获取用户Acctive Directory组 [英] Get users from Acctive Directory Group
问题描述
我创建了一个Active Directory域名ADDOMAIN2有一组名为CommonUsers具有8个用户。但是当我做一个搜索目录中的用户组CommonUsers返回结果为零。她是我的code
DirectorySearcher从搜索=新DirectorySearcher从();
的DirectoryEntry的DirectoryEntry =新的DirectoryEntry(的String.Format(LDAP:// {0},ADDOMAIN2),管理员,P @ US $ w0rd);
字符串dnPath = directoryEntry.Properties [的distinguishedName] Value.ToString()。
//字符串路径=的String.Format(LDAP:// {0} / {1} {2},ADDOMAIN2,,dnPath);
字符串路径=LDAP:// ADDOMAIN2 / CN = CommonUsers,DC = ADDomain2,DC = ADDomain01,DC = WaveDomain;
directoryEntry.Path =路径;
searcher.SearchRoot =的DirectoryEntry;
searcher.Filter =(及(objectCategory属性=人)(objectClass的=用户));
SearchResultCollection RS = searcher.FindAll();
任何想法有什么不对吗?
感谢名单
解决方案DirectorySearcher从不是用来寻找一组内的用户
在大多数情况下,你可以找到它的成员属性中的AD组的用户对象。要注意的是AD组可以包含的组或用户。所以,一些entres的有可能是基团。在某些情况下,该成员属性不包含AD组也没有,它包含外部安全主体AD用户。出现这种情况,如果您的用户从其他林来了。主要组也不同的处理。即使是域用户是大多数用户的主组的AD,其成员属性不包含在所有的事情。有迹象表明,使列举的AD组对象真的很难了很多其他的怪事。
幸运的是,在.NET 3.5中,微软提供了一些有用的类中做肮脏的工作,为你的框架。请查看 System.DirectoryServices.AccountManagement
要得到一些简单的例子,你可以看看这个$ C $的CProject 文章
您code应该是这样的。
PrincipalContext上下文=新PrincipalContext(ContextType.Domain,yourdomain.com);
GroupPrincipal groupPrincipal = GroupPrincipal.FindByIdentity(背景下,IdentityType.SamAccountName,域用户);
的foreach(在groupPrincipal.GetMembers校长校长(假))
{
Console.Out.WriteLine(principal.DistinguishedName);
}
Console.In.ReadLine();
I created an Active Directory domain name 'ADDOMAIN2' having a group name "CommonUsers" having 8 users. but when I do a Directory Search for users in group "CommonUsers" it returns zero result. hers is my code
DirectorySearcher searcher = new DirectorySearcher();
DirectoryEntry directoryEntry = new DirectoryEntry(string.Format("LDAP://{0}", "ADDOMAIN2"), "Administrator", "p@S$w0rd");
string dnPath = directoryEntry.Properties["distinguishedName"].Value.ToString();
// string path = string.Format("LDAP://{0}/{1}{2}", "ADDOMAIN2", "", dnPath);
string path = "LDAP://ADDOMAIN2/CN=CommonUsers,DC=ADDomain2,DC=ADDomain01,DC=WaveDomain";
directoryEntry.Path = path;
searcher.SearchRoot = directoryEntry;
searcher.Filter = "(&(objectCategory=person)(objectClass=user))";
SearchResultCollection rs = searcher.FindAll();
Any Idea what is wrong here?
Thanx
DirectorySearcher is not used to find users inside a group. It's used to find objects under a base path. Since there is no user objects placed under your AD group object, you won't find anything.
In most cases, you can find the user objects in an AD group from its member attribute. Beware that AD group can contain either group or user. So, some of the entres there may be group. In some cases, the member attribute does not contain AD group nor AD user, it's containing a Foreign Security Principal. This happens if your user is coming from another forest. The primary group is also handled differently. Even "Domain User" is primary group of most of the users in AD, its member attribute doesn't contain anything at all. There are a lot other oddities that makes enumerating an AD group object really hard.
Fortunately, in .NET 3.5, Microsoft provides some useful classes in the framework to do the dirty work for you. Check out System.DirectoryServices.AccountManagement
To get some quick examples, you can check out this codeproject article
Your code should be something like this.
PrincipalContext context = new PrincipalContext(ContextType.Domain, "yourdomain.com");
GroupPrincipal groupPrincipal = GroupPrincipal.FindByIdentity(context, IdentityType.SamAccountName, "Domain Users");
foreach (Principal principal in groupPrincipal.GetMembers(false))
{
Console.Out.WriteLine(principal.DistinguishedName);
}
Console.In.ReadLine();
这篇关于获取用户Acctive Directory组的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
