincipalContext(ContextType.Domain, "YOURDOMAIN");

string userName = "yourUser";

UserPrincipal user = UserPrincipal.FindByIdentity(ctx, userName);

PrincipalSearchResult<Principal> results = user.GetAuthorizationGroups();

Find your user, and then call the .GetAuthorizationGroups() on your user principal - that returns all groups the user belongs to, including his primary group, and any nested group memberships.

Check out this MSDN article for more new goodness in .NET 3.5 when it comes to dealing with AD.

In .NET 2.0, things are a lot messier...

这篇关于从Active Directory获取用户的组成员的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！